Commit graph

9897 commits

Author SHA1 Message Date
Dr. Stephen Henson
92aa50bc03 Fix memory leak cause by race condition when creating public keys.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-28 14:47:25 +00:00
Dr. Stephen Henson
2f31308b17 PR: 2736
Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.
2012-02-27 18:45:06 +00:00
Dr. Stephen Henson
468d58e712 xn is never actually used, remove it 2012-02-27 17:07:46 +00:00
Dr. Stephen Henson
dd4b50ff6a PR: 2737
Submitted by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Fix double free in PKCS12_parse if we run out of memory.
2012-02-27 16:46:54 +00:00
Dr. Stephen Henson
030d5b8c97 PR: 2735
Make cryptodev digests work. Thanks to Nikos Mavrogiannopoulos for
this fix.
2012-02-27 16:33:16 +00:00
Dr. Stephen Henson
9b73be38ab free headers after use in error message 2012-02-27 16:27:00 +00:00
Dr. Stephen Henson
e5bf2f5d4c Detect symmetric crypto errors in PKCS7_decrypt.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-27 15:23:04 +00:00
Dr. Stephen Henson
a7096946fa PR: 2711
Submitted by: Tomas Mraz <tmraz@redhat.com>

Tolerate bad MIME headers in parser.
2012-02-23 21:50:23 +00:00
Dr. Stephen Henson
4a8362a68b PR: 2696
Submitted by: Rob Austein <sra@hactrn.net>

Fix inverted range problem in RFC3779 code.

Thanks to Andrew Chi for generating test cases for this bug.
2012-02-23 21:31:10 +00:00
Dr. Stephen Henson
25128a11fb Fix bug in CVE-2011-4619: check we have really received a client hello
before rejecting multiple SGC restarts.
2012-02-16 15:21:46 +00:00
Dr. Stephen Henson
3deb968fec PR: 2713
Submitted by: Tomas Mraz <tmraz@redhat.com>

Move libraries that are not needed for dynamic linking to Libs.private in
the .pc files
2012-02-12 18:47:02 +00:00
Dr. Stephen Henson
276eb93218 PR: 2717
Submitted by: Tim Rice <tim@multitalents.net>

Make compilation work on OpenServer 5.0.7
2012-02-12 18:25:11 +00:00
Dr. Stephen Henson
29c33e16ac PR: 2703
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Fix some memory and resource leaks in CAPI ENGINE.
2012-02-11 23:12:48 +00:00
Dr. Stephen Henson
bffb696f65 PR: 2705
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Only create ex_data indices once for CAPI engine.
2012-02-11 23:07:48 +00:00
Dr. Stephen Henson
fd2d78e70b PR: 2710
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check return codes for load_certs_crls.
2012-02-10 19:54:37 +00:00
Andy Polyakov
6b1fb9179e x86_64-xlate.pl: proper solution for RT#2620 [from HEAD]. 2012-01-21 11:35:29 +00:00
Dr. Stephen Henson
702175817f prepare for next version 2012-01-18 14:27:57 +00:00
Dr. Stephen Henson
703ec840dc prepare for release 2012-01-18 13:38:34 +00:00
Dr. Stephen Henson
04d706d42a update NEWS 2012-01-18 13:36:59 +00:00
Dr. Stephen Henson
b996cecc32 Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
2012-01-18 13:36:04 +00:00
Dr. Stephen Henson
7e927da2a5 fix CHANGES entry 2012-01-17 14:19:51 +00:00
Andy Polyakov
7aa6d2fcf9 Fix OPNESSL vs. OPENSSL typos [from HEAD].
PR: 2613
Submitted by: Leena Heino
2012-01-15 13:40:40 +00:00
Andy Polyakov
27b1f137ff Sanitize usage of <ctype.h> functions. It's important that characters
are passed zero-extended, not sign-extended [from HEAD].
PR: 2682
2012-01-12 16:37:20 +00:00
Andy Polyakov
f63c927e8e asn1/t_x509.c: fix serial number print, harmonize with a_int.c [from HEAD].
PR: 2675
Submitted by: Annie Yousar
2012-01-12 16:36:30 +00:00
Andy Polyakov
d572544a2c ecdsa.pod: typo.
PR: 2678
Submitted by: Annie Yousar
2012-01-11 21:42:20 +00:00
Andy Polyakov
9100840258 aes-sparcv9.pl: clean up regexp [from HEAD].
PR: 2685
2012-01-11 15:32:57 +00:00
Dr. Stephen Henson
0f32c83c91 fix warning 2012-01-10 14:37:09 +00:00
Bodo Möller
80b570142d Update for 0.9.8s. 2012-01-05 13:38:47 +00:00
Bodo Möller
a99b6fcb7c Fix usage indentation 2012-01-05 13:15:50 +00:00
Bodo Möller
02d1a6b3aa Fix for builds without DTLS support.
Submitted by: Brian Carlstrom
2012-01-05 10:22:23 +00:00
Dr. Stephen Henson
08e8d58785 update for next version 2012-01-04 23:55:26 +00:00
Dr. Stephen Henson
c90c41f09d prepare for release 2012-01-04 17:01:33 +00:00
Dr. Stephen Henson
c47b636a2c update NEWS 2012-01-04 16:57:14 +00:00
Dr. Stephen Henson
7200b39ecd make update 2012-01-04 16:52:53 +00:00
Dr. Stephen Henson
84c95826de Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
Reviewed by: steve

Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
2012-01-04 16:51:14 +00:00
Dr. Stephen Henson
63819e6f00 add missing part for SGC restart fix (CVE-2011-4619) 2012-01-04 16:46:10 +00:00
Dr. Stephen Henson
8206dba75c Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) [include source patch this time!] 2012-01-04 15:38:54 +00:00
Dr. Stephen Henson
528ef87850 Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) 2012-01-04 15:33:15 +00:00
Dr. Stephen Henson
9004c53107 Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) 2012-01-04 15:27:54 +00:00
Dr. Stephen Henson
f47f99f295 stop warning 2012-01-04 15:26:29 +00:00
Dr. Stephen Henson
00f473b3cc Check GOST parameters are not NULL (CVE-2012-0027) 2012-01-04 15:16:20 +00:00
Dr. Stephen Henson
356de7146e Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) 2012-01-04 15:07:54 +00:00
Dr. Stephen Henson
9eab925395 fix warnings 2012-01-04 14:45:09 +00:00
Dr. Stephen Henson
22d89c501e Submitted by: Adam Langley <agl@chromium.org>
Reviewed by: steve

Fix memory leaks.
2012-01-04 14:24:48 +00:00
Dr. Stephen Henson
c06916db9f PR: 2326
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve

Fix incorrect comma expressions and goto f_err as alert has been set.
2011-12-26 19:38:19 +00:00
Dr. Stephen Henson
ef7545a3e6 PR: 2563
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve

Improved PRNG seeding for VOS.
2011-12-19 17:04:39 +00:00
Andy Polyakov
fecb4ff331 x86-mont.pl: fix bug in integer-only squaring path.
PR: 2648
2011-12-09 14:26:56 +00:00
Dr. Stephen Henson
2a4adf19c8 The default CN prompt message can be confusing when often the CN needs to
be the server FQDN: change it.
[Reported by PSW Group]
2011-12-06 00:01:00 +00:00
Bodo Möller
44c854ddb9 Resolve a stack set-up race condition (if the list of compression
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley
2011-12-02 12:51:05 +00:00
Bodo Möller
47091035f1 Fix ecdsatest.c.
Submitted by: Emilia Kasper
2011-12-02 12:41:00 +00:00