openssl

Author	SHA1	Message	Date
Dr. Stephen Henson	b996cecc32	Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. Thanks to Antonio Martin, Enterprise Secure Access Research and Development, Cisco Systems, Inc. for discovering this bug and preparing a fix. (CVE-2012-0050)	2012-01-18 13:36:04 +00:00
Bodo Möller	02d1a6b3aa	Fix for builds without DTLS support. Submitted by: Brian Carlstrom	2012-01-05 10:22:23 +00:00
Dr. Stephen Henson	84c95826de	Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de> Reviewed by: steve Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and Kenny Paterson.	2012-01-04 16:51:14 +00:00
Dr. Stephen Henson	63819e6f00	add missing part for SGC restart fix (CVE-2011-4619)	2012-01-04 16:46:10 +00:00
Dr. Stephen Henson	8206dba75c	Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) [include source patch this time!]	2012-01-04 15:38:54 +00:00
Dr. Stephen Henson	9004c53107	Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)	2012-01-04 15:27:54 +00:00
Dr. Stephen Henson	22d89c501e	Submitted by: Adam Langley <agl@chromium.org> Reviewed by: steve Fix memory leaks.	2012-01-04 14:24:48 +00:00
Dr. Stephen Henson	c06916db9f	PR: 2326 Submitted by: Tianjie Mao <tjmao@tjmao.net> Reviewed by: steve Fix incorrect comma expressions and goto f_err as alert has been set.	2011-12-26 19:38:19 +00:00
Bodo Möller	44c854ddb9	Resolve a stack set-up race condition (if the list of compression methods isn't presorted, it will be sorted on first read). Submitted by: Adam Langley	2011-12-02 12:51:05 +00:00
Dr. Stephen Henson	68b5330040	PR: 2628 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Send alert instead of assertion failure for incorrectly formatted DTLS fragments.	2011-10-27 13:06:34 +00:00
Dr. Stephen Henson	da7ae62abd	PR: 2628 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix for ECC keys and DTLS.	2011-10-27 13:01:08 +00:00
Bodo Möller	48373e55d1	In ssl3_clear, preserve s3->init_extra along with s3->rbuf. Submitted by: Bob Buckholz <bbuckholz@google.com>	2011-10-13 13:05:12 +00:00
Dr. Stephen Henson	b00fe7ce18	fix signed/unsigned warning	2011-09-26 17:04:49 +00:00
Dr. Stephen Henson	8f0968850b	PR: 2602 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS bug which prevents manual MTU setting	2011-09-23 13:35:19 +00:00
Bodo Möller	e935440ad7	(EC)DH memory handling fixes. Submitted by: Adam Langley	2011-09-05 10:25:21 +00:00
Dr. Stephen Henson	d2650c3a4a	PR: 2573 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS buffering and decryption bug.	2011-09-01 14:02:02 +00:00
Dr. Stephen Henson	e1c3d65f08	Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA using OBJ xref utilities instead of string comparison with OID name. This removes the arbitrary restriction on using SHA1 only with some ECC ciphersuites.	2011-08-14 13:48:42 +00:00
Dr. Stephen Henson	b58ea0b941	PR: 2555 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS sequence number bug	2011-07-20 15:17:33 +00:00
Dr. Stephen Henson	16067fe5fd	PR: 2550 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS HelloVerifyRequest Timer bug	2011-07-20 15:13:16 +00:00
Dr. Stephen Henson	f59f2fcbff	PR: 2543 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Correctly handle errors in DTLSv1_handle_timeout()	2011-06-22 15:29:55 +00:00
Dr. Stephen Henson	025ee1dbde	fix memory leak	2011-06-08 15:56:20 +00:00
Dr. Stephen Henson	dce7b92d0b	PR: 2533 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes the program to crash. This is due to missing version checks and is fixed with this patch.	2011-05-25 15:21:12 +00:00
Dr. Stephen Henson	db886c2a2b	PR: 2529 Submitted by: Marcus Meissner <meissner@suse.de> Reviewed by: steve Call ssl_new() to reallocate SSL BIO internals if we want to replace the existing internal SSL structure.	2011-05-25 15:15:52 +00:00
Dr. Stephen Henson	4e5755cd85	Oops use up to date patch for PR#2506	2011-05-25 14:29:55 +00:00
Dr. Stephen Henson	16646b0018	PR: 2506 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fully implement SSL_clear for DTLS.	2011-05-25 12:28:31 +00:00
