wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8446 commits 20 branches 302 tags 153 MiB
Commit graph

4182 commits

Author SHA1 Message Date
Dr. Stephen Henson
8ab27e6ef7 prepare for 0.9.8v release 2012-04-19 11:39:03 +00:00
Dr. Stephen Henson
556e27b14f Check for potentially exploitable overflows in asn1_d2i_read_bio 
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
 2012-04-19 11:36:09 +00:00
Dr. Stephen Henson
e351e2a7cf prepare for next version 2012-03-12 16:35:13 +00:00
Dr. Stephen Henson
215276243d corrected fix to PR#2711 and also cover mime_param_cmp 2012-03-12 15:25:53 +00:00
Dr. Stephen Henson
2fad41d155 prepare for release 2012-03-12 14:53:14 +00:00
Dr. Stephen Henson
4f2fc3c2dd Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and 
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
 2012-03-12 14:51:45 +00:00
Dr. Stephen Henson
25d5d15fd5 check return value of BIO_write in PKCS7_decrypt 2012-03-08 14:01:44 +00:00
Dr. Stephen Henson
725713f74a PR: 2755 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions. [0.9.8 version of patch]
 2012-03-07 15:14:16 +00:00
Dr. Stephen Henson
73eb0972cf return failure code if I/O error 2012-03-06 19:08:30 +00:00
Dr. Stephen Henson
6720779c7e revert PR#2755: it breaks compilation 2012-03-06 18:25:33 +00:00
Dr. Stephen Henson
b2a2c6af2a PR: 2755 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
 2012-03-06 13:45:47 +00:00
Dr. Stephen Henson
272993bac4 PR: 2696 Submitted by: Rob Austein <sra@hactrn.net> 
Fix inverted range problem in RFC3779 code.

Thanks to Andrew Chi for generating test cases for this bug.

[from HEAD]
 2012-03-06 13:37:52 +00:00
Dr. Stephen Henson
58532ae047 oops, revert unrelated patches 2012-03-06 13:22:32 +00:00
Dr. Stephen Henson
4e7f6d380d PR: 2748 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.
 2012-03-06 13:20:20 +00:00
Dr. Stephen Henson
f0be325f88 Fix memory leak cause by race condition when creating public keys. 
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
 2012-02-28 14:47:36 +00:00
Dr. Stephen Henson
b66af23aa9 free headers after use in error message 2012-02-27 16:26:32 +00:00
Dr. Stephen Henson
29d0c13e97 Detect symmetric crypto errors in PKCS7_decrypt. 
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
 2012-02-27 15:23:20 +00:00
Dr. Stephen Henson
8a4e81a269 PR: 2711 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Tolerate bad MIME headers in parser.
 2012-02-23 21:50:13 +00:00
Dr. Stephen Henson
a72ce94213 prepare for next version 2012-01-18 14:27:13 +00:00
Dr. Stephen Henson
3309f8313c prepare for release 2012-01-18 13:14:49 +00:00
Dr. Stephen Henson
875ac0ec00 fix warning 2012-01-10 14:37:00 +00:00
Dr. Stephen Henson
244788464a update for next version 2012-01-04 23:56:13 +00:00
Dr. Stephen Henson
b3cebd5acf prepare for 0.9.8s release 2012-01-04 19:20:49 +00:00
Dr. Stephen Henson
1db0bbdc76 Fix double free in policy check code (CVE-2011-4109) 2012-01-04 19:00:28 +00:00
Dr. Stephen Henson
0e3a930fb4 Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) 2012-01-04 18:44:20 +00:00
Andy Polyakov
2ee77d36a0 x86-mont.pl: fix bug in integer-only squaring path [from HEAD]. 
PR: 2648
 2011-12-09 14:28:48 +00:00
Bodo Möller
72033fde7b Fix ecdsatest.c. 
Submitted by: Emilia Kasper
 2011-12-02 12:40:25 +00:00
Bodo Möller
9adf3fcf9a Fix BIO_f_buffer(). 
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
 2011-12-02 12:23:57 +00:00
Andy Polyakov
65f7456652 ppc.pl: fix bug in bn_mul_comba4 [from HEAD]. 
PR: 2636
Submitted by: Charles Bryant
 2011-11-05 10:17:06 +00:00
Dr. Stephen Henson
f8731bc2fd PR: 2632 
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.
 2011-10-26 16:42:48 +00:00
Bodo Möller
195d6bf760 BN_BLINDING multi-threading fix. 
Submitted by: Emilia Kasper (Google)
 2011-10-19 14:57:59 +00:00
Dr. Stephen Henson
6d50bce79f PR: 2482 
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.
 2011-10-09 00:56:18 +00:00
Dr. Stephen Henson
85e776885b PR: 2606 
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de>
Reviewed by: steve

