Commit cb686480 authored by Jung-uk Kim's avatar Jung-uk Kim
Browse files

Import OpenSSL 1.0.1i.

parent 2e22f5e2
......@@ -2,6 +2,92 @@
Changes between 1.0.1h and 1.0.1i [6 Aug 2014]
*) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the
SRP code can be overrun an internal buffer. Add sanity check that
g, A, B < N to SRP code.
Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
Group for discovering this issue.
[Steve Henson]
*) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate
TLS 1.0 instead of higher protocol versions when the ClientHello message
is badly fragmented. This allows a man-in-the-middle attacker to force a
downgrade to TLS 1.0 even if both the server and the client support a
higher protocol version, by modifying the client's TLS records.
Thanks to David Benjamin and Adam Langley (Google) for discovering and
researching this issue.
[David Benjamin]
*) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
to a denial of service attack. A malicious server can crash the client
with a null pointer dereference (read) by specifying an anonymous (EC)DH
ciphersuite and sending carefully crafted handshake messages.
Thanks to Felix Gröbert (Google) for discovering and researching this
[Emilia Käsper]
*) By sending carefully crafted DTLS packets an attacker could cause openssl
to leak memory. This can be exploited through a Denial of Service attack.
Thanks to Adam Langley for discovering and researching this issue.
[Adam Langley]
*) An attacker can force openssl to consume large amounts of memory whilst
processing DTLS handshake messages. This can be exploited through a
Denial of Service attack.
Thanks to Adam Langley for discovering and researching this issue.
[Adam Langley]
*) An attacker can force an error condition which causes openssl to crash
whilst processing DTLS packets due to memory being freed twice. This
can be exploited through a Denial of Service attack.
Thanks to Adam Langley and Wan-Teh Chang for discovering and researching
this issue.
[Adam Langley]
*) If a multithreaded client connects to a malicious server using a resumed
session and the server sends an ec point format extension it could write
up to 255 bytes to freed memory.
Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this
[Gabor Tyukasz]
*) A malicious server can crash an OpenSSL client with a null pointer
dereference (read) by specifying an SRP ciphersuite even though it was not
properly negotiated with the client. This can be exploited through a
Denial of Service attack.
Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for
discovering and researching this issue.
[Steve Henson]
*) A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information
from the stack. Applications may be affected if they echo pretty printing
output to the attacker.
Thanks to Ivan Fratric (Google) for discovering this issue.
[Emilia Käsper, and Steve Henson]
*) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
for corner cases. (Certain input points at infinity could lead to
bogus results, with non-infinity inputs mapped to infinity too.)
[Bodo Moeller]
Changes between 1.0.1g and 1.0.1h [5 Jun 2014]
*) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
......@@ -720,6 +720,7 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental
"sctp" => "default",
"shared" => "default",
"store" => "experimental",
"unit-test" => "default",
"zlib" => "default",
"zlib-dynamic" => "default"
......@@ -727,7 +728,7 @@ my @experimental = ();
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
# Explicit "no-..." options will be collected in %disabled along with the defaults.
# To remove something from %disabled, use "enable-foo" (unless it's experimental).
......@@ -113,11 +113,6 @@ that came with the version of OpenSSL you are using. The pod format
documentation is included in each OpenSSL distribution under the docs
For information on parts of libcrypto that are not yet documented, you
might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
predecessor, at <URL:>. Much
of this still applies to OpenSSL.
