Commit graph

9877 commits

Author SHA1 Message Date
Dr. Stephen Henson
0ed781740d prepare for next version 2012-04-19 17:02:49 +00:00
Dr. Stephen Henson
d0e542fdc9 prepare for 1.0.0i release 2012-04-19 11:47:20 +00:00
Dr. Stephen Henson
457863efdf update NEWS 2012-04-19 11:45:37 +00:00
Dr. Stephen Henson
5bd4fcc5c2 Check for potentially exploitable overflows in asn1_d2i_read_bio
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
2012-04-19 11:44:51 +00:00
Andy Polyakov
3dd2eebfbc Makefile.org: clear yet another environment variable [from HEAD].
PR: 2793
2012-04-19 06:40:47 +00:00
Andy Polyakov
d079b387a3 OPENSSL_NO_SOCK fixes [from HEAD].
PR: 2791
Submitted by: Ben Noordhuis
2012-04-16 17:43:28 +00:00
Andy Polyakov
8eeaeb4b04 Minor compatibility fixes [from HEAD].
PR: 2790
Submitted by: Alexei Khlebnikov
2012-04-16 17:37:04 +00:00
Andy Polyakov
0041925844 s3_srvr.c: fix typo [from HEAD].
PR: 2538
2012-04-15 17:23:23 +00:00
Dr. Stephen Henson
14fa016b2b update rather ancient EVP digest documentation 2012-04-10 22:28:34 +00:00
Dr. Stephen Henson
7fdccda37d PR: 2778(part)
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Time is always encoded as 4 bytes, not sizeof(Time).
2012-03-31 18:02:35 +00:00
Andy Polyakov
cdc575c46b ans1/tasn_prn.c: avoid bool in variable names [from HEAD].
PR: 2776
2012-03-29 17:51:37 +00:00
Dr. Stephen Henson
2f0aaf76f3 Submitted by: Markus Friedl <mfriedl@gmail.com>
Fix memory leaks in 'goto err' cases.
2012-03-22 15:43:06 +00:00
Dr. Stephen Henson
6b7887b0ab Always use SSLv23_{client,server}_method in s_client.c and s_server.c,
the old code came from SSLeay days before TLS was even supported.
2012-03-18 18:14:46 +00:00
Richard Levitte
9ad1b440ae cipher should only be set to PSK if JPAKE is used. 2012-03-14 12:38:55 +00:00
Andy Polyakov
9275ad321f config: compensate for bug in Solaris cc drivers, which can remove /dev/null
[from HEAD,1.0.1]
2012-03-13 19:22:26 +00:00
Andy Polyakov
216a2a5fc6 x86_64-xlate.pl: remove old kludge.
PR: 2435,2440
2012-03-13 19:19:57 +00:00
Dr. Stephen Henson
c2c6044933 prepare for next version 2012-03-12 16:35:49 +00:00
Dr. Stephen Henson
dc95c53c6f corrected fix to PR#2711 and also cover mime_param_cmp 2012-03-12 15:26:48 +00:00
Dr. Stephen Henson
b24a53dd9a correct NEWS 2012-03-12 14:45:07 +00:00
Dr. Stephen Henson
ffbe7cd0c5 fix error code 2012-03-12 14:32:54 +00:00
Dr. Stephen Henson
97183a312e prepare for release 2012-03-12 14:24:50 +00:00
Dr. Stephen Henson
46ed8aff6d update NEWS 2012-03-12 14:23:35 +00:00
Dr. Stephen Henson
6a0a48433b Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
2012-03-12 14:22:59 +00:00
Dr. Stephen Henson
ad3d95222d PR: 2756
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.
2012-03-09 15:52:09 +00:00
Dr. Stephen Henson
18ea747ce4 check return value of BIO_write in PKCS7_decrypt 2012-03-08 14:02:00 +00:00
Dr. Stephen Henson
f4f512a853 PR: 2755
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
2012-03-06 13:46:52 +00:00
Dr. Stephen Henson
9c2bed0b65 PR: 2748
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.
2012-03-06 13:22:57 +00:00
Andy Polyakov
ad83334e73 Configure: make no-whirlpool work [from HEAD]. 2012-03-03 13:48:21 +00:00
Dr. Stephen Henson
2cf4bc9ecd PR: 2743
Reported by: Dmitry Belyavsky <beldmit@gmail.com>

