Commit graph

8439 commits

Author SHA1 Message Date
Dr. Stephen Henson
215276243d corrected fix to PR#2711 and also cover mime_param_cmp 2012-03-12 15:25:53 +00:00
Dr. Stephen Henson
ddb7832852 correct FAQ 2012-03-12 15:01:44 +00:00
Dr. Stephen Henson
2fad41d155 prepare for release 2012-03-12 14:53:14 +00:00
Dr. Stephen Henson
b9c3d9168f update NEWS 2012-03-12 14:52:14 +00:00
Dr. Stephen Henson
4f2fc3c2dd Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
2012-03-12 14:51:45 +00:00
Dr. Stephen Henson
48819f4d54 fix error code 2012-03-12 14:50:55 +00:00
Dr. Stephen Henson
b0cbdd3eba manually patch missing part of PR#2756 2012-03-12 12:46:52 +00:00
Dr. Stephen Henson
5016107550 PR: 2756
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.
2012-03-09 15:51:56 +00:00
Dr. Stephen Henson
25d5d15fd5 check return value of BIO_write in PKCS7_decrypt 2012-03-08 14:01:44 +00:00
Dr. Stephen Henson
725713f74a PR: 2755
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions. [0.9.8 version of patch]
2012-03-07 15:14:16 +00:00
Dr. Stephen Henson
73eb0972cf return failure code if I/O error 2012-03-06 19:08:30 +00:00
Dr. Stephen Henson
6720779c7e revert PR#2755: it breaks compilation 2012-03-06 18:25:33 +00:00
Dr. Stephen Henson
b2a2c6af2a PR: 2755
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
2012-03-06 13:45:47 +00:00
Dr. Stephen Henson
272993bac4 PR: 2696 Submitted by: Rob Austein <sra@hactrn.net>
Fix inverted range problem in RFC3779 code.

Thanks to Andrew Chi for generating test cases for this bug.

[from HEAD]
2012-03-06 13:37:52 +00:00
Dr. Stephen Henson
58532ae047 oops, revert unrelated patches 2012-03-06 13:22:32 +00:00
Dr. Stephen Henson
4e7f6d380d PR: 2748
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.
2012-03-06 13:20:20 +00:00
Dr. Stephen Henson
f0be325f88 Fix memory leak cause by race condition when creating public keys.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-28 14:47:36 +00:00
Dr. Stephen Henson
b66af23aa9 free headers after use in error message 2012-02-27 16:26:32 +00:00
Dr. Stephen Henson
29d0c13e97 Detect symmetric crypto errors in PKCS7_decrypt.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-27 15:23:20 +00:00
Dr. Stephen Henson
8a4e81a269 PR: 2711
Submitted by: Tomas Mraz <tmraz@redhat.com>

Tolerate bad MIME headers in parser.
2012-02-23 21:50:13 +00:00
Dr. Stephen Henson
843fc7b681 Fix bug in CVE-2011-4619: check we have really received a client hello
before rejecting multiple SGC restarts.
2012-02-16 15:21:17 +00:00
Dr. Stephen Henson
6dcb6bf1c1 PR: 2703
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Fix some memory and resource leaks in CAPI ENGINE.
2012-02-11 23:12:34 +00:00
Dr. Stephen Henson
1061c3cb3c PR: 2705
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Only create ex_data indices once for CAPI engine.
2012-02-11 23:07:32 +00:00
Dr. Stephen Henson
0d0f15d8d1 fix Visual Studio 2010 warning [from HEAD] (original by appro) 2012-01-20 23:24:17 +00:00
Dr. Stephen Henson
a72ce94213 prepare for next version 2012-01-18 14:27:13 +00:00
Dr. Stephen Henson
f71d59c70e update FAQ 2012-01-18 13:15:37 +00:00
Dr. Stephen Henson
3309f8313c prepare for release 2012-01-18 13:14:49 +00:00
Dr. Stephen Henson
6cc5f194a7 update NEWS 2012-01-18 13:13:31 +00:00
Dr. Stephen Henson
096327a99a Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
2012-01-18 13:12:08 +00:00
Dr. Stephen Henson
cc10bcf25e fix CHANGES entry 2012-01-17 14:18:26 +00:00
Dr. Stephen Henson
875ac0ec00 fix warning 2012-01-10 14:37:00 +00:00
Bodo Möller
bf240f063a Fix usage indentation 2012-01-05 13:15:29 +00:00
Bodo Möller
dd016b0570 Fix for builds without DTLS support.
Submitted by: Brian Carlstrom
2012-01-05 10:21:49 +00:00
Dr. Stephen Henson
244788464a update for next version 2012-01-04 23:56:13 +00:00
Dr. Stephen Henson
a95808334e update FAQ 2012-01-04 19:23:07 +00:00
Dr. Stephen Henson
b3cebd5acf prepare for 0.9.8s release 2012-01-04 19:20:49 +00:00
Dr. Stephen Henson
7b775145e4 update NEWS 2012-01-04 19:16:11 +00:00
Dr. Stephen Henson
7183aa6b9d make update 2012-01-04 19:12:39 +00:00
Dr. Stephen Henson
eebefe35e7 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
Reviewed by: steve

Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
2012-01-04 19:10:16 +00:00
Dr. Stephen Henson
1db0bbdc76 Fix double free in policy check code (CVE-2011-4109) 2012-01-04 19:00:28 +00:00
Dr. Stephen Henson
e643112dd8 Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) 2012-01-04 18:54:17 +00:00
Dr. Stephen Henson
21c4b25959 Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) 2012-01-04 18:52:18 +00:00
Dr. Stephen Henson
41cf2c3aef stop warning 2012-01-04 18:45:18 +00:00
Dr. Stephen Henson
0e3a930fb4 Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) 2012-01-04 18:44:20 +00:00
Dr. Stephen Henson
0c214e0153 Submitted by: Adam Langley <agl@chromium.org>
Reviewed by: steve

Fix memory leaks.
2012-01-04 14:25:10 +00:00
Dr. Stephen Henson
6c61cfbe03 PR: 2326
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve

Fix incorrect comma expressions and goto f_err as alert has been set.
2011-12-26 19:38:28 +00:00
Andy Polyakov
2ee77d36a0 x86-mont.pl: fix bug in integer-only squaring path [from HEAD].
PR: 2648
2011-12-09 14:28:48 +00:00
Dr. Stephen Henson
24f441e0bb The default CN prompt message can be confusing when often the CN needs to
be the server FQDN: change it.
[Reported by PSW Group]
2011-12-06 00:01:09 +00:00
Bodo Möller
740da44f20 Resolve a stack set-up race condition (if the list of compression
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley
2011-12-02 12:50:44 +00:00
Bodo Möller
72033fde7b Fix ecdsatest.c.
Submitted by: Emilia Kasper
2011-12-02 12:40:25 +00:00