wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9561 commits 20 branches 302 tags 153 MiB
Commit graph

1551 commits

Author SHA1 Message Date
Dr. Stephen Henson
2fcf251d3d Fix escaping code for string printing. If *any* escaping is enabled we 
must escape the escape character itself (backslash).
 2011-01-03 01:27:00 +00:00
Dr. Stephen Henson
3bbbe757ea update for next release 2010-12-02 19:37:46 +00:00
Dr. Stephen Henson
76474e519f prepare for release 2010-12-02 18:29:04 +00:00
Dr. Stephen Henson
6d65d44b95 fix for CVE-2010-4180 2010-12-02 18:24:55 +00:00
Dr. Stephen Henson
fa29ebd7ed add CVE to J-PAKE issue 2010-11-29 18:21:43 +00:00
Ben Laurie
dde6d9520c Document change. 2010-11-24 15:07:56 +00:00
Dr. Stephen Henson
5e7c9519b8 update for next version 2010-11-16 16:33:35 +00:00
Dr. Stephen Henson
ef02492908 prepare for release 2010-11-16 13:35:09 +00:00
Dr. Stephen Henson
86d5f9ba4f fix CVE-2010-3864 2010-11-16 13:26:24 +00:00
Dr. Stephen Henson
9c2d0cd11c PR: 2314 
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve

Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
 2010-10-10 12:33:10 +00:00
Dr. Stephen Henson
8c9ab050e5 Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), 
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.

Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
 2010-10-03 18:57:01 +00:00
Bodo Möller
cbfccdb729 ECC library bugfixes. 
Submitted by: Emilia Kasper (Google)
 2010-08-26 12:10:44 +00:00
Bodo Möller
94111aa401 Harmonize with OpenSSL_0_9_8-stable version of CHANGES. 2010-08-26 11:19:45 +00:00
Dr. Stephen Henson
7585a86a76 Fix WIN32 build system to correctly link ENGINE DLLs contained in a 
directory: currently the GOST ENGINE is the only case.
 2010-07-24 17:57:07 +00:00
Dr. Stephen Henson
1dba06e7b0 update for next version 2010-06-16 13:34:33 +00:00
Dr. Stephen Henson
9c7baca820 prepare for release 2010-06-01 13:31:38 +00:00
Dr. Stephen Henson
618265e645 Fix CVE-2010-1633 and CVE-2010-0742. 2010-06-01 13:17:06 +00:00
Dr. Stephen Henson
acc9938ba5 Add SHA2 algorithms to SSL_library_init(). Although these aren't used 
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.
 2010-04-07 13:18:30 +00:00
Dr. Stephen Henson
6747de655e updates for next release 2010-03-30 00:55:00 +00:00
Dr. Stephen Henson
91bad2b09e Prepare for 1.0.0 release - finally ;-) 2010-03-29 13:11:54 +00:00
Bodo Möller
5b5464d525 Fix for "Record of death" vulnerability CVE-2010-0740. 
Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010).
 2010-03-25 11:22:42 +00:00
Dr. Stephen Henson
47333a34d5 Submitted by: Tomas Hoger <thoger@redhat.com> 
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
 2010-03-03 15:41:00 +00:00
Dr. Stephen Henson
2b23d89d14 oops, use correct date 2010-02-26 12:14:30 +00:00
Bodo Möller
32567c9f3b Fix X509_STORE locking 2010-02-19 18:26:23 +00:00
Dr. Stephen Henson
989238802a Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as 
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
 2010-02-17 18:38:10 +00:00
Dr. Stephen Henson
9051fc538f PR: 2100 
Submitted by: James Baker <jbaker@tableausoftware.com> et al.

Workaround for slow Heap32Next on some versions of Windows.
 2010-02-17 14:32:25 +00:00
Dr. Stephen Henson
81d87a2a28 update references to new RI RFC 2010-02-12 21:59:57 +00:00
Dr. Stephen Henson
1700426256 Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy 
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
 2010-02-07 13:41:23 +00:00
Dr. Stephen Henson
57cffe901f typo 2010-01-27 14:05:15 +00:00
Dr. Stephen Henson
d793c292cb add CHANGES entry 2010-01-26 19:48:10 +00:00
Dr. Stephen Henson
d8f07f1674 Typo 2010-01-26 12:29:48 +00:00
Dr. Stephen Henson
1699389a46 Tolerate PKCS#8 DSA format with negative private key. 2010-01-22 20:17:30 +00:00
Dr. Stephen Henson
41c0f68630 Fix version handling so it can cope with a major version >3. 
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
 2010-01-13 19:08:29 +00:00
Dr. Stephen Henson
2c627637c5 Modify compression code so it avoids using ex_data free functions. This 
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
 2010-01-13 18:46:01 +00:00
Dr. Stephen Henson
93fac08ec3 PR: 2136 
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
 2010-01-12 17:27:11 +00:00
Dr. Stephen Henson
eb17330837 Updates to conform with draft-ietf-tls-renegotiation-03.txt: 
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
 2010-01-06 17:37:38 +00:00
Dr. Stephen Henson
e642fd7a1c Compression handling on session resume was badly broken: it always 
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
 2010-01-01 00:44:36 +00:00
Bodo Möller
a0b7277724 Constify crypto/cast. 2009-12-22 10:58:01 +00:00
Dr. Stephen Henson
675564835c New option to enable/disable connection to unpatched servers 2009-12-16 20:28:30 +00:00
Dr. Stephen Henson
52a08e90d1 Add ctrls to clear options and mode. 
Change RI ctrl so it doesn't clash.
 2009-12-09 13:25:38 +00:00
Dr. Stephen Henson
6b5f0458fe Send no_renegotiation alert as required by spec. 2009-12-08 19:06:09 +00:00
Dr. Stephen Henson
b52a2738d4 Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:32 +00:00
Dr. Stephen Henson
10f99d7b77 Add support for magic cipher suite value (MCSV). Make secure renegotiation 
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
 2009-12-08 13:15:12 +00:00
Dr. Stephen Henson
7b1856e5a1 PR: 2111 
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c
 2009-12-02 15:28:05 +00:00
Bodo Möller
aefb9dc5e5 Make CHANGES in the OpenSSL_1_0_0-stable branch consistent with the 
one in the OpenSSL_0_9_8-stable branch.
 2009-11-26 18:37:11 +00:00
Dr. Stephen Henson
e42ff486a8 fix CHANGES 2009-11-09 18:46:59 +00:00
Dr. Stephen Henson
bc9058d041 First cut of renegotiation extension. (port to 1.0.0-stable) 2009-11-09 18:45:42 +00:00
Dr. Stephen Henson
961092281f Add option to allow in-band CRL loading in verify utility. Add function 
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.
 2009-10-31 13:34:19 +00:00
Dr. Stephen Henson
9ac5c355a2 Move CHANGES entry to 0.9.8l section 2009-10-30 13:29:08 +00:00
Dr. Stephen Henson
3d0b604c14 Fix statless session resumption so it can coexist with SNI 2009-10-30 13:22:44 +00:00