CVS import: src/crypto/external/bsd/openssl/dist/test
Module Name:src Committed By: christos Date: Tue Feb 13 14:46:39 UTC 2018 Update of /cvsroot/src/crypto/external/bsd/openssl/dist/test In directory ivanova.netbsd.org:/tmp/cvs-serv18120 Log Message: add missing tests Status: Vendor Tag: OPENSSL Release Tags: openssl-1-1-0g U src/crypto/external/bsd/openssl/dist/test/constant_time_test.c U src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c U src/crypto/external/bsd/openssl/dist/test/heartbeat_test.c No conflicts created by this import
CVS import: src/crypto/external/bsd/openssl/dist/test
Module Name:src Committed By: christos Date: Tue Feb 13 14:45:54 UTC 2018 Update of /cvsroot/src/crypto/external/bsd/openssl/dist/test In directory ivanova.netbsd.org:/tmp/cvs-serv11416 Log Message: add missing tests Status: Vendor Tag: OPENSSL Release Tags: openssl-1-1-0g No conflicts created by this import
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Fri Jan 27 22:58:25 UTC 2017 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv18440 Log Message: import of OpenSSL 1.0.2k Upstream changelog: Changes between 1.0.2j and 1.0.2k [26 Jan 2017] *) Truncated packet could crash via OOB read If one side of an SSL/TLS path is running on a 32-bit host and a specific cipher is being used, then a truncated packet can cause that host to perform an out-of-bounds read, usually resulting in a crash. This issue was reported to OpenSSL by Robert Święcki of Google. (CVE-2017-3731) [Andy Polyakov] *) BN_mod_exp may produce incorrect results on x86_64 There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. This issue was reported to OpenSSL by the OSS-Fuzz project. (CVE-2017-3732) [Andy Polyakov] *) Montgomery multiplication may produce incorrect results There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected. This issue was publicly reported as transient failures and was not initially recognized as a security issue. Thanks to Richard Morgan for providing reproducible case. (CVE-2016-7055) [Andy Polyakov] *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0 or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to prevent issues where no progress is being made and the peer continually sends unrecognised record types, using up resources processing them. [Matt Caswell] Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-2k U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/appveyor.yml U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay C src/crypto/external/bsd/openssl/dist/CHANGES C src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/CONTRIBUTING U src/crypto/external/bsd/openssl/dist/GitConfigure U src/crypto/external/bsd/openssl/dist/e_os2.h U src/crypto/external/bsd/openssl/dist/e_os.h U src/crypto/external/bsd/openssl/dist/GitMake U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE C src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U src/crypto/external/bsd/openssl/dist/Makefile.org U src/crypto/external/bsd/openssl/dist/makevms.com U src/crypto/external/bsd/openssl/dist/PROBLEMS C
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Fri Oct 14 16:07:29 UTC 2016 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv15362 Log Message: Import of OpenSSL 1.0.2j. The 1.0.2 branch of OpenSSL is the current long term support branch. Differences between 1.0.1 and 1.0.2: o Suite B support for TLS 1.2 and DTLS 1.2 o Support for DTLS 1.2 o TLS automatic EC curve selection. o API to set TLS supported signature algorithms and curves o SSL_CONF configuration API. o TLS Brainpool support. o ALPN support. o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. Security fixes from the previous version (1.0.1t) in NetBSD: o OCSP Status Request extension unbounded memory growth (CVE-2016-6304) o SWEET32 Mitigation (CVE-2016-2183) o OOB write in MDC2_Update() (CVE-2016-6303) o Malformed SHA512 ticket DoS (CVE-2016-6302) o OOB write in BN_bn2dec() (CVE-2016-2182) o OOB read in TS_OBJ_print_bio() (CVE-2016-2180) o Pointer arithmetic undefined behaviour (CVE-2016-2177) o Constant time flag not preserved in DSA signing (CVE-2016-2178) o DTLS buffered message DoS (CVE-2016-2179) o DTLS replay protection DoS (CVE-2016-2181) o Certificate message OOB reads (CVE-2016-6306) Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-2j U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/appveyor.yml U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay C src/crypto/external/bsd/openssl/dist/CHANGES C src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/CONTRIBUTING N src/crypto/external/bsd/openssl/dist/GitConfigure U src/crypto/external/bsd/openssl/dist/e_os2.h C src/crypto/external/bsd/openssl/dist/e_os.h N src/crypto/external/bsd/openssl/dist/GitMake U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE C src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U src/crypto/external/bsd/openssl/dist/Makefile.org C src/crypto/external/bsd/openssl/dist/makevms.com