wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9820 commits 20 branches 302 tags 153 MiB
Commit graph

1597 commits

Author SHA1 Message Date
Dr. Stephen Henson
76e7744bef prepare for next version 2013-02-06 02:27:23 +00:00
Dr. Stephen Henson
d9e048ceac prepare for release 2013-02-05 16:46:21 +00:00
Dr. Stephen Henson
8a5d624d5b Update CHANGES and NEWS 2013-02-05 16:46:19 +00:00
Dr. Stephen Henson
ebc71865f0 Don't try and verify signatures if key is NULL (CVE-2013-0166) 
Add additional check to catch this in ASN1_item_verify too.
 2013-02-05 16:46:15 +00:00
Ben Laurie
bb65e3f22b Backport OCSP Stapling fix. 2012-10-04 15:16:12 +00:00
Dr. Stephen Henson
bef20d4a68 PR: 2813 
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>

Fix possible deadlock when decoding public keys.
 2012-05-11 13:50:09 +00:00
Dr. Stephen Henson
dddddb2e6c prepare for next version 2012-05-10 16:01:57 +00:00
Dr. Stephen Henson
8fcb93613a prepare for 1.0.0j release 2012-05-10 14:48:54 +00:00
Dr. Stephen Henson
a969ca5cc8 Sanity check record length before skipping explicit IV in DTLS 
to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
 2012-05-10 14:44:20 +00:00
Dr. Stephen Henson
1e4406a854 Reported by: Solar Designer of Openwall 
Make sure tkeylen is initialised properly when encrypting CMS messages.
 2012-05-10 13:28:28 +00:00
Dr. Stephen Henson
0ed781740d prepare for next version 2012-04-19 17:02:49 +00:00
Dr. Stephen Henson
d0e542fdc9 prepare for 1.0.0i release 2012-04-19 11:47:20 +00:00
Dr. Stephen Henson
5bd4fcc5c2 Check for potentially exploitable overflows in asn1_d2i_read_bio 
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
 2012-04-19 11:44:51 +00:00
Dr. Stephen Henson
c2c6044933 prepare for next version 2012-03-12 16:35:49 +00:00
Dr. Stephen Henson
97183a312e prepare for release 2012-03-12 14:24:50 +00:00
Dr. Stephen Henson
6a0a48433b Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and 
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
 2012-03-12 14:22:59 +00:00
Dr. Stephen Henson
25128a11fb Fix bug in CVE-2011-4619: check we have really received a client hello 
before rejecting multiple SGC restarts.
 2012-02-16 15:21:46 +00:00
Dr. Stephen Henson
702175817f prepare for next version 2012-01-18 14:27:57 +00:00
Dr. Stephen Henson
703ec840dc prepare for release 2012-01-18 13:38:34 +00:00
Dr. Stephen Henson
b996cecc32 Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. 
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
 2012-01-18 13:36:04 +00:00
Dr. Stephen Henson
7e927da2a5 fix CHANGES entry 2012-01-17 14:19:51 +00:00
Bodo Möller
80b570142d Update for 0.9.8s. 2012-01-05 13:38:47 +00:00
Dr. Stephen Henson
08e8d58785 update for next version 2012-01-04 23:55:26 +00:00
Dr. Stephen Henson
c90c41f09d prepare for release 2012-01-04 17:01:33 +00:00
Dr. Stephen Henson
84c95826de Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de> 
Reviewed by: steve

Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
 2012-01-04 16:51:14 +00:00
Dr. Stephen Henson
528ef87850 Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) 2012-01-04 15:33:15 +00:00
Dr. Stephen Henson
9004c53107 Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) 2012-01-04 15:27:54 +00:00
Dr. Stephen Henson
00f473b3cc Check GOST parameters are not NULL (CVE-2012-0027) 2012-01-04 15:16:20 +00:00
Dr. Stephen Henson
356de7146e Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) 2012-01-04 15:07:54 +00:00
Dr. Stephen Henson
ef7545a3e6 PR: 2563 
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve

Improved PRNG seeding for VOS.
 2011-12-19 17:04:39 +00:00
Bodo Möller
44c854ddb9 Resolve a stack set-up race condition (if the list of compression 
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley
 2011-12-02 12:51:05 +00:00
Bodo Möller
47091035f1 Fix ecdsatest.c. 
Submitted by: Emilia Kasper
 2011-12-02 12:41:00 +00:00
Bodo Möller
f3d51d7740 Fix BIO_f_buffer(). 
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
 2011-12-02 12:24:29 +00:00
Bodo Möller
f70a5895e3 BN_BLINDING multi-threading fix. 
Submitted by: Emilia Kasper (Google)
 2011-10-19 14:58:34 +00:00
Bodo Möller
48373e55d1 In ssl3_clear, preserve s3->init_extra along with s3->rbuf. 
Submitted by: Bob Buckholz <bbuckholz@google.com>
 2011-10-13 13:05:12 +00:00
Dr. Stephen Henson
ab06ff6bee prepare for next version 2011-09-06 13:44:52 +00:00
Dr. Stephen Henson
bba8456e65 update versions and dates for release 2011-09-06 13:01:44 +00:00
Dr. Stephen Henson
c2a8133d1c Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past 
produce an error (CVE-2011-3207)

Fix TLS ephemeral DH crash bug (CVE-2011-3210)
 2011-09-06 12:53:56 +00:00
Bodo Möller
e935440ad7 (EC)DH memory handling fixes. 
Submitted by: Adam Langley
 2011-09-05 10:25:21 +00:00
Bodo Möller
8eaf563c41 Fix memory leak on bad inputs. 2011-09-05 09:57:03 +00:00
Dr. Stephen Henson
e1c3d65f08 Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA 
using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
 2011-08-14 13:48:42 +00:00
Bodo Möller
167d692925 Complete the version history (include information on unreleased 
version 0.9.8s to show full information).
 2011-06-15 14:21:17 +00:00
Dr. Stephen Henson
e82d6a2019 Fix the ECDSA timing attack mentioned in the paper at: 
http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
 2011-05-25 14:43:05 +00:00
Bodo Möller
0bb2154ee9 Sync with 0.9.8 branch. 2011-02-08 19:06:57 +00:00
Bodo Möller
c9355e20c3 start 1.0.0e-dev 2011-02-08 17:58:45 +00:00
Bodo Möller
6545372c24 OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) 
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
 2011-02-08 17:10:53 +00:00
Dr. Stephen Henson
2fcf251d3d Fix escaping code for string printing. If *any* escaping is enabled we 
must escape the escape character itself (backslash).
 2011-01-03 01:27:00 +00:00
Dr. Stephen Henson
3bbbe757ea update for next release 2010-12-02 19:37:46 +00:00
Dr. Stephen Henson
76474e519f prepare for release 2010-12-02 18:29:04 +00:00
Dr. Stephen Henson
6d65d44b95 fix for CVE-2010-4180 2010-12-02 18:24:55 +00:00