[openssl-commits] [openssl] OpenSSL_1_0_2-pre-reformat create

Matt Caswell matt at openssl.org
Mon Feb 9 13:26:12 UTC 2015

The annotated tag OpenSSL_1_0_2-pre-reformat has been created
        at  6b1754608f389ee2595fb7027de4e1e35eee6b02 (tag)
   tagging  43257b9f51de749262258668c77c2f0f99d7a15b (commit)
  replaces  OpenSSL_1_0_2-beta3
 tagged by  Matt Caswell
        on  Mon Feb 9 13:18:17 2015 +0000

- Log -----------------------------------------------------------------
Pre reformat of OpenSSL_1_0_2

Reviewed-by: Richard Levitte <levitte at openssl.org>

Adam Langley (3):
      Don't set client_version to the ServerHello version.
      Premaster secret handling fixes
      Ensure that the session ID context of an SSL* is updated     when its SSL_CTX is updated.

Alok Menghrajani (3):
      Fixes a minor typo in the EVP docs.
      Improves the proxy certificates howto doc.
      Improves certificates HOWTO

André Guerreiro (1):
      Add documentation on -timeout option in the ocsp utility

Andy Polyakov (13):
      e_os.h: refine inline override logic (to address warnings in debug build).
      aesni-x86_64.pl: make ECB subroutine Windows ABI compliant.
      Add missing credit.
      md32_common.h: address compiler warning in HOST_c2l.
      armv4cpuid.S: fix compilation error in pre-ARMv7 build.
      ecp_nistz256-x86_64.pl: fix occasional failures.
      Remove inconsistency in ARM support.     This facilitates "universal" builds, ones that target multiple     architectures, e.g. ARMv5 through ARMv7. See commentary in     Configure for details.
      CHANGES: mention "universal" ARM support.
      Revert "CHANGES: mention "universal" ARM support."
      CHANGES: mention "universal" ARM support.
      Fix irix-cc build.
      Fix for CVE-2014-3570 (with minor bn_asm.c revamp).
      Add Broadwell performance results.

Ben Laurie (1):
      Fix single makefile.

Bodo Moeller (7):
      DTLS 1.2 support has been added to 1.0.2.
      Support TLS_FALLBACK_SCSV.
      Oop: revert unintentional change committed along with     TLS_FALLBACK_SCSV support, restoring a reviewed state instead.
      Add TLS_FALLBACK_SCSV documentation, and move s_client -fallback_scsv     handling out of #ifndef OPENSSL_NO_DTLS1 section.
      Fix SSL_R naming inconsistency.
      When processing ClientHello.cipher_suites, don't ignore cipher suites     listed after TLS_FALLBACK_SCSV.
      Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation.

Bodo Möller (1):
      Backport regression test

Daniel Kahn Gillmor (1):
      Allow ECDHE and DHE as forward-compatible aliases for EECDH and EDH

David Benjamin (1):
      Do not resume a session if the negotiated protocol version does not match     the session's version (server).

Dominik Neubauer (1):
      typo in s_client

Dr. Stephen Henson (27):
      Add additional DigestInfo checks.
      Fix for session tickets memory leak.
      Parse custom extensions after SNI.
      Process signature algorithms in ClientHello late.
      Copy negotiated parameters in SSL_set_SSL_CTX.
      Fix cross reference table generator.
      Process signature algorithms before deciding on certificate.
      Fix excert logic.
      New option no-ssl3-method which removes SSLv3_*method
      Fix SuiteB chain checking logic.
      Print out Suite B status.
      Check return value of ssl3_output_cert_chain
      Reject invalid constructed encodings.
      Clear existing extension state.
      Remove MS SGC
      Update SGC flag comment.
      Fix various certificate fingerprint issues.
      Constify ASN1_TYPE_cmp add X509_ALGOR_cmp.
      update ordinals
      ECDH downgrade bug fix.
      Only allow ephemeral RSA keys in export ciphersuites.
      RT3662: Allow leading . in nameConstraints
      use correct function name
      use correct credit in CHANGES
      fix error discrepancy
      Fix crash in dtls1_get_record whilst in the listen state where you get two     separate reads performed - one for the header and one for the body of the     handshake record.
      Unauthenticated DH client certificate fix.

