Dr. Stephen Henson
9004c53107
Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
2012-01-04 15:27:54 +00:00
Dr. Stephen Henson
00f473b3cc
Check GOST parameters are not NULL (CVE-2012-0027)
2012-01-04 15:16:20 +00:00
Dr. Stephen Henson
356de7146e
Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)
2012-01-04 15:07:54 +00:00
Dr. Stephen Henson
ef7545a3e6
PR: 2563
...
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve
Improved PRNG seeding for VOS.
2011-12-19 17:04:39 +00:00
Bodo Möller
44c854ddb9
Resolve a stack set-up race condition (if the list of compression
...
methods isn't presorted, it will be sorted on first read).
Submitted by: Adam Langley
2011-12-02 12:51:05 +00:00
Bodo Möller
47091035f1
Fix ecdsatest.c.
...
Submitted by: Emilia Kasper
2011-12-02 12:41:00 +00:00
Bodo Möller
f3d51d7740
Fix BIO_f_buffer().
...
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
2011-12-02 12:24:29 +00:00
Bodo Möller
f70a5895e3
BN_BLINDING multi-threading fix.
...
Submitted by: Emilia Kasper (Google)
2011-10-19 14:58:34 +00:00
Bodo Möller
48373e55d1
In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
...
Submitted by: Bob Buckholz <bbuckholz@google.com>
2011-10-13 13:05:12 +00:00
Dr. Stephen Henson
ab06ff6bee
prepare for next version
2011-09-06 13:44:52 +00:00
Dr. Stephen Henson
bba8456e65
update versions and dates for release
2011-09-06 13:01:44 +00:00
Dr. Stephen Henson
c2a8133d1c
Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
...
produce an error (CVE-2011-3207)
Fix TLS ephemeral DH crash bug (CVE-2011-3210)
2011-09-06 12:53:56 +00:00
Bodo Möller
e935440ad7
(EC)DH memory handling fixes.
...
Submitted by: Adam Langley
2011-09-05 10:25:21 +00:00
Bodo Möller
8eaf563c41
Fix memory leak on bad inputs.
2011-09-05 09:57:03 +00:00
Dr. Stephen Henson
e1c3d65f08
Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA
...
using OBJ xref utilities instead of string comparison with OID name.
This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
2011-08-14 13:48:42 +00:00
Bodo Möller
167d692925
Complete the version history (include information on unreleased
...
version 0.9.8s to show full information).
2011-06-15 14:21:17 +00:00
Dr. Stephen Henson
e82d6a2019
Fix the ECDSA timing attack mentioned in the paper at:
...
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:43:05 +00:00
Bodo Möller
0bb2154ee9
Sync with 0.9.8 branch.
2011-02-08 19:06:57 +00:00
Bodo Möller
c9355e20c3
start 1.0.0e-dev
2011-02-08 17:58:45 +00:00
Bodo Möller
6545372c24
OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)
...
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
2011-02-08 17:10:53 +00:00
Dr. Stephen Henson
2fcf251d3d
Fix escaping code for string printing. If *any* escaping is enabled we
...
must escape the escape character itself (backslash).
2011-01-03 01:27:00 +00:00
Dr. Stephen Henson
3bbbe757ea
update for next release
2010-12-02 19:37:46 +00:00
Dr. Stephen Henson
76474e519f
prepare for release
2010-12-02 18:29:04 +00:00
Dr. Stephen Henson
6d65d44b95
fix for CVE-2010-4180
2010-12-02 18:24:55 +00:00
Dr. Stephen Henson
fa29ebd7ed
add CVE to J-PAKE issue
2010-11-29 18:21:43 +00:00
Ben Laurie
dde6d9520c
Document change.
2010-11-24 15:07:56 +00:00
Dr. Stephen Henson
5e7c9519b8
update for next version
2010-11-16 16:33:35 +00:00
Dr. Stephen Henson
ef02492908
prepare for release
2010-11-16 13:35:09 +00:00
Dr. Stephen Henson
86d5f9ba4f
fix CVE-2010-3864
2010-11-16 13:26:24 +00:00
Dr. Stephen Henson
9c2d0cd11c
PR: 2314
...
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve
Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
2010-10-10 12:33:10 +00:00
Dr. Stephen Henson
8c9ab050e5
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
...
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.
Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
2010-10-03 18:57:01 +00:00
Bodo Möller
cbfccdb729
ECC library bugfixes.
...
Submitted by: Emilia Kasper (Google)
2010-08-26 12:10:44 +00:00
Bodo Möller
94111aa401
Harmonize with OpenSSL_0_9_8-stable version of CHANGES.
2010-08-26 11:19:45 +00:00
Dr. Stephen Henson
7585a86a76
Fix WIN32 build system to correctly link ENGINE DLLs contained in a
...
directory: currently the GOST ENGINE is the only case.
2010-07-24 17:57:07 +00:00
Dr. Stephen Henson
1dba06e7b0
update for next version
2010-06-16 13:34:33 +00:00
Dr. Stephen Henson
9c7baca820
prepare for release
2010-06-01 13:31:38 +00:00
Dr. Stephen Henson
618265e645
Fix CVE-2010-1633 and CVE-2010-0742.
2010-06-01 13:17:06 +00:00
Dr. Stephen Henson
acc9938ba5
Add SHA2 algorithms to SSL_library_init(). Although these aren't used
...
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.
Update docs.
2010-04-07 13:18:30 +00:00
Dr. Stephen Henson
6747de655e
updates for next release
2010-03-30 00:55:00 +00:00
Dr. Stephen Henson
91bad2b09e
Prepare for 1.0.0 release - finally ;-)
2010-03-29 13:11:54 +00:00
Bodo Möller
5b5464d525
Fix for "Record of death" vulnerability CVE-2010-0740.
...
Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010).
2010-03-25 11:22:42 +00:00
Dr. Stephen Henson
47333a34d5
Submitted by: Tomas Hoger <thoger@redhat.com>
...
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
2010-03-03 15:41:00 +00:00
Dr. Stephen Henson
2b23d89d14
oops, use correct date
2010-02-26 12:14:30 +00:00
Bodo Möller
32567c9f3b
Fix X509_STORE locking
2010-02-19 18:26:23 +00:00
Dr. Stephen Henson
989238802a
Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as
...
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
2010-02-17 18:38:10 +00:00
Dr. Stephen Henson
9051fc538f
PR: 2100
...
Submitted by: James Baker <jbaker@tableausoftware.com> et al.
Workaround for slow Heap32Next on some versions of Windows.
2010-02-17 14:32:25 +00:00
Dr. Stephen Henson
81d87a2a28
update references to new RI RFC
2010-02-12 21:59:57 +00:00
Dr. Stephen Henson
1700426256
Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy
...
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
2010-02-07 13:41:23 +00:00
Dr. Stephen Henson
57cffe901f
typo
2010-01-27 14:05:15 +00:00
Dr. Stephen Henson
d793c292cb
add CHANGES entry
2010-01-26 19:48:10 +00:00