There is some documentation about certificate extensions and PKCS#12
in doc/openssl.txt
......@@ -11,14 +11,14 @@ First, read
# Xlist
setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
setenv FSVN "svn+ssh://"
setenv OSSLVER 1.0.1h
# OSSLTAG format: v1_0_1h
setenv OSSLVER 1.0.1i
# OSSLTAG format: v1_0_1i
###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`
cd /FreeBSD/work/openssl/merge
fetch${OSSLVER}.tar.gz \${OSSLVER}.tar.gz.asc
fetch${OSSLVER}.tar.gz \${OSSLVER}.tar.gz.asc
gpg --verify openssl-${OSSLVER}.tar.gz.asc openssl-${OSSLVER}.tar.gz
svn co $FSVN/vendor-crypto/openssl/dist dist
......@@ -43,13 +43,13 @@ comm -13 ../old ../new | xargs svn --parents add
svn stat
svn ci
svn cp $FSVN/vendor-crypto/openssl/dist $FSVN/vendor-crypto/openssl/$OSSLVER
svn cp ^/vendor-crypto/openssl/dist ^/vendor-crypto/openssl/$OSSLVER
# Merge to head
mkdir ../head
cd ../head
svn co $FSVN/head/crypto/openssl crypto/openssl
svn merge $FSVN/vendor-crypto/openssl/dist crypto/openssl
svn merge ^/vendor-crypto/openssl/dist crypto/openssl
# Resolve conflicts manually
......@@ -4,7 +4,7 @@
## Makefile for OpenSSL
......@@ -13,7 +13,7 @@ SHLIB_MAJOR=1
OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-zlib no-zlib-dynamic static-engine
OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-unit-test no-zlib no-zlib-dynamic static-engine
......@@ -61,7 +61,7 @@ OPENSSLDIR=/usr/local/ssl
CC= cc
......@@ -5,10 +5,23 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]
o Fix for CVE-2014-3512
o Fix for CVE-2014-3511
o Fix for CVE-2014-3510
o Fix for CVE-2014-3507
o Fix for CVE-2014-3506
o Fix for CVE-2014-3505
o Fix for CVE-2014-3509
o Fix for CVE-2014-5139
o Fix for CVE-2014-3508
Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
o Fix for CVE-2014-0224
o Fix for CVE-2014-0221
o Fix for CVE-2014-0198
o Fix for CVE-2014-0195
o Fix for CVE-2014-3470
o Fix for CVE-2010-5298
OpenSSL 1.0.1h 5 Jun 2014
OpenSSL 1.0.1i 6 Aug 2014
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
......@@ -390,6 +390,8 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
if (arg->data == NULL)
return 0;
for (i=0; i<arg->count; i++)
......@@ -1542,6 +1544,8 @@ char *make_config_name()
if (p == NULL)
return NULL;
......@@ -1620,12 +1620,14 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
BIO_printf(bio_err,"Signature verification problems....\n");
goto err;
if (i == 0)
BIO_printf(bio_err,"Signature did not match the certificate request\n");
goto err;
......@@ -2777,6 +2779,9 @@ char *make_revocation_str(int rev_type, char *rev_arg)
revtm = X509_gmtime_adj(NULL, 0);
if (!revtm)
return NULL;
i = revtm->length + 1;
if (reason) i += strlen(reason) + 1;
......@@ -96,13 +96,7 @@ int MAIN(int argc, char **argv)
char buf[512];
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
#elif !defined(OPENSSL_NO_SSL3)
#elif !defined(OPENSSL_NO_SSL2)
......@@ -141,7 +141,13 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
if(!certflst) certflst = sk_OPENSSL_STRING_new_null();
if (!certflst)
goto end;
if (!sk_OPENSSL_STRING_push(certflst,*(++argv)))
goto end;
......@@ -67,7 +67,9 @@
#include <openssl/x509.h>
#include <openssl/rand.h>
#include <openssl/pem.h>
#include <openssl/comp.h>
#include <ctype.h>
int set_hex(char *in,unsigned char *out,int size);
......@@ -337,6 +339,12 @@ int MAIN(int argc, char **argv)
goto end;
if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE))
BIO_printf(bio_err, "Ciphers in XTS mode are not supported by the enc utility\n");
goto end;
if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
......@@ -1419,7 +1419,7 @@ OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
resp = query_responder(err, cbio, path, headers, req, req_timeout);
if (!resp)
BIO_printf(bio_err, "Error querying OCSP responsder\n");
BIO_printf(bio_err, "Error querying OCSP responder\n");
if (cbio)
......@@ -107,16 +107,16 @@ FUNCTION functions[] = {
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
#if !defined(OPENSSL_NO_SOCK)
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
#if !defined(OPENSSL_NO_SOCK)
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
#if !defined(OPENSSL_NO_SOCK)
......@@ -126,7 +126,7 @@ FUNCTION functions[] = {
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
#if !defined(OPENSSL_NO_SOCK)
......@@ -32,7 +32,7 @@ foreach (@ARGV)
if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
{ print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; }
{ print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; }
elsif ( ($_ =~ /^speed$/))
{ print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; }
elsif ( ($_ =~ /^engine$/))
......@@ -290,6 +290,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
