Dr. Stephen Henson
a72ce94213
prepare for next version
2012-01-18 14:27:13 +00:00
Dr. Stephen Henson
3309f8313c
prepare for release
2012-01-18 13:14:49 +00:00
Dr. Stephen Henson
096327a99a
Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
...
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
2012-01-18 13:12:08 +00:00
Dr. Stephen Henson
cc10bcf25e
fix CHANGES entry
2012-01-17 14:18:26 +00:00
Dr. Stephen Henson
244788464a
update for next version
2012-01-04 23:56:13 +00:00
Dr. Stephen Henson
b3cebd5acf
prepare for 0.9.8s release
2012-01-04 19:20:49 +00:00
Dr. Stephen Henson
eebefe35e7
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
...
Reviewed by: steve
Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
2012-01-04 19:10:16 +00:00
Dr. Stephen Henson
1db0bbdc76
Fix double free in policy check code (CVE-2011-4109)
2012-01-04 19:00:28 +00:00
Dr. Stephen Henson
e643112dd8
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
2012-01-04 18:54:17 +00:00
Dr. Stephen Henson
21c4b25959
Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
2012-01-04 18:52:18 +00:00
Dr. Stephen Henson
0e3a930fb4
Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)
2012-01-04 18:44:20 +00:00
Bodo Möller
740da44f20
Resolve a stack set-up race condition (if the list of compression
...
methods isn't presorted, it will be sorted on first read).
Submitted by: Adam Langley
2011-12-02 12:50:44 +00:00
Bodo Möller
72033fde7b
Fix ecdsatest.c.
...
Submitted by: Emilia Kasper
2011-12-02 12:40:25 +00:00
Bodo Möller
9adf3fcf9a
Fix BIO_f_buffer().
...
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
2011-12-02 12:23:57 +00:00
Bodo Möller
195d6bf760
BN_BLINDING multi-threading fix.
...
Submitted by: Emilia Kasper (Google)
2011-10-19 14:57:59 +00:00
Bodo Möller
dacd94b9c8
Oops: this change ( http://cvs.openssl.org/chngview?cn=21503 )
...
wasn't right for 0.9.8-stable (it's actually a fix for
http://cvs.openssl.org/chngview?cn=14494 , which introduced
SSL_CTRL_SET_MAX_SEND_FRAGMENT).
2011-10-19 13:53:41 +00:00
Bodo Möller
f7d514f449
In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
...
Submitted by: Bob Buckholz <bbuckholz@google.com>
2011-10-13 13:04:40 +00:00
Bodo Möller
db45308477
(EC)DH memory handling fixes.
...
Submitted by: Adam Langley
2011-09-05 10:25:15 +00:00
Bodo Möller
1c7c69a8a5
Fix memory leak on bad inputs.
2011-09-05 09:56:48 +00:00
Dr. Stephen Henson
1e368ab08f
Fix the ECDSA timing attack mentioned in the paper at:
...
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:43:47 +00:00
Bodo Möller
d430f56de6
start 0.9.8s-dev
2011-02-08 17:58:34 +00:00
Bodo Möller
957ebe98fb
OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)
...
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
2011-02-08 17:10:47 +00:00
Dr. Stephen Henson
9ad765173f
Fix escaping code for string printing. If *any* escaping is enabled we
...
must escape the escape character itself (backslash).
2011-01-03 01:26:33 +00:00
Dr. Stephen Henson
b8be571868
update for next release
2010-12-02 19:42:28 +00:00
Dr. Stephen Henson
acd43bf38c
prepare for release
2010-12-02 18:53:52 +00:00
Dr. Stephen Henson
7890b562bc
fix for CVE-2010-4180
2010-12-02 18:49:28 +00:00
Dr. Stephen Henson
f7ffc3a6c9
add CVE to JPAKE fix
2010-11-29 18:47:51 +00:00
Ben Laurie
efed63d783
Backport J-PAKE fix.
2010-11-26 16:03:23 +00:00
Dr. Stephen Henson
0067580321
update for next version
2010-11-16 16:35:37 +00:00
Dr. Stephen Henson
7e541b1a7f
prepare for release
2010-11-16 14:37:28 +00:00
Dr. Stephen Henson
2ae47ddbc2
fix CVE-2010-3864
2010-11-16 14:26:18 +00:00
Dr. Stephen Henson
a073129293
PR: 2314
...
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve
Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
2010-10-10 12:21:23 +00:00
Dr. Stephen Henson
6cb5746b65
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
...
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.
Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
2010-10-03 18:55:57 +00:00
Bodo Möller
d4ba6424a1
ECC library bugfixes.
...
Submitted by: Emilia Kapser (Google)
2010-08-26 12:10:25 +00:00
Bodo Möller
92a97e52a0
Version tree clarification.
2010-08-26 11:15:09 +00:00
Dr. Stephen Henson
63e3676e68
fix so it is safe to repeatedly add PBE algorithms
2010-06-26 12:55:01 +00:00
Dr. Stephen Henson
1dac2cae68
prepare for next release
2010-06-16 13:40:09 +00:00
Dr. Stephen Henson
22872a5363
Prepare for release.
2010-06-01 14:47:12 +00:00
Dr. Stephen Henson
82b6b541b1
Fix CVE-2010-0742
2010-06-01 14:39:57 +00:00
Dr. Stephen Henson
bc06baca76
Add SHA2 algorithms to SSL_library_init(). Although these aren't used
...
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.
Update docs.
2010-04-07 13:19:48 +00:00
Dr. Stephen Henson
cf6a1dea19
PR: 2202 (partial)
...
Submitted by: Steven M. Schweda <sms@antinode.info>
VMS fixes:
Reduce copying into .apps and .test in makevms.com
Don't try to use blank CA certificate in CA.com
Allow use of C files from original directories in maketests.com
2010-03-25 12:29:56 +00:00
Dr. Stephen Henson
c3c658e1c0
updates for next version
2010-03-25 12:07:04 +00:00
Dr. Stephen Henson
354f92d66a
Submitted by: Bodo Moeller and Adam Langley (Google).
...
Fix for "Record of death" vulnerability CVE-2010-0740.
2010-03-24 13:16:42 +00:00
Dr. Stephen Henson
ede1351997
Submitted by: Tomas Hoger <thoger@redhat.com>
...
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
2010-03-03 15:34:11 +00:00
Dr. Stephen Henson
2649ce1ebc
Change versions for 0.9.8n-dev
2010-02-26 14:34:24 +00:00
Dr. Stephen Henson
7070cdba4e
Prepare for 0.9.8m release
2010-02-25 17:18:23 +00:00
Bodo Möller
3e4da3f7cb
Always check bn_wexpend() return values for failure (CVE-2009-3245).
...
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)
Submitted by: Neel Mehta
2010-02-23 10:36:41 +00:00
Bodo Möller
739e0e934a
Fix X509_STORE locking
2010-02-19 18:25:39 +00:00
Dr. Stephen Henson
442ac8d259
Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as
...
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
2010-02-17 18:37:47 +00:00
Dr. Stephen Henson
657b02d0cf
PR: 2100
...
Submitted by: James Baker <jbaker@tableausoftware.com> et al.
Workaround for slow Heap32Next on some versions of Windows.
2010-02-17 14:32:01 +00:00