U src/crypto/external/bsd/openssl/dist/PROBLEMS C src/crypto/external/bsd/openssl/dist/NEWS U src/crypto/external/bsd/openssl/dist/README.ENGINE U src/crypto/external/bsd/openssl/dist/openssl.doxy C src/crypto/external/bsd/openssl/dist/openssl.spec C src/crypto/external/bsd/openssl/dist/README U src/crypto/external/bsd/openssl/dist/README.ASN1 U src/crypto/external/bsd/openssl/dist/apps/app_rand.c U src/crypto/external/bsd/openssl/dist/apps/apps.c U src/crypto/external/bsd/openssl/dist/apps/apps.h U src/crypto/external/bsd/openssl/dist/apps/asn1pars.c C src/crypto/external/bsd/openssl/dist/apps/ca.c U src/crypto/external/bsd/openssl/dist/apps/ca-cert.srl U src/crypto/external/bsd/openssl/dist/apps/CA.com U src/crypto/external/bsd/openssl/dist/apps/ca-key.pem C src/crypto/external/bsd/openssl/dist/apps/CA.pl U src/crypto/external/bsd/openssl/dist/apps/CA.pl.in U src/crypto/external/bsd/openssl/dist/apps/ca-req.pem U src/crypto/external/bsd/openssl/dist/apps/CA.sh U src/crypto/external/bsd/openssl/dist/apps/cert.pem U src/crypto/external/bsd/openssl/dist/apps/ciphers.c U src/crypto/external/bsd/openssl/dist/apps/client.pem U src/crypto/external/bsd/openssl/dist/apps/cms.c U src/crypto/external/bsd/openssl/dist/apps/crl2p7.c U src/crypto/external/bsd/openssl/dist/apps/crl.c U src/crypto/external/bsd/openssl/dist/apps/dh1024.pem U src/crypto/external/bsd/openssl/dist/apps/dgst.c U src/crypto/external/bsd/openssl/dist/apps/install-apps.com U src/crypto/external/bsd/openssl/dist/apps/dh2048.pem U src/crypto/external/bsd/openssl/dist/apps/dh4096.pem U src/crypto/external/bsd/openssl/dist/apps/dh512.pem U src/crypto/external/bsd/openssl/dist/apps/dh.c U src/crypto/external/bsd/openssl/dist/apps/dhparam.c U src/crypto/external/bsd/openssl/dist/apps/dsa1024.pem U src/crypto/external/bsd/openssl/dist/apps/dsa512.pem U src/crypto/external/bsd/openssl/dist/apps/dsa.c U src/crypto/external/bsd/openssl/dist/apps/dsa-ca.pem U src/crypto/external/bsd/openssl/dist/apps/dsaparam.c U src/crypto/external/bsd/openssl/dist/apps/dsa-pca.pem U src/crypto/external/bsd/openssl/dist/apps/dsap.pem U src/crypto/external/bsd/openssl/dist/apps/ec.c U
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: christos Date: Tue May 3 17:11:18 UTC 2016 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv21908 Log Message: Security fixes: *) Prevent padding oracle in AES-NI CBC MAC check A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. This issue was introduced as part of the fix for Lucky 13 padding attack (CVE-2013-0169). The padding check was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes. This issue was reported by Juraj Somorovsky using TLS-Attacker. (CVE-2016-2107) [Kurt Roeckx] *) Fix EVP_EncodeUpdate overflow An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by the PEM_write_bio* family of functions. These are mainly used within the OpenSSL command line applications, so any application which processes data from an untrusted source and outputs it as a PEM file should be considered vulnerable to this issue. User applications that call these APIs directly with large amounts of untrusted data may also be vulnerable. This issue was reported by Guido Vranken. (CVE-2016-2105) [Matt Caswell] *) Fix EVP_EncryptUpdate overflow An overflow can occur in the EVP_EncryptUpdate() function. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. Following an analysis of all OpenSSL internal usage of the EVP_EncryptUpdate() function all usage is one of two forms. The first form is where the EVP_EncryptUpdate() call is known to be the first called function after an EVP_EncryptInit(), and therefore that specific call must be safe. The second form is where the length passed to EVP_EncryptUpdate() can be seen from the code to be some small value and therefore there is no possibility of an overflow. Since all instances are one of these two forms, it is believed that there can be no overflows in internal code due to this problem. It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths. Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances of these calls have also been analysed too and it is believed there are no instances in internal usage where an overflow could occur. This issue was reported by Guido Vranken. (CVE-2016-2106) [Matt Caswell] *) Prevent ASN.1 BIO excessive memory allocation When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. Any application parsing untrusted data through d2i BIO functions is affected. The memory based functions such as d2i_X509() are *not* affected. Since the memory based functions are used by the TLS library, TLS applications are not affected. This issue was reported by Brian Carpenter. (CVE-2016-2109) [Stephen Henson] *) EBCDIC overread ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. This issue was reported by Guido Vranken. (CVE-2016-2176) [Matt Caswell] *) Modify behavior of ALPN to invoke callback after SNI/servername callback, such that updates to the SSL_CTX affect ALPN. [Todd Short] *) Remove LOW from the DEFAULT cipher list. This removes singles DES from the default. [Kurt Roeckx] *) Only remove the SSLv2 methods with the no-ssl2-method option. When the methods are enabled and ssl2 is disabled the methods return NULL. [Kurt Roeckx] Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-1t U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/appveyor.yml U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay C src/crypto/external/bsd/openssl/dist/CHANGES U src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/FAQ U
