Dr. Stephen Henson
c42ab44087
fix leak
2012-12-03 16:33:54 +00:00
Dr. Stephen Henson
42e10c3fd6
PR: 2803
...
Submitted by: jean-etienne.schwartz@bull.net
In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
2012-11-29 19:16:01 +00:00
Dr. Stephen Henson
c571a3e984
PR: 2908
...
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>
Fix DH double free if parameter generation fails.
2012-11-21 14:01:38 +00:00
Dr. Stephen Henson
e55988bb60
correct docs
2012-11-19 20:07:23 +00:00
Dr. Stephen Henson
34b5ba3b60
PR: 2880
...
Submitted by: "Florian Rüchel" <florian.ruechel@ruhr-uni-bochum.de>
Correctly handle local machine keys in the capi ENGINE.
2012-11-18 15:20:40 +00:00
Andy Polyakov
629ac4b4ca
aix[64]-cc: get MT support right [from HEAD].
...
PR: 2896
2012-10-16 08:22:55 +00:00
Bodo Möller
75f0bc4f44
Fix EC_KEY initialization race.
...
Submitted by: Adam Langley
2012-10-05 20:51:47 +00:00
Dr. Stephen Henson
71a2440ee5
backport OCSP fix enhancement
2012-10-05 13:02:31 +00:00
Ben Laurie
04e40739f7
Update CHANGES for OCSP fix.
2012-10-05 13:00:17 +00:00
Ben Laurie
48bcdad0d5
Backport OCSP fix.
2012-10-05 12:50:24 +00:00
Bodo Möller
f7d2402cab
Fix Valgrind warning.
...
Submitted by: Adam Langley
2012-09-24 19:50:07 +00:00
Richard Levitte
808f55351a
* Configure: make the debug-levitte-linux{elf,noasm} less extreme.
2012-09-24 18:49:09 +00:00
Richard Levitte
c06271bc35
* ssl/t1_enc.c (tls1_change_cipher_state): Stupid bug. Fortunately in
...
debugging code that's seldom used.
2012-09-21 13:08:32 +00:00
Dr. Stephen Henson
92e5882aca
fix memory leak
2012-09-11 13:45:42 +00:00
Richard Levitte
afa0580cd5
Remove duplicate symbol in crypto/symhacks.h
...
Have the new names start in column 48, that makes it easy to see when
the 31 character limit is reached (on a 80 column display, do the math)
2012-07-05 09:06:20 +00:00
Dr. Stephen Henson
4baee3031c
PR: 2813
...
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>
Fix possible deadlock when decoding public keys.
2012-05-11 13:49:15 +00:00
Dr. Stephen Henson
db7a72b224
prepare for next version
2012-05-10 16:01:11 +00:00
Dr. Stephen Henson
b71e69ad8e
update FAQ
2012-05-10 14:38:52 +00:00
Dr. Stephen Henson
f856173c43
prepare for 0.9.8x release
2012-05-10 14:36:07 +00:00
Dr. Stephen Henson
d742f9ebbd
update NEWS
2012-05-10 14:35:13 +00:00
Dr. Stephen Henson
36dd4cba3d
Sanity check record length before skipping explicit IV in DTLS
...
to fix DoS attack.
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
2012-05-10 14:33:11 +00:00
Dr. Stephen Henson
3978429ad5
Reported by: Solar Designer of Openwall
...
Make sure tkeylen is initialised properly when encrypting CMS messages.
2012-05-10 13:27:57 +00:00
Richard Levitte
885945d6e1
Correct environment variable is OPENSSL_ALLOW_PROXY_CERTS.
2012-05-04 10:43:17 +00:00
Dr. Stephen Henson
e22e770147
prepare for next version
2012-04-23 21:15:22 +00:00
Dr. Stephen Henson
e0c0203341
update STATUS
2012-04-23 21:03:04 +00:00
Dr. Stephen Henson
e1eec61e26
correct STATUS
2012-04-23 20:51:18 +00:00
Dr. Stephen Henson
296fa128c9
correct NEWS
2012-04-23 20:49:21 +00:00
Dr. Stephen Henson
6dde222aae
prepare form 0.9.8w release
2012-04-23 20:45:29 +00:00
Dr. Stephen Henson
391ac37018
update NEWS
2012-04-23 20:43:35 +00:00
Dr. Stephen Henson
8d038a08fb
The fix for CVE-2012-2110 did not take into account that the
...
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
int in OpenSSL 0.9.8, making it still vulnerable. Fix by
rejecting negative len parameter.
Thanks to the many people who reported this bug and to Tomas Hoger
<thoger@redhat.com> for supplying the fix.
2012-04-23 20:35:55 +00:00
Dr. Stephen Henson
747c6ffda4
correct error code
2012-04-22 13:31:46 +00:00
Dr. Stephen Henson
d4cddc54f0
correct old FAQ answers, sync with HEAD
2012-04-22 13:22:38 +00:00
Dr. Stephen Henson
eb7112c18e
prepare for next version
2012-04-19 17:03:28 +00:00
Dr. Stephen Henson
fef9e07930
update FAQ
2012-04-19 12:05:18 +00:00
Dr. Stephen Henson
8ab27e6ef7
prepare for 0.9.8v release
2012-04-19 11:39:03 +00:00
Dr. Stephen Henson
6415055590
update NEWS
2012-04-19 11:37:17 +00:00
Dr. Stephen Henson
556e27b14f
Check for potentially exploitable overflows in asn1_d2i_read_bio
...
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.
Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
2012-04-19 11:36:09 +00:00
Dr. Stephen Henson
af0c009d70
use /fixed argument when linking FIPS targets to disable address space layout randomization
2012-04-15 16:48:34 +00:00
Dr. Stephen Henson
0b1cf4a139
PR: 2778(part)
...
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>
Time is always encoded as 4 bytes, not sizeof(Time).
2012-03-31 18:02:23 +00:00
Dr. Stephen Henson
a9101cdcaa
Always use SSLv23_{client,server}_method in s_client.c and s_server.c,
...
the old code came from SSLeay days before TLS was even supported.
2012-03-18 18:18:30 +00:00
Dr. Stephen Henson
e351e2a7cf
prepare for next version
2012-03-12 16:35:13 +00:00
Dr. Stephen Henson
215276243d
corrected fix to PR#2711 and also cover mime_param_cmp
2012-03-12 15:25:53 +00:00
Dr. Stephen Henson
ddb7832852
correct FAQ
2012-03-12 15:01:44 +00:00
Dr. Stephen Henson
2fad41d155
prepare for release
2012-03-12 14:53:14 +00:00
Dr. Stephen Henson
b9c3d9168f
update NEWS
2012-03-12 14:52:14 +00:00
Dr. Stephen Henson
4f2fc3c2dd
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
...
continue with symmetric decryption process to avoid leaking timing
information to an attacker.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
2012-03-12 14:51:45 +00:00
Dr. Stephen Henson
48819f4d54
fix error code
2012-03-12 14:50:55 +00:00
Dr. Stephen Henson
b0cbdd3eba
manually patch missing part of PR#2756
2012-03-12 12:46:52 +00:00
Dr. Stephen Henson
5016107550
PR: 2756
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix DTLS timeout handling.
2012-03-09 15:51:56 +00:00
Dr. Stephen Henson
25d5d15fd5
check return value of BIO_write in PKCS7_decrypt
2012-03-08 14:01:44 +00:00