Bodo Möller
1c7c69a8a5
Fix memory leak on bad inputs.
2011-09-05 09:56:48 +00:00
Bodo Möller
24ad061037
Move OPENSSL_init declaration out of auto-generated code section
...
(it is not auto-generated).
2011-09-05 09:52:58 +00:00
Dr. Stephen Henson
92f96fa721
PR: 2576
...
Submitted by: Doug Goldstein <cardoe@gentoo.org>
Reviewed by: steve
Include header file stdlib.h which is needed on some platforms to get
getenv() declaration.
2011-09-02 11:20:49 +00:00
Dr. Stephen Henson
0d1e362363
PR: 2340
...
Submitted by: "Mauro H. Leggieri" <mxmauro@caiman.com.ar>
Reviewed by: steve
Stop warnings if OPENSSL_NO_DGRAM is defined.
2011-09-01 15:03:10 +00:00
Dr. Stephen Henson
a0bf2c86ab
make timing attack protection unconditional
2011-09-01 14:23:41 +00:00
Dr. Stephen Henson
6a662a45f3
PR: 2573
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS buffering and decryption bug.
2011-09-01 14:01:36 +00:00
Dr. Stephen Henson
24d0524f31
PR: 2588
...
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve
Close file pointer.
2011-09-01 13:48:48 +00:00
Dr. Stephen Henson
c081817c95
PR: 2586
...
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve
Fix brace mismatch.
2011-09-01 13:37:11 +00:00
Dr. Stephen Henson
46a1f2487e
PR: 2559
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS socket error bug
2011-07-20 15:20:19 +00:00
Dr. Stephen Henson
ac02a4b68a
PR: 2555
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS sequence number bug
2011-07-20 15:17:20 +00:00
Dr. Stephen Henson
4ba063d3c5
PR: 2550
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS HelloVerifyRequest Timer bug
2011-07-20 15:12:58 +00:00
Andy Polyakov
e0e0818e4b
config: detect if assembler supports --noexecstack and pass it down [from HEAD].
2011-07-15 19:59:31 +00:00
Dr. Stephen Henson
82a5049f6a
PR: 2556 (partial)
...
Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de>
Reviewed by: steve
Fix OID routines.
Check on encoding leading zero rejection should start at beginning of
encoding.
Allow for initial digit when testing when to use BIGNUMs which can increase
first value by 2 * 40.
2011-07-14 12:01:08 +00:00
Andy Polyakov
d027b75b73
perlasm/cbc.pl: fix tail processing bug [from HEAD].
...
PR: 2557
2011-07-13 06:25:15 +00:00
Dr. Stephen Henson
87421d3fc5
PR: 2471
...
Submitted by: Corinna Vinschen
util/cygwin.sh: maintainer's update [from HEAD].
2011-06-22 15:46:37 +00:00
Dr. Stephen Henson
87d14a3625
PR: 2470
...
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Reviewed by: steve
Don't call ERR_remove_state from DllMain.
2011-06-22 15:39:19 +00:00
Dr. Stephen Henson
cc0931e36b
PR: 2543
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Correctly handle errors in DTLSv1_handle_timeout()
2011-06-22 15:29:36 +00:00
Dr. Stephen Henson
22152d6885
PR: 2540
...
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve
Prevent infinite loop in BN_GF2m_mod_inv().
2011-06-22 15:23:20 +00:00
Dr. Stephen Henson
102bcbce8d
correctly encode OIDs near 2^32
2011-06-22 15:15:20 +00:00
Andy Polyakov
8655de423d
rc4_skey.c [0.9.8]: at some point rc4_skey and x86[_64]cpuid were modified
...
to examine bit#20 on x86[_64], but it was erroneously reverted to bit#28
in 2008 in process of FIPS integration.
2011-06-06 19:58:21 +00:00
Dr. Stephen Henson
c4b2eb24b3
PR: 2529
...
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve
Call ssl_new() to reallocate SSL BIO internals if we want to replace
the existing internal SSL structure.
2011-05-25 15:15:43 +00:00
Dr. Stephen Henson
03e3fbb702
PR: 2527
...
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve
Set cnf to NULL to avoid possible double free.
2011-05-25 15:06:32 +00:00
Dr. Stephen Henson
bc7ee385f5
Fix the ECDSA timing attack mentioned in the paper at:
...
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:52:54 +00:00
Dr. Stephen Henson
1e368ab08f
Fix the ECDSA timing attack mentioned in the paper at:
...
