wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9638 commits 20 branches 302 tags 153 MiB
Commit graph

1563 commits

Author SHA1 Message Date
Bodo Möller
48373e55d1 In ssl3_clear, preserve s3->init_extra along with s3->rbuf. 
Submitted by: Bob Buckholz <bbuckholz@google.com>
 2011-10-13 13:05:12 +00:00
Dr. Stephen Henson
ab06ff6bee prepare for next version 2011-09-06 13:44:52 +00:00
Dr. Stephen Henson
bba8456e65 update versions and dates for release 2011-09-06 13:01:44 +00:00
Dr. Stephen Henson
c2a8133d1c Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past 
produce an error (CVE-2011-3207)

Fix TLS ephemeral DH crash bug (CVE-2011-3210)
 2011-09-06 12:53:56 +00:00
Bodo Möller
e935440ad7 (EC)DH memory handling fixes. 
Submitted by: Adam Langley
 2011-09-05 10:25:21 +00:00
Bodo Möller
8eaf563c41 Fix memory leak on bad inputs. 2011-09-05 09:57:03 +00:00
Dr. Stephen Henson
e1c3d65f08 Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA 
using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
 2011-08-14 13:48:42 +00:00
Bodo Möller
167d692925 Complete the version history (include information on unreleased 
version 0.9.8s to show full information).
 2011-06-15 14:21:17 +00:00
Dr. Stephen Henson
e82d6a2019 Fix the ECDSA timing attack mentioned in the paper at: 
http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
 2011-05-25 14:43:05 +00:00
Bodo Möller
0bb2154ee9 Sync with 0.9.8 branch. 2011-02-08 19:06:57 +00:00
Bodo Möller
c9355e20c3 start 1.0.0e-dev 2011-02-08 17:58:45 +00:00
Bodo Möller
6545372c24 OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) 
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
 2011-02-08 17:10:53 +00:00
Dr. Stephen Henson
2fcf251d3d Fix escaping code for string printing. If *any* escaping is enabled we 
must escape the escape character itself (backslash).
 2011-01-03 01:27:00 +00:00
Dr. Stephen Henson
3bbbe757ea update for next release 2010-12-02 19:37:46 +00:00
Dr. Stephen Henson
76474e519f prepare for release 2010-12-02 18:29:04 +00:00
Dr. Stephen Henson
6d65d44b95 fix for CVE-2010-4180 2010-12-02 18:24:55 +00:00
Dr. Stephen Henson
fa29ebd7ed add CVE to J-PAKE issue 2010-11-29 18:21:43 +00:00
Ben Laurie
dde6d9520c Document change. 2010-11-24 15:07:56 +00:00
Dr. Stephen Henson
5e7c9519b8 update for next version 2010-11-16 16:33:35 +00:00
Dr. Stephen Henson
ef02492908 prepare for release 2010-11-16 13:35:09 +00:00
Dr. Stephen Henson
86d5f9ba4f fix CVE-2010-3864 2010-11-16 13:26:24 +00:00
Dr. Stephen Henson
9c2d0cd11c PR: 2314 
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve

Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
 2010-10-10 12:33:10 +00:00
Dr. Stephen Henson
8c9ab050e5 Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), 
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.

Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
 2010-10-03 18:57:01 +00:00
Bodo Möller
cbfccdb729 ECC library bugfixes. 
Submitted by: Emilia Kasper (Google)
 2010-08-26 12:10:44 +00:00
Bodo Möller
94111aa401 Harmonize with OpenSSL_0_9_8-stable version of CHANGES. 2010-08-26 11:19:45 +00:00
Dr. Stephen Henson
7585a86a76 Fix WIN32 build system to correctly link ENGINE DLLs contained in a 
directory: currently the GOST ENGINE is the only case.
 2010-07-24 17:57:07 +00:00
Dr. Stephen Henson
1dba06e7b0 update for next version 2010-06-16 13:34:33 +00:00
Dr. Stephen Henson
9c7baca820 prepare for release 2010-06-01 13:31:38 +00:00
Dr. Stephen Henson
618265e645 Fix CVE-2010-1633 and CVE-2010-0742. 2010-06-01 13:17:06 +00:00
Dr. Stephen Henson
acc9938ba5 Add SHA2 algorithms to SSL_library_init(). Although these aren't used 
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.
 2010-04-07 13:18:30 +00:00
Dr. Stephen Henson
6747de655e updates for next release 2010-03-30 00:55:00 +00:00
Dr. Stephen Henson
91bad2b09e Prepare for 1.0.0 release - finally ;-) 2010-03-29 13:11:54 +00:00
Bodo Möller
5b5464d525 Fix for "Record of death" vulnerability CVE-2010-0740. 
Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010).
 2010-03-25 11:22:42 +00:00
Dr. Stephen Henson
47333a34d5 Submitted by: Tomas Hoger <thoger@redhat.com> 
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
 2010-03-03 15:41:00 +00:00
Dr. Stephen Henson
2b23d89d14 oops, use correct date 2010-02-26 12:14:30 +00:00
Bodo Möller
32567c9f3b Fix X509_STORE locking 2010-02-19 18:26:23 +00:00
Dr. Stephen Henson
989238802a Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as 
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
 2010-02-17 18:38:10 +00:00
Dr. Stephen Henson
9051fc538f PR: 2100 
Submitted by: James Baker <jbaker@tableausoftware.com> et al.

Workaround for slow Heap32Next on some versions of Windows.
 2010-02-17 14:32:25 +00:00
Dr. Stephen Henson
81d87a2a28 update references to new RI RFC 2010-02-12 21:59:57 +00:00
Dr. Stephen Henson
1700426256 Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy 
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
 2010-02-07 13:41:23 +00:00
Dr. Stephen Henson
57cffe901f typo 2010-01-27 14:05:15 +00:00
Dr. Stephen Henson
d793c292cb add CHANGES entry 2010-01-26 19:48:10 +00:00
Dr. Stephen Henson
d8f07f1674 Typo 2010-01-26 12:29:48 +00:00
Dr. Stephen Henson
1699389a46 Tolerate PKCS#8 DSA format with negative private key. 2010-01-22 20:17:30 +00:00
Dr. Stephen Henson
41c0f68630 Fix version handling so it can cope with a major version >3. 
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
 2010-01-13 19:08:29 +00:00
Dr. Stephen Henson
2c627637c5 Modify compression code so it avoids using ex_data free functions. This 
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
 2010-01-13 18:46:01 +00:00
Dr. Stephen Henson
93fac08ec3 PR: 2136 
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
 2010-01-12 17:27:11 +00:00
Dr. Stephen Henson
eb17330837 Updates to conform with draft-ietf-tls-renegotiation-03.txt: 
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
 2010-01-06 17:37:38 +00:00
Dr. Stephen Henson
e642fd7a1c Compression handling on session resume was badly broken: it always 
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
 2010-01-01 00:44:36 +00:00
Bodo Möller
a0b7277724 Constify crypto/cast. 2009-12-22 10:58:01 +00:00