Commit graph

8565 commits

Author SHA1 Message Date
Dr. Stephen Henson
4baee3031c PR: 2813
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>

Fix possible deadlock when decoding public keys.
2012-05-11 13:49:15 +00:00
Dr. Stephen Henson
db7a72b224 prepare for next version 2012-05-10 16:01:11 +00:00
Dr. Stephen Henson
b71e69ad8e update FAQ 2012-05-10 14:38:52 +00:00
Dr. Stephen Henson
f856173c43 prepare for 0.9.8x release 2012-05-10 14:36:07 +00:00
Dr. Stephen Henson
d742f9ebbd update NEWS 2012-05-10 14:35:13 +00:00
Dr. Stephen Henson
36dd4cba3d Sanity check record length before skipping explicit IV in DTLS
to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
2012-05-10 14:33:11 +00:00
Dr. Stephen Henson
3978429ad5 Reported by: Solar Designer of Openwall
Make sure tkeylen is initialised properly when encrypting CMS messages.
2012-05-10 13:27:57 +00:00
Richard Levitte
885945d6e1 Correct environment variable is OPENSSL_ALLOW_PROXY_CERTS. 2012-05-04 10:43:17 +00:00
Dr. Stephen Henson
e22e770147 prepare for next version 2012-04-23 21:15:22 +00:00
Dr. Stephen Henson
e0c0203341 update STATUS 2012-04-23 21:03:04 +00:00
Dr. Stephen Henson
e1eec61e26 correct STATUS 2012-04-23 20:51:18 +00:00
Dr. Stephen Henson
296fa128c9 correct NEWS 2012-04-23 20:49:21 +00:00
Dr. Stephen Henson
6dde222aae prepare form 0.9.8w release 2012-04-23 20:45:29 +00:00
Dr. Stephen Henson
391ac37018 update NEWS 2012-04-23 20:43:35 +00:00
Dr. Stephen Henson
8d038a08fb The fix for CVE-2012-2110 did not take into account that the
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
int in OpenSSL 0.9.8, making it still vulnerable. Fix by
rejecting negative len parameter.

Thanks to the many people who reported this bug and to Tomas Hoger
<thoger@redhat.com> for supplying the fix.
2012-04-23 20:35:55 +00:00
Dr. Stephen Henson
747c6ffda4 correct error code 2012-04-22 13:31:46 +00:00
Dr. Stephen Henson
d4cddc54f0 correct old FAQ answers, sync with HEAD 2012-04-22 13:22:38 +00:00
Dr. Stephen Henson
eb7112c18e prepare for next version 2012-04-19 17:03:28 +00:00
Dr. Stephen Henson
fef9e07930 update FAQ 2012-04-19 12:05:18 +00:00
Dr. Stephen Henson
8ab27e6ef7 prepare for 0.9.8v release 2012-04-19 11:39:03 +00:00
Dr. Stephen Henson
6415055590 update NEWS 2012-04-19 11:37:17 +00:00
Dr. Stephen Henson
556e27b14f Check for potentially exploitable overflows in asn1_d2i_read_bio
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
2012-04-19 11:36:09 +00:00
Dr. Stephen Henson
af0c009d70 use /fixed argument when linking FIPS targets to disable address space layout randomization 2012-04-15 16:48:34 +00:00
Dr. Stephen Henson
0b1cf4a139 PR: 2778(part)
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Time is always encoded as 4 bytes, not sizeof(Time).
2012-03-31 18:02:23 +00:00
Dr. Stephen Henson
a9101cdcaa Always use SSLv23_{client,server}_method in s_client.c and s_server.c,
the old code came from SSLeay days before TLS was even supported.
2012-03-18 18:18:30 +00:00
Dr. Stephen Henson
e351e2a7cf prepare for next version 2012-03-12 16:35:13 +00:00
Dr. Stephen Henson
215276243d corrected fix to PR#2711 and also cover mime_param_cmp 2012-03-12 15:25:53 +00:00
Dr. Stephen Henson
ddb7832852 correct FAQ 2012-03-12 15:01:44 +00:00
Dr. Stephen Henson
2fad41d155 prepare for release 2012-03-12 14:53:14 +00:00
Dr. Stephen Henson
b9c3d9168f update NEWS 2012-03-12 14:52:14 +00:00
Dr. Stephen Henson
4f2fc3c2dd Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
2012-03-12 14:51:45 +00:00
Dr. Stephen Henson
48819f4d54 fix error code 2012-03-12 14:50:55 +00:00
Dr. Stephen Henson
b0cbdd3eba manually patch missing part of PR#2756 2012-03-12 12:46:52 +00:00
Dr. Stephen Henson
5016107550 PR: 2756
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.
2012-03-09 15:51:56 +00:00
Dr. Stephen Henson
25d5d15fd5 check return value of BIO_write in PKCS7_decrypt 2012-03-08 14:01:44 +00:00
Dr. Stephen Henson
725713f74a PR: 2755
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions. [0.9.8 version of patch]
2012-03-07 15:14:16 +00:00
Dr. Stephen Henson
73eb0972cf return failure code if I/O error 2012-03-06 19:08:30 +00:00
Dr. Stephen Henson
6720779c7e revert PR#2755: it breaks compilation 2012-03-06 18:25:33 +00:00
Dr. Stephen Henson
b2a2c6af2a PR: 2755
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
2012-03-06 13:45:47 +00:00
Dr. Stephen Henson
272993bac4 PR: 2696 Submitted by: Rob Austein <sra@hactrn.net>
Fix inverted range problem in RFC3779 code.

Thanks to Andrew Chi for generating test cases for this bug.

[from HEAD]
2012-03-06 13:37:52 +00:00
Dr. Stephen Henson
58532ae047 oops, revert unrelated patches 2012-03-06 13:22:32 +00:00
Dr. Stephen Henson
4e7f6d380d PR: 2748
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.
2012-03-06 13:20:20 +00:00
Dr. Stephen Henson
f0be325f88 Fix memory leak cause by race condition when creating public keys.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-28 14:47:36 +00:00
Dr. Stephen Henson
b66af23aa9 free headers after use in error message 2012-02-27 16:26:32 +00:00
Dr. Stephen Henson
29d0c13e97 Detect symmetric crypto errors in PKCS7_decrypt.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-27 15:23:20 +00:00
Dr. Stephen Henson
8a4e81a269 PR: 2711
Submitted by: Tomas Mraz <tmraz@redhat.com>

Tolerate bad MIME headers in parser.
2012-02-23 21:50:13 +00:00
Dr. Stephen Henson
843fc7b681 Fix bug in CVE-2011-4619: check we have really received a client hello
before rejecting multiple SGC restarts.
2012-02-16 15:21:17 +00:00
Dr. Stephen Henson
6dcb6bf1c1 PR: 2703
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Fix some memory and resource leaks in CAPI ENGINE.
2012-02-11 23:12:34 +00:00
Dr. Stephen Henson
1061c3cb3c PR: 2705
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Only create ex_data indices once for CAPI engine.
2012-02-11 23:07:32 +00:00
Dr. Stephen Henson
0d0f15d8d1 fix Visual Studio 2010 warning [from HEAD] (original by appro) 2012-01-20 23:24:17 +00:00