BIO_printf(bio_err," -verify_return_error - return verification errors\n");
BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n");
......@@ -300,6 +301,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
BIO_printf(bio_err," -prexit - print session information even on connection failure\n");
BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
BIO_printf(bio_err," -debug - extra output\n");
#ifdef WATT32
......@@ -463,6 +463,7 @@ static void sv_usage(void)
BIO_printf(bio_err," -context arg - set session ID context\n");
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
BIO_printf(bio_err," -verify_return_error - return verification errors\n");
BIO_printf(bio_err," -cert arg - certificate file to use\n");
BIO_printf(bio_err," (default is %s)\n",TEST_CERT);
BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \
......@@ -534,6 +535,7 @@ static void sv_usage(void)
BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n");
BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
BIO_printf(bio_err," -hack - workaround for early Netscape code\n");
BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
......@@ -562,6 +564,10 @@ static void sv_usage(void)
BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
BIO_printf(bio_err," -status - respond to certificate status requests\n");
BIO_printf(bio_err," -status_verbose - enable status request verbose printout\n");
BIO_printf(bio_err," -status_timeout n - status request responder timeout\n");
BIO_printf(bio_err," -status_url URL - status request fallback URL\n");
static int local_argc=0;
......@@ -739,7 +745,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
if (servername)
if (strcmp(servername,p->servername))
if (strcasecmp(servername,p->servername))
return p->extension_error;
if (ctx2)
......@@ -1356,6 +1362,14 @@ int MAIN(int argc, char *argv[])
goto end;
if (www && socket_type == SOCK_DGRAM)
"Can't use -HTTP, -www or -WWW with DTLS\n");
goto end;
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
if (jpake_secret)
......@@ -283,17 +283,29 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
long len)
const unsigned char *p;
unsigned char *data;
int i;
/* Sanity check OID encoding: can't have leading 0x80 in
* subidentifiers, see: X.690 8.19.2
int i, length;
/* Sanity check OID encoding.
* Need at least one content octet.
* MSB must be clear in the last octet.
* can't have leading 0x80 in subidentifiers, see: X.690 8.19.2
for (i = 0, p = *pp; i < len; i++, p++)
if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
p[len - 1] & 0x80)
return NULL;
/* Now 0 < len <= INT_MAX, so the cast is safe. */
length = (int)len;
for (i = 0; i < length; i++, p++)
if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
......@@ -316,23 +328,23 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
data = (unsigned char *)ret->data;
ret->data = NULL;
/* once detached we can change it */
if ((data == NULL) || (ret->length < len))
if ((data == NULL) || (ret->length < length))
if (data != NULL) OPENSSL_free(data);
data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
data=(unsigned char *)OPENSSL_malloc(length);
if (data == NULL)
{ i=ERR_R_MALLOC_FAILURE; goto err; }
/* reattach data to object, after which it remains const */
ret->data =data;
/* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
if (a != NULL) (*a)=ret;
......@@ -196,24 +196,29 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
struct tm *ts;
struct tm data;
size_t len = 20;
int free_s = 0;
if (s == NULL)
free_s = 1;
if (s == NULL)
goto err;
ts=OPENSSL_gmtime(&t, &data);
if (ts == NULL)
goto err;
if (offset_day || offset_sec)
if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
return NULL;
goto err;
if((ts->tm_year < 50) || (ts->tm_year >= 150))
return NULL;
goto err;
p=(char *)s->data;
if ((p == NULL) || ((size_t)s->length < len))
......@@ -222,7 +227,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
if (p == NULL)
goto err;
if (s->data != NULL)
......@@ -237,6 +242,10 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
ebcdic2ascii(s->data, s->data, s->length);
if (free_s && s)
return NULL;
......@@ -261,6 +270,11 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
t -= offset*60; /* FIXME: may overflow in extreme cases */
tm = OPENSSL_gmtime(&t, &data);
/* NB: -1, 0, 1 already valid return values so use -2 to
* indicate error.
if (tm == NULL)
return -2;
#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
year = g2(s->data);
......@@ -258,7 +258,12 @@ int EVP_PKEY_asn1_add_alias(int to, int from)
if (!ameth)
return 0;
ameth->pkey_base_id = to;
return EVP_PKEY_asn1_add0(ameth);
if (!EVP_PKEY_asn1_add0(ameth))
return 0;
return 1;
int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags,
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment