wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10062 commits 20 branches 302 tags 153 MiB
Commit graph

1614 commits

Author SHA1 Message Date
Matt Caswell
118149887b Prepare for 1.0.0o-dev 
Reviewed-by: Stephen Henson <steve@openssl.org>
 2014-08-06 22:25:27 +01:00
Matt Caswell
bb505311c6 Prepare for 1.0.0n release 
Reviewed-by: Stephen Henson <steve@openssl.org>
 2014-08-06 22:24:50 +01:00
Matt Caswell
6e4929fcdb Updates to CHANGES and NEWS 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2014-08-06 21:34:00 +01:00
Bodo Moeller
c5526a16b1 Simplify and fix ec_GFp_simple_points_make_affine 
(which didn't always handle value 0 correctly).

Reviewed-by: emilia@openssl.org

Conflicts:
	CHANGES
	crypto/ec/ectest.c
 2014-08-01 17:58:26 +02:00
Dr. Stephen Henson
1f163fce81 Prepare for 1.0.0n-dev 2014-06-05 10:43:52 +01:00
Dr. Stephen Henson
4bee980bb5 Prepare for 1.0.0m release 2014-06-05 10:42:13 +01:00
Dr. Stephen Henson
b9c9cd3ded Update CHANGES and NEWS 2014-06-05 09:00:01 +01:00
mancha
33c162301a Fix version documentation. 
Specify -f is for compilation flags. Add -d to synopsis section.

(cherry picked from commit 006397ea62bbcae22c8664d53c2222b808c4bdd1)

Closes #80.
 2014-04-26 11:24:14 +01:00
mancha
3abcf477a9 Fix eckey_priv_encode() 
Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey.
 2014-04-24 19:33:01 +00:00
mancha
da8f10881e Fix double frees. 
Conflicts:
	CHANGES
 2014-04-22 22:52:26 +01:00
Dr. Stephen Henson
2198be3483 Fix for CVE-2014-0076 
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140

Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
 2014-03-12 14:16:19 +00:00
Dr. Stephen Henson
11d31c00ad Prepare for 1.0.0m-dev 2014-01-06 15:02:46 +00:00
Dr. Stephen Henson
7f94a3c3de Prepare for 1.0.0l release 2014-01-06 15:02:02 +00:00
Dr. Stephen Henson
2d64b51d20 Fix DTLS retransmission from previous session. 
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967f1)

Conflicts:

	ssl/ssl_locl.h
 2013-12-20 23:20:24 +00:00
Ben Laurie
b7aa71a3f9 Merge branch 'rob-100' into OpenSSL_1_0_0-stable 2013-10-04 14:43:43 +01:00
Rob Stradling
f1d0201952 Update CHANGES. 2013-10-04 14:25:36 +01:00
Bodo Moeller
f11bedf8ed Sync CHANGES and NEWS files. 2013-09-16 14:46:57 +02:00
Dr. Stephen Henson
76e7744bef prepare for next version 2013-02-06 02:27:23 +00:00
Dr. Stephen Henson
d9e048ceac prepare for release 2013-02-05 16:46:21 +00:00
Dr. Stephen Henson
8a5d624d5b Update CHANGES and NEWS 2013-02-05 16:46:19 +00:00
Dr. Stephen Henson
ebc71865f0 Don't try and verify signatures if key is NULL (CVE-2013-0166) 
Add additional check to catch this in ASN1_item_verify too.
 2013-02-05 16:46:15 +00:00
Ben Laurie
bb65e3f22b Backport OCSP Stapling fix. 2012-10-04 15:16:12 +00:00
Dr. Stephen Henson
bef20d4a68 PR: 2813 
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>

Fix possible deadlock when decoding public keys.
 2012-05-11 13:50:09 +00:00
Dr. Stephen Henson
dddddb2e6c prepare for next version 2012-05-10 16:01:57 +00:00
Dr. Stephen Henson
8fcb93613a prepare for 1.0.0j release 2012-05-10 14:48:54 +00:00
Dr. Stephen Henson
a969ca5cc8 Sanity check record length before skipping explicit IV in DTLS 
to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
 2012-05-10 14:44:20 +00:00
Dr. Stephen Henson
1e4406a854 Reported by: Solar Designer of Openwall 
Make sure tkeylen is initialised properly when encrypting CMS messages.
 2012-05-10 13:28:28 +00:00
Dr. Stephen Henson
0ed781740d prepare for next version 2012-04-19 17:02:49 +00:00
Dr. Stephen Henson
d0e542fdc9 prepare for 1.0.0i release 2012-04-19 11:47:20 +00:00
Dr. Stephen Henson
5bd4fcc5c2 Check for potentially exploitable overflows in asn1_d2i_read_bio 
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
 2012-04-19 11:44:51 +00:00
Dr. Stephen Henson
c2c6044933 prepare for next version 2012-03-12 16:35:49 +00:00
Dr. Stephen Henson
97183a312e prepare for release 2012-03-12 14:24:50 +00:00
Dr. Stephen Henson
6a0a48433b Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and 
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
 2012-03-12 14:22:59 +00:00
Dr. Stephen Henson
25128a11fb Fix bug in CVE-2011-4619: check we have really received a client hello 
before rejecting multiple SGC restarts.
 2012-02-16 15:21:46 +00:00
Dr. Stephen Henson
702175817f prepare for next version 2012-01-18 14:27:57 +00:00
Dr. Stephen Henson
703ec840dc prepare for release 2012-01-18 13:38:34 +00:00
Dr. Stephen Henson
b996cecc32 Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. 
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
 2012-01-18 13:36:04 +00:00
Dr. Stephen Henson
7e927da2a5 fix CHANGES entry 2012-01-17 14:19:51 +00:00
Bodo Möller
80b570142d Update for 0.9.8s. 2012-01-05 13:38:47 +00:00
Dr. Stephen Henson
08e8d58785 update for next version 2012-01-04 23:55:26 +00:00
Dr. Stephen Henson
c90c41f09d prepare for release 2012-01-04 17:01:33 +00:00
Dr. Stephen Henson
84c95826de Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de> 
Reviewed by: steve

Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
 2012-01-04 16:51:14 +00:00
Dr. Stephen Henson
528ef87850 Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) 2012-01-04 15:33:15 +00:00
Dr. Stephen Henson
9004c53107 Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) 2012-01-04 15:27:54 +00:00
Dr. Stephen Henson
00f473b3cc Check GOST parameters are not NULL (CVE-2012-0027) 2012-01-04 15:16:20 +00:00
Dr. Stephen Henson
356de7146e Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) 2012-01-04 15:07:54 +00:00
Dr. Stephen Henson
ef7545a3e6 PR: 2563 
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve

Improved PRNG seeding for VOS.
 2011-12-19 17:04:39 +00:00
Bodo Möller
44c854ddb9 Resolve a stack set-up race condition (if the list of compression 
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley
 2011-12-02 12:51:05 +00:00
Bodo Möller
47091035f1 Fix ecdsatest.c. 
Submitted by: Emilia Kasper
 2011-12-02 12:41:00 +00:00
Bodo Möller
f3d51d7740 Fix BIO_f_buffer(). 
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
 2011-12-02 12:24:29 +00:00