openssl

Author	SHA1	Message	Date
Dr. Stephen Henson	625a55324f	update CHANGES	2013-02-11 16:35:10 +00:00
Dr. Stephen Henson	3151e328e0	prepare for next version	2013-02-11 16:14:11 +00:00
Dr. Stephen Henson	f66db68e1f	prepare for release	2013-02-11 11:57:46 +00:00
Dr. Stephen Henson	41cf07f0ec	prepare for next version	2013-02-06 02:26:24 +00:00
Dr. Stephen Henson	62f4033381	typo	2013-02-04 23:12:58 +00:00
Dr. Stephen Henson	df0d93564e	typo	2013-02-04 22:39:37 +00:00
Dr. Stephen Henson	f1ca56a69f	Add CHANGES entries.	2013-02-04 20:37:46 +00:00
Dr. Stephen Henson	62e4506a7d	Don't try and verify signatures if key is NULL (CVE-2013-0166) Add additional check to catch this in ASN1_item_verify too.	2013-01-29 16:49:24 +00:00
Ben Laurie	5bb6d96558	Make verify return errors.	2012-12-13 15:48:42 +00:00
Ben Laurie	70d91d60bc	Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. See http://rt.openssl.org/Ticket/Display.html?id=2836.	2012-09-17 14:39:38 +00:00
Dr. Stephen Henson	eeca72f71e	PR: 2813 Reported by: Constantine Sapuntzakis <csapuntz@gmail.com> Fix possible deadlock when decoding public keys.	2012-05-11 13:52:46 +00:00
Dr. Stephen Henson	6e164e5c3d	PR: 2811 Reported by: Phil Pennock <openssl-dev@spodhuis.org> Make renegotiation work for TLS 1.2, 1.1 by not using a lower record version client hello workaround if renegotiating.	2012-05-11 13:32:26 +00:00
Dr. Stephen Henson	d9c34505e5	prepare for next version	2012-05-10 16:02:30 +00:00
Dr. Stephen Henson	f9885acc8c	prepare for 1.0.1c release	2012-05-10 15:16:37 +00:00
Dr. Stephen Henson	d414a5a0f0	Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and DTLS to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333)	2012-05-10 15:10:15 +00:00
Dr. Stephen Henson	5b9d0995a1	Reported by: Solar Designer of Openwall Make sure tkeylen is initialised properly when encrypting CMS messages.	2012-05-10 13:34:22 +00:00
Dr. Stephen Henson	c76b7a1a82	Don't try to use unvalidated composite ciphers in FIPS mode	2012-04-26 18:49:45 +00:00
Dr. Stephen Henson	c940e07014	prepare for next version	2012-04-26 12:01:38 +00:00
Dr. Stephen Henson	effa47b80a	prepare for 1.0.1b release	2012-04-26 10:40:39 +00:00
Andy Polyakov	748628ced0	CHANGES: clarify.	2012-04-26 07:34:39 +00:00
Andy Polyakov	6791060eae	CHANGEs: fix typos and clarify.	2012-04-26 07:25:04 +00:00
Dr. Stephen Henson	502dfeb8de	Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and OpenSSL 1.0.0. Add CHANGES entry noting the consequences.	2012-04-25 23:08:44 +00:00
Andy Polyakov	5bbed29518	s23_clnt.c: ensure interoperability by maitaining client "version capability" vector contiguous [from HEAD]. PR: 2802	2012-04-25 22:07:23 +00:00
Dr. Stephen Henson	e7d2a37158	update for next version	2012-04-19 16:53:43 +00:00
Dr. Stephen Henson	531c6fc8f3	prepare for 1.0.1a release	2012-04-19 12:17:19 +00:00
Dr. Stephen Henson	8d5505d099	Check for potentially exploitable overflows in asn1_d2i_read_bio BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)	2012-04-19 12:13:59 +00:00
Bodo Möller	4d936ace08	Disable SHA-2 ciphersuites in < TLS 1.2 connections. (TLS 1.2 clients could end up negotiating these with an OpenSSL server with TLS 1.2 disabled, which is problematic.) Submitted by: Adam Langley	2012-04-17 15:20:17 +00:00
Dr. Stephen Henson	89bd25eb26	Additional workaround for PR#2771 If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client ciphersuites to this value. A value of 50 should be sufficient. Document workarounds in CHANGES.	2012-04-17 14:41:23 +00:00