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: christos Date: Tue Mar 1 21:01:07 UTC 2016 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv17290 Log Message: OpenSSL Security Advisory [1st March 2016] = NOTE: With this update, OpenSSL is disabling the SSLv2 protocol by default, as well as removing SSLv2 EXPORT ciphers. We strongly advise against the use of SSLv2 due not only to the issues described below, but to the other known deficiencies in the protocol as described at https://tools.ietf.org/html/rfc6176 Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) Severity: High A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN (CVE-2016-0800). Recovering one session key requires the attacker to perform approximately 2^50 computation, as well as thousands of connections to the affected server. A more efficient variant of the DROWN attack exists against unpatched OpenSSL servers using versions that predate 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf released on 19/Mar/2015 (see CVE-2016-0703 below). Users can avoid this issue by disabling the SSLv2 protocol in all their SSL/TLS servers, if they've not done so already. Disabling all SSLv2 ciphers is also sufficient, provided the patches for CVE-2015-3197 (fixed in OpenSSL 1.0.1r and 1.0.2f) have been deployed. Servers that have not disabled the SSLv2 protocol, and are not patched for CVE-2015-3197 are vulnerable to DROWN even if all SSLv2 ciphers are nominally disabled, because malicious clients can force the use of SSLv2 with EXPORT ciphers. OpenSSL 1.0.2g and 1.0.1s deploy the following mitigation against DROWN: SSLv2 is now by default disabled at build-time. Builds that are not configured with "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of: SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2); as appropriate. Even if either of those is used, or the application explicitly uses the version-specific SSLv2_method() or its client or server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2 56-bit DES are no longer available. In addition, weak ciphers in SSLv3 and up are now disabled in default builds of OpenSSL. Builds that are not configured with "enable-weak-ssl-ciphers" will not provide any "EXPORT" or "LOW" strength ciphers. OpenSSL 1.0.2 users should upgrade to 1.0.2g OpenSSL 1.0.1 users should upgrade to 1.0.1s This issue was reported to OpenSSL on December 29th 2015 by Nimrod Aviram and Sebastian Schinzel. The fix was developed by Viktor Dukhovni and Matt Caswell of OpenSSL. Double-free in DSA code (CVE-2016-0705) === Severity: Low A double free bug was discovered when OpenSSL parses malformed DSA private keys and could lead to a DoS attack or memory corruption for applications that receive DSA private keys from untrusted sources. This scenario is considered rare. This issue affects OpenSSL versions 1.0.2 and 1.0.1. OpenSSL 1.0.2 users should upgrade to 1.0.2g OpenSSL 1.0.1 users should upgrade to 1.0.1s This issue was reported to OpenSSL on February 7th 2016 by Adam Langley (Google/BoringSSL) using libFuzzer. The fix was developed by Dr Stephen Henson of OpenSSL. Memory leak in SRP database lookups (CVE-2016-0798) === Severity: Low The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory management semantics; the returned pointer was sometimes newly allocated, and sometimes owned by the callee. The calling code has no way of distinguishing these two cases. Specifically, SRP servers that configure a secret seed to hide valid login information are vulnerable to a memory leak: an attacker connecting with an invalid username can cause a memory leak of around 300 bytes per connection. Servers that do not configure SRP, or configure SRP but do not configure a seed are not vulnerable. In Apache, the seed directive is known as SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note that OpenSSL makes no strong
