| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Changes between 0.9.6j and 0.9.6k [30 Sep 2003]
*) Fix various bugs revealed by running the NISCC test suite:
Stop out of bounds reads in the ASN1 code when presented with
invalid tags (CAN-2003-0543 and CAN-2003-0544).
If verify callback ignores invalid public key errors don't try to check
certificate signature with the NULL public key.
[Steve Henson]
*) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
if the server requested one: as stated in TLS 1.0 and SSL 3.0
specifications.
[Steve Henson]
*) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
extra data after the compression methods not only for TLS 1.0
but also for SSL 3.0 (as required by the specification).
[Bodo Moeller; problem pointed out by Matthias Loepfe]
*) Change X509_certificate_type() to mark the key as exported/exportable
when it's 512 *bits* long, not 512 bytes.
[Richard Levitte]
Changes between 0.9.6i and 0.9.6j [10 Apr 2003]
*) Countermeasure against the Klima-Pokorny-Rosa extension of
Bleichbacher's attack on PKCS #1 v1.5 padding: treat
a protocol version number mismatch like a decryption error
in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
[Bodo Moeller]
*) Turn on RSA blinding by default in the default implementation
to avoid a timing attack. Applications that don't want it can call
RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
They would be ill-advised to do so in most cases.
[Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
*) Change RSA blinding code so that it works when the PRNG is not
seeded (in this case, the secret RSA exponent is abused as
an unpredictable seed -- if it is not unpredictable, there
is no point in blinding anyway). Make RSA blinding thread-safe
by remembering the creator's thread ID in rsa->blinding and
having all other threads use local one-time blinding factors
(this requires more computation than sharing rsa->blinding, but
avoids excessive locking; and if an RSA object is not shared
between threads, blinding will still be very fast).
[Bodo Moeller]
Changes between 0.9.6h and 0.9.6i [19 Feb 2003]
*) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
via timing by performing a MAC computation even if incorrrect
block cipher padding has been found. This is a countermeasure
against active attacks where the attacker has to distinguish
between bad padding and a MAC verification error. (CAN-2003-0078)
[Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
Martin Vuagnoux (EPFL, Ilion)]
Changes between 0.9.6g and 0.9.6h [5 Dec 2002]
*) New function OPENSSL_cleanse(), which is used to cleanse a section of
memory from it's contents. This is done with a counter that will
place alternating values in each byte. This can be used to solve
two issues: 1) the removal of calls to memset() by highly optimizing
compilers, and 2) cleansing with other values than 0, since those can
be read through on certain media, for example a swap space on disk.
[Geoff Thorpe]
*) Bugfix: client side session caching did not work with external caching,
because the session->cipher setting was not restored when reloading
from the external cache. This problem was masked, when
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
(Found by Steve Haslam <steve@araqnid.ddts.net>.)
[Lutz Jaenicke]
*) Fix client_certificate (ssl/s2_clnt.c): The permissible total
length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
[Zeev Lieber <zeev-l@yahoo.com>]
*) Undo an undocumented change introduced in 0.9.6e which caused
repeated calls to OpenSSL_add_all_ciphers() and
OpenSSL_add_all_digests() to be ignored, even after calling
EVP_cleanup().
[Richard Levitte]
*) Change the default configuration reader to deal with last line not
being properly terminated.
[Richard Levitte]
*) Change X509_NAME_cmp() so it applies the special rules on handling
DN values that are of type PrintableString, as well as RDNs of type
emailAddress where the value has the type ia5String.
[stefank@valicert.com via Richard Levitte]
*) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
the bitwise-OR of the two for use by the majority of applications
wanting this behaviour, and update the docs. The documented
behaviour and actual behaviour were inconsistent and had been
changing anyway, so this is more a bug-fix than a behavioural
change.
[Geoff Thorpe, diagnosed by Nadav Har'El]
*) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
(the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
[Bodo Moeller]
*) Fix initialization code race conditions in
SSLv23_method(), SSLv23_client_method(), SSLv23_server_method(),
SSLv2_method(), SSLv2_client_method(), SSLv2_server_method(),
SSLv3_method(), SSLv3_client_method(), SSLv3_server_method(),
TLSv1_method(), TLSv1_client_method(), TLSv1_server_method(),
ssl2_get_cipher_by_char(),
ssl3_get_cipher_by_char().
[Patrick McCormick <patrick@tellme.com>, Bodo Moeller]
*) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
the cached sessions are flushed, as the remove_cb() might use ex_data
contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
(see [openssl.org #212]).
[Geoff Thorpe, Lutz Jaenicke]
*) Fix typo in OBJ_txt2obj which incorrectly passed the content
length, instead of the encoding length to d2i_ASN1_OBJECT.
[Steve Henson]
|
|
|
|
|
|
need by simply setting BUILDLINK_DEPENDS.openssl. This buildlink2.mk file
now functions just like any other typical buildlink2.mk file.
|
|
|
|
openssl.
|
|
configure and test phases.
|
|
|
|
bare "make" problem using tools.mk.
|
|
an operating system does not have a 'make' (ie only bmake), or if the OS
supplied 'make' is sufficiently broken (Irix), this will cause the build to
fail (interestingly enough apparently only if build as a dependency, not
if build from this directory).
Patch Makefiles to use @MAKE@, which then, after patching, is substituted with
the actual ${MAKE} (can't use "MAKE= ${MAKE} -f Makefile.ssl").
While here, tweak Irix configure a bit.
|
|
set PKG_SKIP_REASON and move on. The package only supports to 0.9.6g
currently otherwise.
|
|
XXX there really must be a better way to (not have to) do this.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
force gcc if *gcc* - Sun's compiler is never going to be installed
into a path with 'gcc' in it(!)
|
|
|
|
PLIST_SRC accordingly after we recently set LOWER_OPSYS on IRIX to what
most applications seem to expect (ie irix6.5 rather than irix6).
|
|
Should anybody feel like they could be the maintainer for any of thewe packages,
please adjust.
|
|
|
|
# This hack goes away, once we formally de-support NetBSD-1.4.x.
We did that half a year ago.
|
|
Researchers have discovered a timing attack on RSA keys, to which
OpenSSL is generally vulnerable, unless RSA blinding has been turned
on.
Typically, it will not have been, because it is not easily possible to
do so when using OpenSSL to provide SSL or TLS.
The enclosed patch switches blinding on by default. Applications that
wish to can remove the blinding with RSA_blinding_off(), but this is
not generally advised. It is also possible to disable it completely by
defining OPENSSL_NO_FORCE_RSA_BLINDING at compile-time.
The performance impact of blinding appears to be small (a few
percent).
This problem affects many applications using OpenSSL, in particular,
almost all SSL-enabled Apaches. You should rebuild and reinstall
OpenSSL, and all affected applications.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0147 to this issue.
* Add patch from http://www.openssl.org/news/secadv_20030319.txt:
Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa
have come up with an extension of the "Bleichenbacher attack" on RSA
with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. Their
attack requires the attacker to open millions of SSL/TLS connections
to the server under attack; the server's behaviour when faced with
specially made-up RSA ciphertexts can reveal information that in
effect allows the attacker to perform a single RSA private key
operation on a ciphertext of its choice using the server's RSA key.
Note that the server's RSA key is not compromised in this attack.
* Bump PKGREVISION.
|
|
|
|
In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
via timing by performing a MAC computation even if incorrrect
block cipher padding has been found. This is a countermeasure
against active attacks where the attacker has to distinguish
between bad padding and a MAC verification error. (CAN-2003-0078)
Bump PKGREVISION.
|
|
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES". This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile. Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.
|
|
eg. 'solaris-sparcv7-/usr/pkg/bin/gcc' :-)
|
|
|
|
|
|
find libcrypto.
fixes my PR pkg/19229.
|
|
Reported by Jonathan Perkin in PR19205.
|
|
|
|
|
|
RSAref is used, then the library may be found.
|
|
|
|
buildlink2.mk files back into the main trunk.
|
|
|
|
|
|
on 1.4.2/i386. Approved by agc.
|
|
the in-tree openssl is < 0.9.6f, a previous package build has installed
the openssl-0.9.6g package, but the BUILDLINK_DEPENDS.openssl value is
not initialised, so that the package infrastructure tries to build and
install the openssl-0.9.6g package again.
|
|
problems for Solaris. Instead, handle patch for NetBSD-1.4.2 specially.
|
|
|
|
NetBSD-patched codebase won't apply cleanly (or at all) without the NetBSD
patch. Therefore, remove the `.if ${OS}' condition for applying the patch,
so Solaris and Darwin start with the same codebase. Fix as needed.
|
|
|
|
a stunning DoS vulnerability, fixed in 0.9.6f:
*) Use proper error handling instead of 'assertions' in buffer
overflow checks added in 0.9.6e. This prevents DoS (the
assertions could call abort()).
[Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
Regenerate the netbsd patch. This is now a clean diff against the
vendor tag, with version-number-only changes elided.
Partially revert "crypto/dist/openssl/crypto/rand/randfile.c", version
1.4 (via additional pkgsrc patch), to give this a shot to compile on
NetBSD-1.4.2 and earlier, which had no strlcpy() or strlcat().
Assemble the shared library without "-Bsymbolic", mainly to give this
a shot at linking on NetBSD-a.out (untested).
|
|
platform.
|
|
${LOCALBASE}/bin/perl.
* Refer to the make program used to drive the build and installation as
"${MAKE_PROGRAM}".
* Instead of explicitly setting PKG_SYSCONFBASE=/etc, use the pkg-specific
override PKG_SYSCONFDIR.openssl, and optionally set it so that the
user still has the option of overriding its value.
* Use bsd.pkg.install.mk to install the default config file (openssl.cnf)
and to create and remove the extra config directories. This lets us
reemove the extra lines in PLIST that do the same thing.
|