Andy Polyakov	d2f950c984	CHANGES: mention vpaes fix and harmonize with 1.0.0. PR: 2775	2012-03-31 18:55:41 +00:00
Dr. Stephen Henson	e733dea3ce	update version to 1.0.1a-dev	2012-03-22 15:18:19 +00:00
Dr. Stephen Henson	f3dcae15ac	prepare for 1.0.1 release	2012-03-14 12:04:40 +00:00
Dr. Stephen Henson	08e4c7a967	correct CHANGES	2012-02-23 22:13:59 +00:00
Dr. Stephen Henson	a8314df902	Fix bug in CVE-2011-4619: check we have really received a client hello before rejecting multiple SGC restarts.	2012-02-16 15:25:39 +00:00
Dr. Stephen Henson	0cd7a0325f	Additional compatibility fix for MDC2 signature format. Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature: this will make all versions of MDC2 signature equivalent.	2012-02-15 14:14:01 +00:00
Dr. Stephen Henson	16b7c81d55	An incompatibility has always existed between the format used for RSA signatures and MDC2 using EVP or RSA_sign. This has become more apparent when the dgst utility in OpenSSL 1.0.0 and later switched to using the EVP_DigestSign functions which call RSA_sign. This means that the signature format OpenSSL 1.0.0 and later used with dgst -sign and MDC2 is incompatible with previous versions. Add detection in RSA_verify so either format works. Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.	2012-02-15 14:00:09 +00:00
Dr. Stephen Henson	fc6800d19f	Modify client hello version when renegotiating to enhance interop with some servers.	2012-02-09 15:41:44 +00:00
Dr. Stephen Henson	2dc4b0dbe8	Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. Thanks to Antonio Martin, Enterprise Secure Access Research and Development, Cisco Systems, Inc. for discovering this bug and preparing a fix. (CVE-2012-0050)	2012-01-18 18:14:56 +00:00
Dr. Stephen Henson	25e3d2225a	fix CHANGES entry	2012-01-17 14:19:09 +00:00
Bodo Möller	767d3e0054	Update for 0.9.8s and 1.0.0f. (While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing in the 1.0.1 branch, the actual code is here already.)	2012-01-05 13:46:27 +00:00
Dr. Stephen Henson	801e5ef840	update CHANGES	2012-01-04 23:53:52 +00:00
Dr. Stephen Henson	0044739ae5	Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de> Reviewed by: steve Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and Kenny Paterson.	2012-01-04 23:52:05 +00:00
Dr. Stephen Henson	4e44bd3650	Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)	2012-01-04 23:13:29 +00:00
Dr. Stephen Henson	0cffb0cd3e	fix CHANGES	2012-01-04 23:11:43 +00:00
Dr. Stephen Henson	aaa3850ccd	Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)	2012-01-04 23:07:54 +00:00
Dr. Stephen Henson	a17b5d5a4f	Check GOST parameters are not NULL (CVE-2012-0027)	2012-01-04 23:03:20 +00:00
Dr. Stephen Henson	2f97765bc3	Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)	2012-01-04 23:01:19 +00:00
Dr. Stephen Henson	6e750fcb1e	update CHANGES	2011-12-31 23:07:28 +00:00
Dr. Stephen Henson	bd6941cfaa	PR: 2658 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Support for TLS/DTLS heartbeats.	2011-12-31 23:00:36 +00:00
Dr. Stephen Henson	62308f3f4a	PR: 2563 Submitted by: Paul Green <Paul.Green@stratus.com> Reviewed by: steve Improved PRNG seeding for VOS.	2011-12-19 17:02:35 +00:00
Andy Polyakov	cecafcce94	update CHANGES.	2011-12-19 14:49:05 +00:00

1 2 3 4 5 ...

1653 commits