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: christos Date: Sat Jan 30 16:56:19 UTC 2016 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv16684 Log Message: OpenSSL CHANGES ___ Changes between 1.0.1q and 1.0.1r [28 Jan 2016] *) Protection for DH small subgroup attacks As a precautionary measure the SSL_OP_SINGLE_DH_USE option has been switched on by default and cannot be disabled. This could have some performance impact. [Matt Caswell] *) SSLv2 doesn't block disabled ciphers A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram and Sebastian Schinzel. (CVE-2015-3197) [Viktor Dukhovni] *) Reject DH handshakes with parameters shorter than 1024 bits. [Kurt Roeckx] Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-1r U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/appveyor.yml U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay C src/crypto/external/bsd/openssl/dist/CHANGES C src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/CONTRIBUTING U src/crypto/external/bsd/openssl/dist/e_os2.h U src/crypto/external/bsd/openssl/dist/e_os.h U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE C src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U src/crypto/external/bsd/openssl/dist/Makefile.org U src/crypto/external/bsd/openssl/dist/makevms.com U src/crypto/external/bsd/openssl/dist/PROBLEMS C src/crypto/external/bsd/openssl/dist/NEWS U src/crypto/external/bsd/openssl/dist/README.ENGINE U src/crypto/external/bsd/openssl/dist/openssl.doxy C src/crypto/external/bsd/openssl/dist/openssl.spec C src/crypto/external/bsd/openssl/dist/README U src/crypto/external/bsd/openssl/dist/README.ASN1 U src/crypto/external/bsd/openssl/dist/apps/app_rand.c U src/crypto/external/bsd/openssl/dist/apps/apps.c U src/crypto/external/bsd/openssl/dist/apps/apps.h U src/crypto/external/bsd/openssl/dist/apps/asn1pars.c U src/crypto/external/bsd/openssl/dist/apps/ca.c U src/crypto/external/bsd/openssl/dist/apps/ca-cert.srl U src/crypto/external/bsd/openssl/dist/apps/CA.com U src/crypto/external/bsd/openssl/dist/apps/ca-key.pem U src/crypto/external/bsd/openssl/dist/apps/CA.pl U src/crypto/external/bsd/openssl/dist/apps/CA.pl.in U src/crypto/external/bsd/openssl/dist/apps/ca-req.pem U src/crypto/external/bsd/openssl/dist/apps/CA.sh U src/crypto/external/bsd/openssl/dist/apps/cert.pem U src/crypto/external/bsd/openssl/dist/apps/ciphers.c U src/crypto/external/bsd/openssl/dist/apps/client.pem U src/crypto/external/bsd/openssl/dist/apps/cms.c U src/crypto/external/bsd/openssl/dist/apps/crl2p7.c U src/crypto/external/bsd/openssl/dist/apps/crl.c U src/crypto/external/bsd/openssl/dist/apps/dh1024.pem U src/crypto/external/bsd/openssl/dist/apps/dgst.c U src/crypto/external/bsd/openssl/dist/apps/install-apps.com U src/crypto/external/bsd/openssl/dist/apps/dh2048.pem U src/crypto/external/bsd/openssl/dist/apps/dh4096.pem U src/crypto/external/bsd/openssl/dist/apps/dh512.pem U src/crypto/external/bsd/openssl/dist/apps/dh.c U src/crypto/external/bsd/openssl/dist/apps/dhparam.c U src/crypto/external/bsd/openssl/dist/apps/dsa1024.pem U src/crypto/external/bsd/openssl/dist/apps/dsa512.pem U src/crypto/external/bsd/openssl/dist/apps/dsa.c U src/crypto/external/bsd/openssl/dist/apps/dsa-ca.pem U src/crypto/external/bsd/openssl/dist/apps/dsaparam.c U src/crypto/external/bsd/openssl/dist/apps/dsa-pca.pem U src/crypto/external/bsd/openssl/dist/apps/dsap.pem U src/crypto/external/bsd/openssl/dist/apps/ec.c U src/crypto/external/bsd/openssl/dist/apps/ecparam.c U src/crypto/external/bsd/openssl/dist/apps/enc.c U src/crypto/external/bsd/openssl/dist/apps/engine.c U src/crypto/external/bsd/openssl/dist/apps/errstr.c U src/crypto/external/bsd/openssl/dist/apps/gendh.c U src/crypto/external/bsd/openssl/dist/apps/gendsa.c U src/crypto/external/bsd/openssl/dist/apps/genpkey.c U src/crypto/external/bsd/openssl/dist/apps/genrsa.c U
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: christos Date: Sun Dec 6 21:45:59 UTC 2015 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv25079 Log Message: Import openssl-1.0.1q OpenSSL Security Advisory [3 Dec 2015] - Updated [4 Dec 2015] = [Updated 4 Dec 2015]: This advisory has been updated to include the details of CVE-2015-1794, a Low severity issue affecting OpenSSL 1.0.2 which had a fix included in the released packages but was missed from the advisory text. NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE 0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS. BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) == Severity: Moderate There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. This issue affects OpenSSL version 1.0.2. OpenSSL 1.0.2 users should upgrade to 1.0.2e This issue was reported to OpenSSL on August 13 2015 by Hanno B�ck. The fix was developed by Andy Polyakov of the OpenSSL development team. Certificate verify crash with missing PSS parameter (CVE-2015-3194) === Severity: Moderate The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. This issue affects OpenSSL versions 1.0.2 and 1.0.1. OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q This issue was reported to OpenSSL on August 27 2015 by Lo�c Jonas Etienne (Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL development team. X509_ATTRIBUTE memory leak (CVE-2015-3195) == Severity: Moderate When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q OpenSSL 1.0.0 users should upgrade to 1.0.0t OpenSSL 0.9.8 users should upgrade to 0.9.8zh This issue was reported to OpenSSL on November 9 2015 by Adam Langley (Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team. Race condition handling PSK identify hint (CVE-2015-3196) = Severity: Low If PSK identity hints are received by a multi-threaded client then the values are wrongly updated in the parent SSL_CTX structure. This can result in a race condition potentially leading to a double free of the identify hint data. This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0 and has not been previously fixed in an OpenSSL 1.0.0 release. OpenSSL 1.0.2 users should upgrade to 1.0.2d OpenSSL 1.0.1 users should upgrade to 1.0.1p OpenSSL 1.0.0 users should upgrade to 1.0.0t The fix for this issue can be identified in the OpenSSL git repository by commit ids 3c66a669dfc7 (1.0.2), d6be3124f228 (1.0.1) and 1392c238657e (1.0.0). The fix was developed by Dr. Stephen Henson of the OpenSSL development team. Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794) Severity: Low If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: christos Date: Thu Jul 9 14:15:45 UTC 2015 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv16998 Log Message: Import 1.0.1p to fix: *) Alternate chains certificate forgery During certificate verfification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and issue an invalid certificate. This issue was reported to OpenSSL by Adam Langley/David Benjamin (Google/BoringSSL). [Matt Caswell] Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-1p U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay C src/crypto/external/bsd/openssl/dist/CHANGES U src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/e_os2.h U src/crypto/external/bsd/openssl/dist/e_os.h U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE C src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U src/crypto/external/bsd/openssl/dist/Makefile.org U src/crypto/external/bsd/openssl/dist/makevms.com C src/crypto/external/bsd/openssl/dist/NEWS U src/crypto/external/bsd/openssl/dist/README.ENGINE U src/crypto/external/bsd/openssl/dist/openssl.doxy C src/crypto/external/bsd/openssl/dist/openssl.spec U src/crypto/external/bsd/openssl/dist/PROBLEMS C src/crypto/external/bsd/openssl/dist/README U src/crypto/external/bsd/openssl/dist/README.ASN1 U src/crypto/external/bsd/openssl/dist/apps/app_rand.c U src/crypto/external/bsd/openssl/dist/apps/apps.c U src/crypto/external/bsd/openssl/dist/apps/apps.h U src/crypto/external/bsd/openssl/dist/apps/asn1pars.c U src/crypto/external/bsd/openssl/dist/apps/ca.c U src/crypto/external/bsd/openssl/dist/apps/ca-cert.srl U src/crypto/external/bsd/openssl/dist/apps/CA.com U src/crypto/external/bsd/openssl/dist/apps/ca-key.pem U src/crypto/external/bsd/openssl/dist/apps/CA.pl U src/crypto/external/bsd/openssl/dist/apps/CA.pl.in U src/crypto/external/bsd/openssl/dist/apps/ca-req.pem U src/crypto/external/bsd/openssl/dist/apps/CA.sh U src/crypto/external/bsd/openssl/dist/apps/cert.pem U src/crypto/external/bsd/openssl/dist/apps/ciphers.c U src/crypto/external/bsd/openssl/dist/apps/client.pem U src/crypto/external/bsd/openssl/dist/apps/cms.c U src/crypto/external/bsd/openssl/dist/apps/crl2p7.c U src/crypto/external/bsd/openssl/dist/apps/crl.c U src/crypto/external/bsd/openssl/dist/apps/dh1024.pem U src/crypto/external/bsd/openssl/dist/apps/dgst.c U src/crypto/external/bsd/openssl/dist/apps/install-apps.com U src/crypto/external/bsd/openssl/dist/apps/dh2048.pem U src/crypto/external/bsd/openssl/dist/apps/dh4096.pem U src/crypto/external/bsd/openssl/dist/apps/dh512.pem U src/crypto/external/bsd/openssl/dist/apps/dh.c U src/crypto/external/bsd/openssl/dist/apps/dhparam.c U src/crypto/external/bsd/openssl/dist/apps/dsa1024.pem U src/crypto/external/bsd/openssl/dist/apps/dsa512.pem U src/crypto/external/bsd/openssl/dist/apps/dsa.c U src/crypto/external/bsd/openssl/dist/apps/dsa-ca.pem U src/crypto/external/bsd/openssl/dist/apps/dsaparam.c U src/crypto/external/bsd/openssl/dist/apps/dsa-pca.pem U src/crypto/external/bsd/openssl/dist/apps/dsap.pem U src/crypto/external/bsd/openssl/dist/apps/ec.c U src/crypto/external/bsd/openssl/dist/apps/ecparam.c U src/crypto/external/bsd/openssl/dist/apps/enc.c U src/crypto/external/bsd/openssl/dist/apps/engine.c U src/crypto/external/bsd/openssl/dist/apps/errstr.c U src/crypto/external/bsd/openssl/dist/apps/gendh.c U src/crypto/external/bsd/openssl/dist/apps/gendsa.c U src/crypto/external/bsd/openssl/dist/apps/genpkey.c U src/crypto/external/bsd/openssl/dist/apps/genrsa.c U src/crypto/external/bsd/openssl/dist/apps/makeapps.com U src/crypto/external/bsd/openssl/dist/apps/Makefile U src/crypto/external/bsd/openssl/dist/apps/openssl.c U src/crypto/external/bsd/openssl/dist/apps/nseq.c U src/crypto/external/bsd/openssl/dist/apps/ocsp.c U src/crypto/external/bsd/openssl/dist/apps/oid.cnf U
