Dr. Stephen Henson
3978429ad5
Reported by: Solar Designer of Openwall
...
Make sure tkeylen is initialised properly when encrypting CMS messages.
2012-05-10 13:27:57 +00:00
Dr. Stephen Henson
e22e770147
prepare for next version
2012-04-23 21:15:22 +00:00
Dr. Stephen Henson
6dde222aae
prepare form 0.9.8w release
2012-04-23 20:45:29 +00:00
Dr. Stephen Henson
8d038a08fb
The fix for CVE-2012-2110 did not take into account that the
...
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
int in OpenSSL 0.9.8, making it still vulnerable. Fix by
rejecting negative len parameter.
Thanks to the many people who reported this bug and to Tomas Hoger
<thoger@redhat.com> for supplying the fix.
2012-04-23 20:35:55 +00:00
Dr. Stephen Henson
747c6ffda4
correct error code
2012-04-22 13:31:46 +00:00
Dr. Stephen Henson
eb7112c18e
prepare for next version
2012-04-19 17:03:28 +00:00
Dr. Stephen Henson
8ab27e6ef7
prepare for 0.9.8v release
2012-04-19 11:39:03 +00:00
Dr. Stephen Henson
556e27b14f
Check for potentially exploitable overflows in asn1_d2i_read_bio
...
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.
Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
2012-04-19 11:36:09 +00:00
Dr. Stephen Henson
e351e2a7cf
prepare for next version
2012-03-12 16:35:13 +00:00
Dr. Stephen Henson
215276243d
corrected fix to PR#2711 and also cover mime_param_cmp
2012-03-12 15:25:53 +00:00
Dr. Stephen Henson
2fad41d155
prepare for release
2012-03-12 14:53:14 +00:00
Dr. Stephen Henson
4f2fc3c2dd
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
...
continue with symmetric decryption process to avoid leaking timing
information to an attacker.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
2012-03-12 14:51:45 +00:00
Dr. Stephen Henson
25d5d15fd5
check return value of BIO_write in PKCS7_decrypt
2012-03-08 14:01:44 +00:00
Dr. Stephen Henson
725713f74a
PR: 2755
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reduce MTU after failed transmissions. [0.9.8 version of patch]
2012-03-07 15:14:16 +00:00
Dr. Stephen Henson
73eb0972cf
return failure code if I/O error
2012-03-06 19:08:30 +00:00
Dr. Stephen Henson
6720779c7e
revert PR#2755: it breaks compilation
2012-03-06 18:25:33 +00:00
Dr. Stephen Henson
b2a2c6af2a
PR: 2755
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reduce MTU after failed transmissions.
2012-03-06 13:45:47 +00:00
Dr. Stephen Henson
272993bac4
PR: 2696 Submitted by: Rob Austein <sra@hactrn.net>
...
Fix inverted range problem in RFC3779 code.
Thanks to Andrew Chi for generating test cases for this bug.
[from HEAD]
2012-03-06 13:37:52 +00:00
Dr. Stephen Henson
58532ae047
oops, revert unrelated patches
2012-03-06 13:22:32 +00:00
Dr. Stephen Henson
4e7f6d380d
PR: 2748
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix possible DTLS timer deadlock.
2012-03-06 13:20:20 +00:00
Dr. Stephen Henson
f0be325f88
Fix memory leak cause by race condition when creating public keys.
...
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-28 14:47:36 +00:00
Dr. Stephen Henson
b66af23aa9
free headers after use in error message
2012-02-27 16:26:32 +00:00
Dr. Stephen Henson
29d0c13e97
Detect symmetric crypto errors in PKCS7_decrypt.
...
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-27 15:23:20 +00:00
Dr. Stephen Henson
8a4e81a269
PR: 2711
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Tolerate bad MIME headers in parser.