Emilia Kasper (20):
      Fix ssltest logic when some protocols are compiled out.
      Sync CHANGES
      Tighten session ticket handling
      Reset s->tlsext_ticket_expected in ssl_scan_serverhello_tlsext.     This ensures that it's zeroed even if the SSL object is reused     (as in ssltest.c). It also ensures that it applies to DTLS, too.
      Set s->hit when resuming from external pre-shared secret.
      Remove ssl3_check_finished.
      Always require an advertised NewSessionTicket message.
      Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset     once the ChangeCipherSpec message is received. Previously, the server would     set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED.     This would allow a second CCS to arrive and would corrupt the server state.
      Clean up CHANGES
      Reject elliptic curve lists of odd lengths.
      Make 'make update' succeed and run it
      Add extra checks for odd-length EC curve lists.
      Clarify the return values for SSL_get_shared_curve.
      Fix unused variable warning
      Check for invalid divisors in BN_div.
      Build fixes
      Revert "RT3425: constant-time evp_enc"
      Add a comment noting the padding oracle.
      Add a clang build target for linux-x86_64
      Only inherit the session ID context in SSL_set_SSL_CTX if the existing     context was also inherited (matches that of the existing SSL_CTX).

Geoff Thorpe (1):
      Fix no-ssl3 configuration option

Guenter (1):
      NetWare compilation fix.

Jan Hykel (1):
      Don't use msg on error.

Kurt Cancemi (1):
      RT3547: Add missing static qualifier

Kurt Roeckx (8):
      Keep old method in case of an unsupported protocol
      Fix warning about negative unsigned intergers
      Use the SSLv23 method by default
      Return error when a bit string indicates an invalid amount of bits left
      Fix memory leak in the apps
      dlfcn: always define _GNU_SOURCE
      Make "run" volatile
      Make build reproducible

Martin Brejcha (1):
      Fix memory leak.

Matt Caswell (57):
      Prepare for 1.0.2-beta4-dev
      Removed duplicate definition of PKCS7_type_is_encrypted
      Fix for SRTP Memory Leak
      Fix SRTP compile issues for windows
      Updates to CHANGES file
      Updates to NEWS file
      Fix free of garbage pointer. PR#3595
      Added OPENSSL_NO_EC2M guards around the default EC curves
      Fixed cms-test.pl for no-ec2m
      Added RFC 7027 references
      Fix s_server -ssl2. Previously this reported "Error setting EC curve"
      When using EVP_PKEY_derive with a KDF set, a negative error from     ECDH_compute_key is silently ignored and the KDF is run on duff data
      Corrected comments in ssl.h about SSLv23_method and friends
      Fixed memory leak due to incorrect freeing of DTLS reassembly bit mask
      Add include of ssl.h which is required by srtp.h
      Updates to EVP_PKEY_encrypt.pod submitted by user Bernardh via the wiki     Minor changes made by Matt Caswell.
      Updates to X509_NAME_add_entry_by_txt.pod submitted by user Bernardh via the wiki     Minor changes made by Matt Caswell.
      Updates to X509_NAME_get_index_by_NID.pod submitted by user Bernardh via the wiki     Minor changes made by Matt Caswell
      Tidy up ocsp help output
      Remove duplicated code
      Remove redundant checks in ssl_cert_dup. This was causing spurious error messages when using GOST
      Add checks to the return value of EVP_Cipher to prevent silent encryption failure.
      Delete unused file
      Check EVP_Cipher return values for SSL2
      Remove more references to dtls1_enc
      Fix warning in ssl2_enc
      Verify that we have a sensible message len and fail if not     RT#3592 provides an instance where the OPENSSL_assert that this commit     replaces can be hit. I was able to recreate this issue by forcing the     underlying BIO to misbehave and come back with very small mtu values. This     happens the second time around the while loop after we have detected that the     MTU has been exceeded following the call to dtls1_write_bytes.
      The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being     automatically updated, and we should use the one provided instead.     Unfortunately there are a couple of locations where this is not respected.
      The first call to query the mtu in dtls1_do_write correctly checks that the     mtu that we have received is not less than the minimum. If its less it uses the     minimum instead. The second call to query the mtu does not do that, but     instead uses whatever comes back. We have seen an instance in RT#3592 where we     have got an unreasonably small mtu come back. This commit makes both query     checks consistent.
      There are a number of instances throughout the code where the constant 28 is     used with no explanation. Some of this was introduced as part of RT#1929. The     value 28 is the length of the IP header (20 bytes) plus the UDP header (8     bytes). However use of this constant is incorrect because there may be     instances where a different value is needed, e.g. an IPv4 header is 20 bytes     but an IPv6 header is 40. Similarly you may not be using UDP (e.g. SCTP).     This commit introduces a new BIO_CTRL that provides the value to be used for     this mtu "overhead". It will be used by subsequent commits.
      Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP)     and instead use the value provided by the underlying BIO. Also provide some     new DTLS_CTRLs so that the library user can set the mtu without needing to     know this constant. These new DTLS_CTRLs provide the capability to set the     link level mtu to be used (i.e. including this IP/UDP overhead). The previous     DTLS_CTRLs required the library user to subtract this overhead first.
      Fix dtls_query_mtu so that it will always either complete with an mtu that is     at least the minimum or it will fail.     There were some instances in dtls1_query_mtu where the final mtu can end up     being less than the minimum, i.e. where the user has set an mtu manually. This     shouldn't be allowed. Also remove dtls1_guess_mtu that, despite having     logic for guessing an mtu, was actually only ever used to work out the minimum     mtu to use.
      If we really get a situation where the underlying mtu is less than the minimum     we will support then dtls1_do_write can go into an infinite loop. This commit     fixes that.
      Updates to s_client and s_server to remove the constant 28 (for IPv4 header     and UDP header) when setting an mtu. This constant is not always correct (e.g.     if using IPv6). Use the new DTLS_CTRL functions instead.
      Only use the fallback mtu after 2 unsuccessful retransmissions if it is less     than the mtu we are already using
      Remove "#if 0" code
      Remove incorrect code inadvertently introduced through commit 59669b6ab.
      Fix memory leak in SSL_new if errors occur.
      Fixed memory leak in the event of a failure of BUF_MEM_grow
      Fixed memory leak if BUF_MEM_grow fails
      Fix memory leak in s2_srvr.c if BUF_MEM_grow fails
      DTLS fixes for signed/unsigned issues
      Remove extraneous white space, and add some braces
      Add OPENSSL_NO_ECDH guards
      Add more meaningful OPENSSL_NO_ECDH error message for suite b mode
      The dtls1_output_cert_chain function no longer exists so remove it from     ssl_locl.h
      Fix a problem if CFLAGS is too long cversion.c fails to compile when config     is run with --strict-warnings.
      Additional fix required for no-srtp to work
      Remove blank line from start of cflags character array in buildinf.h
      Follow on from CVE-2014-3571. This fixes the code that was the original source     of the crash due to p being NULL. Steve's fix prevents this situation from     occuring - however this is by no means obvious by looking at the code for     dtls1_get_record. This fix just makes things look a bit more sane.
      A memory leak can occur in dtls1_buffer_record if either of the calls to     ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a     malloc failure, whilst the latter will fail if attempting to add a duplicate     record to the queue. This should never happen because duplicate records should     be detected and dropped before any attempt to add them to the queue.     Unfortunately records that arrive that are for the next epoch are not being     recorded correctly, and therefore replays are not being detected.     Additionally, these "should not happen" failures that can occur in     dtls1_buffer_record are not being treated as fatal and therefore an attacker     could exploit this by sending repeated replay records for the next epoch,     eventually causing a DoS through memory exhaustion.
      Fix build failure on Windows due to undefined cflags identifier
      Update .gitignore with windows files to be excluded from git
      Further windows specific .gitignore entries
      Avoid deprecation problems in Visual Studio 13
      Fix warning where BIO_FLAGS_UPLINK was being redefined.     This warning breaks the build in 1.0.0 and 0.9.8
      Make output from openssl version -f consistent with previous versions