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: christos Date: Tue Jun 16 19:55:47 UTC 2015 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv17683 Log Message: Changes between 1.0.1n and 1.0.1o [12 Jun 2015] *) Fix HMAC ABI incompatibility. The previous version introduced an ABI incompatibility in the handling of HMAC. The previous ABI has now been restored. Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-1o U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay C src/crypto/external/bsd/openssl/dist/CHANGES U src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/e_os2.h U src/crypto/external/bsd/openssl/dist/e_os.h U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE C src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U src/crypto/external/bsd/openssl/dist/Makefile.org U src/crypto/external/bsd/openssl/dist/makevms.com C src/crypto/external/bsd/openssl/dist/NEWS U src/crypto/external/bsd/openssl/dist/README.ENGINE U src/crypto/external/bsd/openssl/dist/openssl.doxy C src/crypto/external/bsd/openssl/dist/openssl.spec U src/crypto/external/bsd/openssl/dist/PROBLEMS C src/crypto/external/bsd/openssl/dist/README U src/crypto/external/bsd/openssl/dist/README.ASN1 U src/crypto/external/bsd/openssl/dist/apps/app_rand.c U src/crypto/external/bsd/openssl/dist/apps/apps.c U src/crypto/external/bsd/openssl/dist/apps/apps.h U src/crypto/external/bsd/openssl/dist/apps/asn1pars.c U src/crypto/external/bsd/openssl/dist/apps/ca.c U src/crypto/external/bsd/openssl/dist/apps/ca-cert.srl U src/crypto/external/bsd/openssl/dist/apps/CA.com U src/crypto/external/bsd/openssl/dist/apps/ca-key.pem U src/crypto/external/bsd/openssl/dist/apps/CA.pl U src/crypto/external/bsd/openssl/dist/apps/CA.pl.in U src/crypto/external/bsd/openssl/dist/apps/ca-req.pem U src/crypto/external/bsd/openssl/dist/apps/CA.sh U src/crypto/external/bsd/openssl/dist/apps/cert.pem U src/crypto/external/bsd/openssl/dist/apps/ciphers.c U src/crypto/external/bsd/openssl/dist/apps/client.pem U src/crypto/external/bsd/openssl/dist/apps/cms.c U src/crypto/external/bsd/openssl/dist/apps/crl2p7.c U src/crypto/external/bsd/openssl/dist/apps/crl.c U src/crypto/external/bsd/openssl/dist/apps/dh1024.pem U src/crypto/external/bsd/openssl/dist/apps/dgst.c U src/crypto/external/bsd/openssl/dist/apps/install-apps.com U src/crypto/external/bsd/openssl/dist/apps/dh2048.pem U src/crypto/external/bsd/openssl/dist/apps/dh4096.pem U src/crypto/external/bsd/openssl/dist/apps/dh512.pem U src/crypto/external/bsd/openssl/dist/apps/dh.c U src/crypto/external/bsd/openssl/dist/apps/dhparam.c U src/crypto/external/bsd/openssl/dist/apps/dsa1024.pem U src/crypto/external/bsd/openssl/dist/apps/dsa512.pem U src/crypto/external/bsd/openssl/dist/apps/dsa.c U src/crypto/external/bsd/openssl/dist/apps/dsa-ca.pem U src/crypto/external/bsd/openssl/dist/apps/dsaparam.c U src/crypto/external/bsd/openssl/dist/apps/dsa-pca.pem U src/crypto/external/bsd/openssl/dist/apps/dsap.pem U src/crypto/external/bsd/openssl/dist/apps/ec.c U src/crypto/external/bsd/openssl/dist/apps/ecparam.c U src/crypto/external/bsd/openssl/dist/apps/enc.c U src/crypto/external/bsd/openssl/dist/apps/engine.c U src/crypto/external/bsd/openssl/dist/apps/errstr.c U src/crypto/external/bsd/openssl/dist/apps/gendh.c U src/crypto/external/bsd/openssl/dist/apps/gendsa.c U src/crypto/external/bsd/openssl/dist/apps/genpkey.c U src/crypto/external/bsd/openssl/dist/apps/genrsa.c U src/crypto/external/bsd/openssl/dist/apps/makeapps.com U src/crypto/external/bsd/openssl/dist/apps/Makefile U src/crypto/external/bsd/openssl/dist/apps/openssl.c U src/crypto/external/bsd/openssl/dist/apps/nseq.c U src/crypto/external/bsd/openssl/dist/apps/ocsp.c U src/crypto/external/bsd/openssl/dist/apps/oid.cnf U src/crypto/external/bsd/openssl/dist/apps/openssl-vms.cnf U src/crypto/external/bsd/openssl/dist/apps/s_apps.h U src/crypto/external/bsd/openssl/dist/apps/openssl.cnf U src/crypto/external/bsd/openssl/dist/apps/pca-cert.srl U src/crypto/external/bsd/openssl/dist/apps/passwd.c U src/crypto/external/bsd/openssl/dist/apps/smime.c U src/crypto/external/bsd/openssl/dist/apps/pca-key.pem U src/crypto/external/bsd/openssl/dist/apps/pca-req.pem U
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: christos Date: Fri Jun 12 16:35:24 UTC 2015 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv12552 Log Message: Changes between 1.0.1m and 1.0.1n [11 Jun 2015] *) Malformed ECParameters causes infinite loop When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field. This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled. This issue was reported to OpenSSL by Joseph Barr-Pixton. (CVE-2015-1788) [Andy Polyakov] *) Exploitable out-of-bounds read in X509_cmp_time X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string. An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. This issue was reported to OpenSSL by Robert Swiecki (Google), and independently by Hanno B�ck. (CVE-2015-1789) [Emilia