[openssl-commits] [openssl] OpenSSL_1_0_0p create
Matt Caswell
matt at openssl.org
Thu Jan 8 15:23:56 UTC 2015
The annotated tag OpenSSL_1_0_0p has been created
at 89c5e025a461db9be4cd4a4625fdf80e3f098e61 (tag)
tagging 225628f280d79dda31d135f96e231807d06e38c3 (commit)
replaces OpenSSL_1_0_0o
tagged by Matt Caswell
on Thu Jan 8 14:21:42 2015 +0000
- Log -----------------------------------------------------------------
OpenSSL 1.0.0p release tag
Adam Langley (1):
Premaster secret handling fixes
Alok Menghrajani (2):
Fixes a minor typo in the EVP docs.
Improves the proxy certificates howto doc.
André Guerreiro (1):
Add documentation on -timeout option in the ocsp utility
Andy Polyakov (3):
e_os.h: allow inline functions to be compiled by legacy compilers.
e_os.h: refine inline override logic (to address warnings in debug build).
Fix for CVE-2014-3570.
Bodo Moeller (2):
When processing ClientHello.cipher_suites, don't ignore cipher suites listed after TLS_FALLBACK_SCSV.
Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation.
Dr. Stephen Henson (12):
Fix cross reference table generator.
Reject invalid constructed encodings.
Constify ASN1_TYPE_cmp add X509_ALGOR_cmp.
Fix various certificate fingerprint issues.
update ordinals
ECDH downgrade bug fix.
Only allow ephemeral RSA keys in export ciphersuites.
use correct function name
use correct credit in CHANGES
fix error discrepancy
Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record.
Unauthenticated DH client certificate fix.
Emilia Kasper (1):
Revert "RT3425: constant-time evp_enc"
Kurt Cancemi (1):
RT3547: Add missing static qualifier
Kurt Roeckx (3):
Keep old method in case of an unsupported protocol
Fix warning about negative unsigned intergers
Return error when a bit string indicates an invalid amount of bits left
Matt Caswell (38):
Prepare for 1.0.0p-dev
Fix free of garbage pointer. PR#3595
Corrected comments in ssl.h about SSLv23_method and friends
Fixed memory leak due to incorrect freeing of DTLS reassembly bit mask
Tidy up ocsp help output
Remove duplicated code
Remove redundant checks in ssl_cert_dup. This was causing spurious error messages when using GOST
Add checks to the return value of EVP_Cipher to prevent silent encryption failure.
Check EVP_Cipher return values for SSL2
Fixed warning in ssl2_enc
Verify that we have a sensible message len and fail if not RT#3592 provides an instance where the OPENSSL_assert that this commit replaces can be hit. I was able to recreate this issue by forcing the underlying BIO to misbehave and come back with very small mtu values. This happens the second time around the while loop after we have detected that the MTU has been exceeded following the call to dtls1_write_bytes.
The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being automatically updated, and we should use the one provided instead. Unfortunately there are a couple of locations where this is not respected.
The first call to query the mtu in dtls1_do_write correctly checks that the mtu that we have received is not less than the minimum. If its less it uses the minimum instead. The second call to query the mtu does not do that, but instead uses whatever comes back. We have seen an instance in RT#3592 where we have got an unreasonably small mtu come back. This commit makes both query checks consistent.
There are a number of instances throughout the code where the constant 28 is used with no explanation. Some of this was introduced as part of RT#1929. The value 28 is the length of the IP header (20 bytes) plus the UDP header (8 bytes). However use of this constant is incorrect because there may be instances where a different value is needed, e.g. an IPv4 header is 20 bytes but an IPv6 header is 40. Similarly you may not be using UDP (e.g. SCTP). This commit introduces a new BIO_CTRL that provides the value to be used for this mtu "overhead". It will be used by subsequent commits.
Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP) and instead use the value provided by the underlying BIO. Also provide some new DTLS_CTRLs so that the library user can set the mtu without needing to know this constant. These new DTLS_CTRLs provide the capability to set the link level mtu to be used (i.e. including this IP/UDP overhead). The previous DTLS_CTRLs required the library user to subtract this overhead first.
Fix dtls_query_mtu so that it will always either complete with an mtu that is at least the minimum or it will fail. There were some instances in dtls1_query_mtu where the final mtu can end up being less than the minimum, i.e. where the user has set an mtu manually. This shouldn't be allowed. Also remove dtls1_guess_mtu that, despite having logic for guessing an mtu, was actually only ever used to work out the minimum mtu to use.
If we really get a situation where the underlying mtu is less than the minimum we will support then dtls1_do_write can go into an infinite loop. This commit fixes that.
Updates to s_client and s_server to remove the constant 28 (for IPv4 header and UDP header) when setting an mtu. This constant is not always correct (e.g. if using IPv6). Use the new DTLS_CTRL functions instead.
Only use the fallback mtu after 2 unsuccessful retransmissions if it is less than the mtu we are already using
Remove "#if 0" code
Remove incorrect code inadvertently introduced through commit 59669b6ab.
Fix memory leak in SSL_new if errors occur.
Fixed memory leak in the event of a failure of BUF_MEM_grow
Fix use of NULL memory pointer in X509_VERIFY_PARAM_new in the event of a malloc failure.
Fixed memory leak if BUF_MEM_grow fails
Fix memory leak in s2_srvr.c if BUF_MEM_grow fails
Check return value of ssl3_output_cert_chain
Checkout return value of dtls1_output_cert_chain
DTLS fixes for signed/unsigned issues
Remove extraneous white space, and add some braces
Add OPENSSL_NO_ECDH guards
Fix a problem if CFLAGS is too long cversion.c fails to compile when config is run with --strict-warnings.
Remove blank line from start of cflags character array in buildinf.h
Follow on from CVE-2014-3571. This fixes the code that was the original source of the crash due to p being NULL. Steve's fix prevents this situation from occuring - however this is by no means obvious by looking at the code for dtls1_get_record. This fix just makes things look a bit more sane.
A memory leak can occur in dtls1_buffer_record if either of the calls to ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a malloc failure, whilst the latter will fail if attempting to add a duplicate record to the queue. This should never happen because duplicate records should be detected and dropped before any attempt to add them to the queue. Unfortunately records that arrive that are for the next epoch are not being recorded correctly, and therefore replays are not being detected. Additionally, these "should not happen" failures that can occur in dtls1_buffer_record are not being treated as fatal and therefore an attacker could exploit this by sending repeated replay records for the next epoch, eventually causing a DoS through memory exhaustion.
CHANGES and NEWS updates for release
make update
Prepare for 1.0.0p release
Michal Bozon (1):
Correct timestamp output when clock_precision_digits > 0
Richard Levitte (3):
Correct some layout issues, convert all remaining tabs to appropriate amounts of spaces.
[PR3597] Advance to the next state variant when reusing messages.
Check for FindNextFile when defining it rather than FindFirstFile
Samuel Neves (1):
Use only unsigned arithmetic in constant-time operations
Tim Hudson (1):
no-ssl2 with no-ssl3 does not mean drop the ssl lib
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list