Michael Tuexen (1):
      Fix incorrect OPENSSL_assert() usage.

Michal Bozon (1):
      Correct timestamp output when clock_precision_digits > 0

Piotr Sikora (1):
      Fix building with no-srtp

Rich Salz (4):
      RT2309: Fix podpage MMNNFFPPS->MNNFFPPS
      RT3462: Document actions when data==NULL
      RT2914: NULL check missing in X509_name_canon
      Allow multiple IDN xn-- indicators

Richard Levitte (13):
      Correct some layout issues, convert all remaining tabs to appropriate amounts of spaces.
      [PR3597] Advance to the next state variant when reusing messages.
      Check for FindNextFile when defining it rather than FindFirstFile
      s_client and s_server take -verify_{host,email,ip}, not -check*
      Clear warnings/errors within BN_CTX_DEBUG code sections
      Clear warnings/errors within CIPHER_DEBUG code sections
      Clear warnings/errors within CIPHER_DEBUG code sections
      Clear warnings/errors within KSSL_DEBUG code sections
      Clear warnings/errors within TLS_DEBUG code sections
      Clear warnings/errors within RL_DEBUG code sections (RL_DEBUG should be renamed)
      Small typo
      VMS fixups for 1.0.2
      Define CFLAGS as cflags on VMS as well

Russell Coker (1):
      Fix datarace reported by valgrind/helgrind

Samuel Neves (1):
      Use only unsigned arithmetic in constant-time operations

Thorsten Glaser (1):
      Document openssl dgst -hmac option

Tim Hudson (1):
      no-ssl2 with no-ssl3 does not mean drop the ssl lib


More information about the openssl-commits mailing list