Fix memory leak if invalid GOST MAC key given.
2012-02-29 14:12:37 +00:00
Dr. Stephen Henson
c8ac945d59 PR: 2742
Reported by: Dmitry Belyavsky <beldmit@gmail.com>

If resigning with detached content in CMS just copy data across.
2012-02-29 14:01:40 +00:00
Dr. Stephen Henson
92aa50bc03 Fix memory leak cause by race condition when creating public keys.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-28 14:47:25 +00:00
Dr. Stephen Henson
2f31308b17 PR: 2736
Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.
2012-02-27 18:45:06 +00:00
Dr. Stephen Henson
468d58e712 xn is never actually used, remove it 2012-02-27 17:07:46 +00:00
Dr. Stephen Henson
dd4b50ff6a PR: 2737
Submitted by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Fix double free in PKCS12_parse if we run out of memory.
2012-02-27 16:46:54 +00:00
Dr. Stephen Henson
030d5b8c97 PR: 2735
Make cryptodev digests work. Thanks to Nikos Mavrogiannopoulos for
this fix.
2012-02-27 16:33:16 +00:00
Dr. Stephen Henson
9b73be38ab free headers after use in error message 2012-02-27 16:27:00 +00:00
Dr. Stephen Henson
e5bf2f5d4c Detect symmetric crypto errors in PKCS7_decrypt.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-27 15:23:04 +00:00
Dr. Stephen Henson
a7096946fa PR: 2711
Submitted by: Tomas Mraz <tmraz@redhat.com>

Tolerate bad MIME headers in parser.
2012-02-23 21:50:23 +00:00
Dr. Stephen Henson
4a8362a68b PR: 2696
Submitted by: Rob Austein <sra@hactrn.net>

Fix inverted range problem in RFC3779 code.

Thanks to Andrew Chi for generating test cases for this bug.
2012-02-23 21:31:10 +00:00
Dr. Stephen Henson
25128a11fb Fix bug in CVE-2011-4619: check we have really received a client hello
before rejecting multiple SGC restarts.
2012-02-16 15:21:46 +00:00
Dr. Stephen Henson
3deb968fec PR: 2713
Submitted by: Tomas Mraz <tmraz@redhat.com>

Move libraries that are not needed for dynamic linking to Libs.private in
the .pc files
2012-02-12 18:47:02 +00:00
Dr. Stephen Henson
276eb93218 PR: 2717
Submitted by: Tim Rice <tim@multitalents.net>

Make compilation work on OpenServer 5.0.7
2012-02-12 18:25:11 +00:00
Dr. Stephen Henson
29c33e16ac PR: 2703
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Fix some memory and resource leaks in CAPI ENGINE.
2012-02-11 23:12:48 +00:00
Dr. Stephen Henson
bffb696f65 PR: 2705
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Only create ex_data indices once for CAPI engine.
2012-02-11 23:07:48 +00:00
Dr. Stephen Henson
fd2d78e70b PR: 2710
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check return codes for load_certs_crls.
2012-02-10 19:54:37 +00:00
Andy Polyakov
6b1fb9179e x86_64-xlate.pl: proper solution for RT#2620 [from HEAD]. 2012-01-21 11:35:29 +00:00
Dr. Stephen Henson
702175817f prepare for next version 2012-01-18 14:27:57 +00:00
Dr. Stephen Henson
703ec840dc prepare for release 2012-01-18 13:38:34 +00:00
Dr. Stephen Henson
04d706d42a update NEWS 2012-01-18 13:36:59 +00:00
Dr. Stephen Henson
b996cecc32 Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
2012-01-18 13:36:04 +00:00