2012-02-23 21:50:13 +00:00
Dr. Stephen Henson
a72ce94213
prepare for next version
2012-01-18 14:27:13 +00:00
Dr. Stephen Henson
3309f8313c
prepare for release
2012-01-18 13:14:49 +00:00
Dr. Stephen Henson
875ac0ec00
fix warning
2012-01-10 14:37:00 +00:00
Dr. Stephen Henson
244788464a
update for next version
2012-01-04 23:56:13 +00:00
Dr. Stephen Henson
b3cebd5acf
prepare for 0.9.8s release
2012-01-04 19:20:49 +00:00
Dr. Stephen Henson
1db0bbdc76
Fix double free in policy check code (CVE-2011-4109)
2012-01-04 19:00:28 +00:00
Dr. Stephen Henson
0e3a930fb4
Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)
2012-01-04 18:44:20 +00:00
Andy Polyakov
2ee77d36a0
x86-mont.pl: fix bug in integer-only squaring path [from HEAD].
...
PR: 2648
2011-12-09 14:28:48 +00:00
Bodo Möller
72033fde7b
Fix ecdsatest.c.
...
Submitted by: Emilia Kasper
2011-12-02 12:40:25 +00:00
Bodo Möller
9adf3fcf9a
Fix BIO_f_buffer().
...
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
2011-12-02 12:23:57 +00:00
Andy Polyakov
65f7456652
ppc.pl: fix bug in bn_mul_comba4 [from HEAD].
...
PR: 2636
Submitted by: Charles Bryant
2011-11-05 10:17:06 +00:00
Dr. Stephen Henson
f8731bc2fd
PR: 2632
...
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve
Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.
2011-10-26 16:42:48 +00:00
Bodo Möller
195d6bf760
BN_BLINDING multi-threading fix.
...
Submitted by: Emilia Kasper (Google)
2011-10-19 14:57:59 +00:00
Dr. Stephen Henson
6d50bce79f
PR: 2482
...
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.
2011-10-09 00:56:18 +00:00
Dr. Stephen Henson
85e776885b
PR: 2606
...
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de>
Reviewed by: steve
Handle timezones correctly in UTCTime.
2011-09-23 13:40:06 +00:00
Bodo Möller
1c7c69a8a5
Fix memory leak on bad inputs.
2011-09-05 09:56:48 +00:00
Bodo Möller
24ad061037
Move OPENSSL_init declaration out of auto-generated code section
...
(it is not auto-generated).
2011-09-05 09:52:58 +00:00
Dr. Stephen Henson
92f96fa721
PR: 2576
...
Submitted by: Doug Goldstein <cardoe@gentoo.org>
Reviewed by: steve
Include header file stdlib.h which is needed on some platforms to get
getenv() declaration.
2011-09-02 11:20:49 +00:00
Dr. Stephen Henson
0d1e362363
PR: 2340
...
Submitted by: "Mauro H. Leggieri" <mxmauro@caiman.com.ar>
Reviewed by: steve
Stop warnings if OPENSSL_NO_DGRAM is defined.
2011-09-01 15:03:10 +00:00
Dr. Stephen Henson
a0bf2c86ab
make timing attack protection unconditional
2011-09-01 14:23:41 +00:00
Dr. Stephen Henson
24d0524f31
PR: 2588
...
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve
Close file pointer.
2011-09-01 13:48:48 +00:00
Dr. Stephen Henson
46a1f2487e
PR: 2559
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS socket error bug
2011-07-20 15:20:19 +00:00
Dr. Stephen Henson
82a5049f6a
PR: 2556 (partial)
...
Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de>
Reviewed by: steve
Fix OID routines.
Check on encoding leading zero rejection should start at beginning of
encoding.
Allow for initial digit when testing when to use BIGNUMs which can increase
first value by 2 * 40.
2011-07-14 12:01:08 +00:00
Andy Polyakov
d027b75b73
perlasm/cbc.pl: fix tail processing bug [from HEAD].
...
PR: 2557
2011-07-13 06:25:15 +00:00
Dr. Stephen Henson
87d14a3625
PR: 2470
...
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Reviewed by: steve
Don't call ERR_remove_state from DllMain.
2011-06-22 15:39:19 +00:00
Dr. Stephen Henson
22152d6885
PR: 2540
...
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve
Prevent infinite loop in BN_GF2m_mod_inv().
2011-06-22 15:23:20 +00:00