K�sper] *) PKCS7 crash with missing EnvelopedContent The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-1790) [Emilia K�sper] *) CMS verify infinite loop with unknown hash function When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID. This can be used to perform denial of service against any system which verifies signedData messages using the CMS code. This issue was reported to OpenSSL by Johannes Bauer. (CVE-2015-1792) [Stephen Henson] *) Race condition handling NewSessionTicket If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. (CVE-2015-1791) [Matt Caswell] *) Reject DH handshakes with parameters shorter than 768 bits. [Kurt Roeckx and Emilia Kasper] Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-1n U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay C src/crypto/external/bsd/openssl/dist/CHANGES C src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/e_os2.h U src/crypto/external/bsd/openssl/dist/e_os.h U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE C src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U src/crypto/external/bsd/openssl/dist/Makefile.org U src/crypto/external/bsd/openssl/dist/makevms.com C src/crypto/external/bsd/openssl/dist/NEWS U src/crypto/external/bsd/openssl/dist/README.ENGINE U src/crypto/external/bsd/openssl/dist/openssl.doxy C src/crypto/external/bsd/openssl/dist/openssl.spec U src/crypto/external/bsd/openssl/dist/PROBLEMS C src/crypto/external/bsd/openssl/dist/README U src/crypto/external/bsd/openssl/dist/README.ASN1 U src/crypto/external/bsd/openssl/dist/apps/app_rand.c U src/crypto/external/bsd/openssl/dist/apps/apps.c U src/crypto/external/bsd/openssl/dist/apps/apps.h U src/crypto/external/bsd/openssl/dist/apps/asn1pars.c C src/crypto/external/bsd/openssl/dist/apps/ca.c U src/crypto/external/bsd/openssl/dist/apps/ca-cert.srl U src/crypto/external/bsd/openssl/dist/apps/CA.com U
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Mon Mar 23 08:31:52 UTC 2015 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv27726 Log Message: This is an import of OpenSSL 1.0.1m. The vulnerabilities listed below were previously fixed by patches supplied by the OpenSSL project. Thus, this import is not about vulnerabilities, but about the change in source style OpenSSL applied before 1.0.1m (as well as small fixes not listed in the changelog that make us have a 'proper' 1.0.1m). Upstream Changelog: Changes between 1.0.1l and 1.0.1m [19 Mar 2015] *) Segmentation fault in ASN1_TYPE_cmp fix The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (CVE-2015-0286) [Stephen Henson] *) ASN.1 structure reuse memory corruption fix Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare. Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected. (CVE-2015-0287) [Stephen Henson] *) PKCS7 NULL pointer dereferences fix The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-0289) [Emilia K�sper] *) DoS via reachable assert in SSLv2 servers fix A malicious client can trigger an OPENSSL_assert (i.e., an abort) in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. This issue was discovered by Sean Burford (Google) and Emilia K�sper (OpenSSL development team). (CVE-2015-0293) [Emilia K�sper] *) Use After Free following d2i_ECPrivatekey error fix A malformed EC private key file consumed via the d2i_ECPrivateKey function could cause a use after free condition. This, in turn, could cause a double free in several private key parsing functions (such as d2i_PrivateKey or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption for applications that receive EC private keys from untrusted sources. This scenario is considered rare. This issue was discovered by the BoringSSL project and fixed in their commit 517073cd4b. (CVE-2015-0209) [Matt Caswell] *) X509_to_X509_REQ NULL pointer deref fix The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. This function is rarely used in practice. This issue was discovered by Brian Carpenter. (CVE-2015-0288) [Stephen Henson] *) Removed the export ciphers from the DEFAULT ciphers [Kurt Roeckx] Changes between 1.0.1k and 1.0.1l [15 Jan 2015] *) Build fixes for the Windows and OpenVMS platforms [Matt Caswell and Richard Levitte] Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-1m U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay C src/crypto/external/bsd/openssl/dist/CHANGES C src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/e_os2.h C src/crypto/external/bsd/openssl/dist/e_os.h U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE C src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Tue Jan 13 08:02:20 UTC 2015 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv14297 Log Message: Import of OpenSSL 1.0.1k. Upstream log: Changes between 1.0.1j and 1.0.1k [8 Jan 2015] *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack. Thanks to Markus Stenberg of Cisco Systems, Inc. for reporting this issue. (CVE-2014-3571) [Steve