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:43:47 +00:00
Dr. Stephen Henson
2c77c5c8db
Oops use up to date patch for PR#2506
2011-05-25 14:29:39 +00:00
Dr. Stephen Henson
1eb38c563f
PR: 2506
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fully implement SSL_clear for DTLS.
2011-05-25 12:28:42 +00:00
Dr. Stephen Henson
fa657871ed
PR: 2505
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS session resumption timer bug.
2011-05-25 12:24:03 +00:00
Dr. Stephen Henson
09dac71a45
update date
2011-05-19 17:57:08 +00:00
Dr. Stephen Henson
be70b3adce
set encodedPoint to NULL after freeing it
2011-05-19 16:18:39 +00:00
Dr. Stephen Henson
6d12b1f82b
check buffer is larger enough before overwriting
2011-04-06 18:07:12 +00:00
Dr. Stephen Henson
7116a41129
PR: 2462
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS Retransmission Buffer Bug
2011-04-03 17:15:23 +00:00
Dr. Stephen Henson
7143acab25
PR: 2458
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Don't change state when answering DTLS ClientHello.
2011-04-03 16:26:33 +00:00
Dr. Stephen Henson
11d4086d8e
PR: 2457
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS fragment reassembly bug.
2011-04-03 15:49:26 +00:00
Dr. Stephen Henson
32cd1da62e
PR: 2469
...
Submitted by: Jim Studt <jim@studt.net>
Reviewed by: steve
Check mac is present before trying to retrieve mac iteration count.
2011-03-13 18:23:24 +00:00
Bodo Möller
d430f56de6
start 0.9.8s-dev
2011-02-08 17:58:34 +00:00
Bodo Möller
957ebe98fb
OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)
...
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
2011-02-08 17:10:47 +00:00
Bodo Möller
9d09fc8485
Assorted bugfixes:
...
- RLE decompression boundary case
- SSL 2.0 key arg length check
Submitted by: Google (Neel Mehta, Bodo Moeller)
2011-02-03 12:04:48 +00:00
Bodo Möller
8ea4531718
Update 0.9.7-branch section with information from 1.0.0-branch NEWS file
2011-02-03 11:44:00 +00:00
Bodo Möller
881611678e
"make update"
2011-02-03 10:28:14 +00:00
Dr. Stephen Henson
a3dc628d86
PR: 2433
...
Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve
Constify ASN1_STRING_set_default_mask_asc().
2011-01-24 16:21:00 +00:00
Dr. Stephen Henson
3c159fc1a5
check EC public key isn't point at infinity
2011-01-24 15:08:12 +00:00
Dr. Stephen Henson
6056afd223
PR: 1612
...
Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve
Fix EC_POINT_cmp function for case where b but not a is the point at infinity.
2011-01-24 14:42:11 +00:00
Richard Levitte
54db796991
PR: 2434
...
Under Windows, there seems to be a problem relinking fips_premain_dso
because that file is locked. Changing from backtick op to using
system() with redirection and reading the hash from the output file
seems to fix the problem.
In an ideal world, there should be no difference, as a command in a
backtick op should terminate before the backtick returns, same as it
does with system(). We suspect, though, that the loaded binary is
cached by Windows for a little while, and that reading the output from
a file provides enough delay for the lock to drop before we try to
relink.
2011-01-20 22:12:50 +00:00
Dr. Stephen Henson
119e912a83
Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed
...
alert.
2011-01-04 19:33:01 +00:00
Dr. Stephen Henson
f4a4a0fdc7
PR: 2411
...
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Fix corner cases in RFC3779 code.
2011-01-03 01:40:22 +00:00
Dr. Stephen Henson
9ad765173f
Fix escaping code for string printing. If *any* escaping is enabled we
...
must escape the escape character itself (backslash).
2011-01-03 01:26:33 +00:00
Dr. Stephen Henson
c8e3c1a9b5
PR: 2410
...
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Use OPENSSL_assert() instead of assert().
2011-01-03 01:20:03 +00:00
Dr. Stephen Henson
ae378b769a
use fips-dev not dev-fips
2011-01-03 00:43:47 +00:00
Dr. Stephen Henson
4de4e35459
PR: 2416
...
Submitted by: Mark Phalan <mark.phalan@oracle.com>
Reviewed by: steve
Use L suffix in version number.
2011-01-03 00:25:47 +00:00
Bodo Möller
5537a83e56
Add missing explicit instruction size.
...
[CVS head and later branches have this since revision 1.7 of this file.]
Submitted by: Chandler Carruth (Google)
2010-12-13 20:47:26 +00:00