Dr. Stephen Henson	320881c25c	PR: 2505 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS session resumption timer bug.	2011-05-25 12:24:26 +00:00
Dr. Stephen Henson	38c42c6eea	set encodedPoint to NULL after freeing it	2011-05-19 16:18:25 +00:00
Dr. Stephen Henson	3622d3743e	PR: 2462 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS Retransmission Buffer Bug	2011-04-03 17:15:08 +00:00
Dr. Stephen Henson	fbbf28e7c2	PR: 2458 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Don't change state when answering DTLS ClientHello.	2011-04-03 16:26:14 +00:00
Dr. Stephen Henson	f5dac77c06	PR: 2457 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS fragment reassembly bug.	2011-04-03 15:49:03 +00:00
Richard Levitte	067d72a082	Corrections to the VMS build system. Submitted by Steven M. Schweda <sms@antinode.info>	2011-03-25 16:21:39 +00:00
Richard Levitte	f819147028	For VMS, implement the possibility to choose 64-bit pointers with different options: "64" The build system will choose /POINTER_SIZE=64=ARGV if the compiler supports it, otherwise /POINTER_SIZE=64. "64=" The build system will force /POINTER_SIZE=64. "64=ARGV" The build system will force /POINTER_SIZE=64=ARGV.	2011-03-25 09:40:18 +00:00
Richard Levitte	2d842a90f8	Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>	2011-03-19 09:44:53 +00:00
Bodo Möller	6545372c24	OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) Submitted by: Neel Mehta, Adam Langley, Bodo Moeller	2011-02-08 17:10:53 +00:00
Bodo Möller	d48df9a91b	Assorted bugfixes: - safestack macro changes for C++ were incomplete - RLE decompression boundary case - SSL 2.0 key arg length check Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)	2011-02-03 12:04:40 +00:00
Dr. Stephen Henson	fb5a0fb8f1	Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed alert.	2011-01-04 19:33:22 +00:00
Richard Levitte	c3c7a0d26e	First attempt at adding the possibility to set the pointer size for the builds on VMS. PR: 2393	2010-12-14 19:18:52 +00:00
Dr. Stephen Henson	420f572d49	make update	2010-12-02 18:26:12 +00:00
Dr. Stephen Henson	6d65d44b95	fix for CVE-2010-4180	2010-12-02 18:24:55 +00:00
Dr. Stephen Henson	1684846f54	PR: 2240 Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve Reviewed by: steve As required by RFC4492 an absent supported points format by a server is not an error: it should be treated as equivalent to an extension only containing uncompressed.	2010-11-25 12:28:28 +00:00
Ben Laurie	f9a772b743	J-PAKE was not correctly checking values, which could lead to attacks.	2010-11-24 13:48:12 +00:00
Dr. Stephen Henson	4385b556b4	Don't assume a decode error if session tlsext_ecpointformatlist is not NULL: it can be legitimately set elsewhere.	2010-11-16 22:41:07 +00:00
Dr. Stephen Henson	86d5f9ba4f	fix CVE-2010-3864	2010-11-16 13:26:24 +00:00
Dr. Stephen Henson	b3c17a4805	Get correct GOST private key instead of just assuming the last one is correct: this isn't always true if we have more than one certificate.	2010-11-14 13:50:29 +00:00
Dr. Stephen Henson	9c2d0cd11c	PR: 2314 Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net> Reviewed by: steve Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939	2010-10-10 12:33:10 +00:00
Ben Laurie	b54f50d277	Oops. Make depend on a standard configuration.	2010-09-05 13:47:44 +00:00
Ben Laurie	10ba241909	Make depend.	2010-09-05 13:07:40 +00:00
Dr. Stephen Henson	e97359435e	Fix warnings (From HEAD, original patch by Ben).	2010-06-15 17:25:15 +00:00
Dr. Stephen Henson	72240ab31a	PR: 2259 Submitted By: Artem Chuprina <ran@cryptocom.ru> Check return values of HMAC in tls_P_hash and tls1_generate_key_block. Although the previous version could in theory crash that would only happen if a digest call failed. The standard software methods can never fail and only one ENGINE currently uses digests and it is not compiled in by default.	2010-05-17 11:26:56 +00:00
Dr. Stephen Henson	8c1e7de6cb	PR: 2230 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fix bug in bitmask macros and stop warnings.	2010-05-03 13:01:50 +00:00

1 2 3 4 5 ...

1145 commits