Henson] *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion. Thanks to Chris Mueller for reporting this issue. (CVE-2015-0206) [Matt Caswell] *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference. Thanks to Frank Schmirler for reporting this issue. (CVE-2014-3569) [Kurt Roeckx] *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for reporting this issue. (CVE-2014-3572) [Steve Henson] *) Remove non-export ephemeral RSA code on client and server. This code violated the TLS standard by allowing the use of temporary RSA keys in non-export ciphersuites and could be used by a server to effectively downgrade the RSA key length used to a value smaller than the server certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting this issue. (CVE-2015-0204) [Steve Henson] *) Fixed issue where DH client certificates are accepted without verification. An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered. Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting this issue. (CVE-2015-0205) [Steve Henson] *) Ensure that the session ID context of an SSL is updated when its SSL_CTX is updated via SSL_set_SSL_CTX. The session ID context is typically set from the parent SSL_CTX, and can vary with the CTX. [Adam Langley] *) Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. Thanks to Konrad Kraszewski from Google for reporting this issue. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). Further analysis was conducted and fixes were developed by Stephen Henson of the OpenSSL core team. (CVE-2014-8275) [Steve Henson] *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine. Thanks to Pieter Wuille (Blockstream) who reported this issue and also suggested an initial fix. Further analysis was conducted by the OpenSSL
CVS import: src/crypto/external/bsd/openssl/dist
Module Name:src Committed By: spz Date: Sun Aug 10 07:36:33 UTC 2014 Update of /cvsroot/src/crypto/external/bsd/openssl/dist In directory ivanova.netbsd.org:/tmp/cvs-serv23227 Log Message: Upstream changelog: Changes between 1.0.1h and 1.0.1i [6 Aug 2014] *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the SRP code can be overrun an internal buffer. Add sanity check that g, A, B N to SRP code. Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC Group for discovering this issue. (CVE-2014-3512) [Steve Henson] *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records. Thanks to David Benjamin and Adam Langley (Google) for discovering and researching this issue. (CVE-2014-3511) [David Benjamin] *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. Thanks to Felix Gröbert (Google) for discovering and researching this issue. (CVE-2014-3510) [Emilia Käsper] *) By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. Thanks to Adam Langley for discovering and researching this issue. (CVE-2014-3507) [Adam Langley] *) An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack. Thanks to Adam Langley for discovering and researching this issue. (CVE-2014-3506) [Adam Langley] *) An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack. Thanks to Adam Langley and Wan-Teh Chang for discovering and researching this issue. (CVE-2014-3505) [Adam Langley] *) If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this issue. (CVE-2014-3509) [Gabor Tyukasz] *) A malicious server can crash an OpenSSL client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This can be exploited through a Denial of Service attack. Thanks to Joonas Kuorilehto and Riku Hietam�ki (Codenomicon) for discovering and researching this issue. (CVE-2014-5139) [Steve Henson] *) A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. Thanks to Ivan Fratric (Google) for discovering this issue. (CVE-2014-3508) [Emilia Käsper, and Steve Henson] *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) for corner cases. (Certain input points at infinity could lead to bogus results, with non-infinity inputs mapped to infinity too.) [Bodo Moeller] Status: Vendor Tag: OPENSSL Release Tags: openssl-1-0-1i U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay U src/crypto/external/bsd/openssl/dist/CHANGES C src/crypto/external/bsd/openssl/dist/Configure U src/crypto/external/bsd/openssl/dist/config U src/crypto/external/bsd/openssl/dist/e_os2.h U src/crypto/external/bsd/openssl/dist/e_os.h U src/crypto/external/bsd/openssl/dist/FAQ U src/crypto/external/bsd/openssl/dist/install.com U src/crypto/external/bsd/openssl/dist/INSTALL U src/crypto/external/bsd/openssl/dist/INSTALL.W64 U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS U src/crypto/external/bsd/openssl/dist/INSTALL.NW U src/crypto/external/bsd/openssl/dist/INSTALL.OS2 U src/crypto/external/bsd/openssl/dist/INSTALL.VMS U src/crypto/external/bsd/openssl/dist/INSTALL.W32 U src/crypto/external/bsd/openssl/dist/INSTALL.WCE U src/crypto/external/bsd/openssl/dist/LICENSE U src/crypto/external/bsd/openssl/dist/Makefile U src/crypto/external/bsd/openssl/dist/Makefile.shared U