Handle timezones correctly in UTCTime.
 2011-09-23 13:40:06 +00:00
Bodo Möller
1c7c69a8a5 Fix memory leak on bad inputs. 2011-09-05 09:56:48 +00:00
Bodo Möller
24ad061037 Move OPENSSL_init declaration out of auto-generated code section 
(it is not auto-generated).
 2011-09-05 09:52:58 +00:00
Dr. Stephen Henson
92f96fa721 PR: 2576 
Submitted by: Doug Goldstein <cardoe@gentoo.org>
Reviewed by: steve

Include header file stdlib.h which is needed on some platforms to get
getenv() declaration.
 2011-09-02 11:20:49 +00:00
Dr. Stephen Henson
0d1e362363 PR: 2340 
Submitted by: "Mauro H. Leggieri" <mxmauro@caiman.com.ar>
Reviewed by: steve

Stop warnings if OPENSSL_NO_DGRAM is defined.
 2011-09-01 15:03:10 +00:00
Dr. Stephen Henson
a0bf2c86ab make timing attack protection unconditional 2011-09-01 14:23:41 +00:00
Dr. Stephen Henson
24d0524f31 PR: 2588 
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Close file pointer.
 2011-09-01 13:48:48 +00:00
Dr. Stephen Henson
46a1f2487e PR: 2559 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS socket error bug
 2011-07-20 15:20:19 +00:00
Dr. Stephen Henson
82a5049f6a PR: 2556 (partial) 
Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de>
Reviewed by: steve

Fix OID routines.

Check on encoding leading zero rejection should start at beginning of
encoding.

Allow for initial digit when testing when to use BIGNUMs which can increase
first value by 2 * 40.
 2011-07-14 12:01:08 +00:00
Andy Polyakov
d027b75b73 perlasm/cbc.pl: fix tail processing bug [from HEAD]. 
PR: 2557
 2011-07-13 06:25:15 +00:00
Dr. Stephen Henson
87d14a3625 PR: 2470 
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Reviewed by: steve

Don't call ERR_remove_state from DllMain.
 2011-06-22 15:39:19 +00:00
Dr. Stephen Henson
22152d6885 PR: 2540 
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Prevent infinite loop in BN_GF2m_mod_inv().
 2011-06-22 15:23:20 +00:00
Dr. Stephen Henson
102bcbce8d correctly encode OIDs near 2^32 2011-06-22 15:15:20 +00:00
Andy Polyakov
8655de423d rc4_skey.c [0.9.8]: at some point rc4_skey and x86[_64]cpuid were modified 
to examine bit#20 on x86[_64], but it was erroneously reverted to bit#28
in 2008 in process of FIPS integration.
 2011-06-06 19:58:21 +00:00
Dr. Stephen Henson
bc7ee385f5 Fix the ECDSA timing attack mentioned in the paper at: 
http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
 2011-05-25 14:52:54 +00:00
Dr. Stephen Henson
1e368ab08f Fix the ECDSA timing attack mentioned in the paper at: 
http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
 2011-05-25 14:43:47 +00:00
Dr. Stephen Henson
6d12b1f82b check buffer is larger enough before overwriting 2011-04-06 18:07:12 +00:00
Bodo Möller
d430f56de6 start 0.9.8s-dev 2011-02-08 17:58:34 +00:00