Commit graph

8698 commits

Author SHA1 Message Date
Dr. Stephen Henson
21c4b25959 Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) 2012-01-04 18:52:18 +00:00
Dr. Stephen Henson
41cf2c3aef stop warning 2012-01-04 18:45:18 +00:00
Dr. Stephen Henson
0e3a930fb4 Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) 2012-01-04 18:44:20 +00:00
Dr. Stephen Henson
0c214e0153 Submitted by: Adam Langley <agl@chromium.org>
Reviewed by: steve

Fix memory leaks.
2012-01-04 14:25:10 +00:00
Dr. Stephen Henson
6c61cfbe03 PR: 2326
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve

Fix incorrect comma expressions and goto f_err as alert has been set.
2011-12-26 19:38:28 +00:00
Andy Polyakov
2ee77d36a0 x86-mont.pl: fix bug in integer-only squaring path [from HEAD].
PR: 2648
2011-12-09 14:28:48 +00:00
Dr. Stephen Henson
24f441e0bb The default CN prompt message can be confusing when often the CN needs to
be the server FQDN: change it.
[Reported by PSW Group]
2011-12-06 00:01:09 +00:00
Bodo Möller
740da44f20 Resolve a stack set-up race condition (if the list of compression
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley
2011-12-02 12:50:44 +00:00
Bodo Möller
72033fde7b Fix ecdsatest.c.
Submitted by: Emilia Kasper
2011-12-02 12:40:25 +00:00
Bodo Möller
9adf3fcf9a Fix BIO_f_buffer().
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
2011-12-02 12:23:57 +00:00
Andy Polyakov
65f7456652 ppc.pl: fix bug in bn_mul_comba4 [from HEAD].
PR: 2636
Submitted by: Charles Bryant
2011-11-05 10:17:06 +00:00
Dr. Stephen Henson
8794569a08 PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.
2011-10-27 13:06:26 +00:00
Dr. Stephen Henson
f8731bc2fd PR: 2632
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.
2011-10-26 16:42:48 +00:00
Bodo Möller
195d6bf760 BN_BLINDING multi-threading fix.
Submitted by: Emilia Kasper (Google)
2011-10-19 14:57:59 +00:00
Bodo Möller
dacd94b9c8 Oops: this change (http://cvs.openssl.org/chngview?cn=21503)
wasn't right for 0.9.8-stable (it's actually a fix for
http://cvs.openssl.org/chngview?cn=14494, which introduced
SSL_CTRL_SET_MAX_SEND_FRAGMENT).
2011-10-19 13:53:41 +00:00
Bodo Möller
8070cb5f87 Clarify warning 2011-10-13 13:24:13 +00:00
Bodo Möller
f7d514f449 In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
Submitted by: Bob Buckholz <bbuckholz@google.com>
2011-10-13 13:04:40 +00:00
Dr. Stephen Henson
6d50bce79f PR: 2482
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.
2011-10-09 00:56:18 +00:00
Dr. Stephen Henson
3cf0a38b3e fix signed/unsigned warning 2011-09-26 17:05:00 +00:00
Dr. Stephen Henson
91a1d08a4c use keyformat for -x509toreq, don't hard code PEM 2011-09-23 21:49:08 +00:00
Dr. Stephen Henson
85e776885b PR: 2606
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de>
Reviewed by: steve

Handle timezones correctly in UTCTime.
2011-09-23 13:40:06 +00:00
Dr. Stephen Henson
fc4015329f PR: 2602
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS bug which prevents manual MTU setting
2011-09-23 13:35:32 +00:00
Dr. Stephen Henson
6ec9ff83f3 PR: 2347
Submitted by: Tomas Mraz <tmraz@redhat.com>
Reviewed by: steve

Fix usage message.
2011-09-23 13:13:02 +00:00
Bodo Möller
db45308477 (EC)DH memory handling fixes.
Submitted by: Adam Langley
2011-09-05 10:25:15 +00:00
Bodo Möller
1c7c69a8a5 Fix memory leak on bad inputs. 2011-09-05 09:56:48 +00:00
Bodo Möller
24ad061037 Move OPENSSL_init declaration out of auto-generated code section
(it is not auto-generated).
2011-09-05 09:52:58 +00:00
Dr. Stephen Henson
92f96fa721 PR: 2576
Submitted by: Doug Goldstein <cardoe@gentoo.org>
Reviewed by: steve

Include header file stdlib.h which is needed on some platforms to get
getenv() declaration.
2011-09-02 11:20:49 +00:00
Dr. Stephen Henson
0d1e362363 PR: 2340
Submitted by: "Mauro H. Leggieri" <mxmauro@caiman.com.ar>
Reviewed by: steve

Stop warnings if OPENSSL_NO_DGRAM is defined.
2011-09-01 15:03:10 +00:00
Dr. Stephen Henson
a0bf2c86ab make timing attack protection unconditional 2011-09-01 14:23:41 +00:00
Dr. Stephen Henson
6a662a45f3 PR: 2573
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS buffering and decryption bug.
2011-09-01 14:01:36 +00:00
Dr. Stephen Henson
24d0524f31 PR: 2588
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Close file pointer.
2011-09-01 13:48:48 +00:00
Dr. Stephen Henson
c081817c95 PR: 2586
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Fix brace mismatch.
2011-09-01 13:37:11 +00:00
Dr. Stephen Henson
46a1f2487e PR: 2559
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS socket error bug
2011-07-20 15:20:19 +00:00
Dr. Stephen Henson
ac02a4b68a PR: 2555
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS sequence number bug
2011-07-20 15:17:20 +00:00
Dr. Stephen Henson
4ba063d3c5 PR: 2550
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS HelloVerifyRequest Timer bug
2011-07-20 15:12:58 +00:00
Andy Polyakov
e0e0818e4b config: detect if assembler supports --noexecstack and pass it down [from HEAD]. 2011-07-15 19:59:31 +00:00
Dr. Stephen Henson
82a5049f6a PR: 2556 (partial)
Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de>
Reviewed by: steve

Fix OID routines.

Check on encoding leading zero rejection should start at beginning of
encoding.

Allow for initial digit when testing when to use BIGNUMs which can increase
first value by 2 * 40.
2011-07-14 12:01:08 +00:00
Andy Polyakov
d027b75b73 perlasm/cbc.pl: fix tail processing bug [from HEAD].
PR: 2557
2011-07-13 06:25:15 +00:00
Dr. Stephen Henson
87421d3fc5 PR: 2471
Submitted by: Corinna Vinschen

util/cygwin.sh: maintainer's update [from HEAD].
2011-06-22 15:46:37 +00:00
Dr. Stephen Henson
87d14a3625 PR: 2470
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Reviewed by: steve

Don't call ERR_remove_state from DllMain.
2011-06-22 15:39:19 +00:00
Dr. Stephen Henson
cc0931e36b PR: 2543
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Correctly handle errors in DTLSv1_handle_timeout()
2011-06-22 15:29:36 +00:00
Dr. Stephen Henson
22152d6885 PR: 2540
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Prevent infinite loop in BN_GF2m_mod_inv().
2011-06-22 15:23:20 +00:00
Dr. Stephen Henson
102bcbce8d correctly encode OIDs near 2^32 2011-06-22 15:15:20 +00:00
Andy Polyakov
8655de423d rc4_skey.c [0.9.8]: at some point rc4_skey and x86[_64]cpuid were modified
to examine bit#20 on x86[_64], but it was erroneously reverted to bit#28
in 2008 in process of FIPS integration.
2011-06-06 19:58:21 +00:00
Dr. Stephen Henson
c4b2eb24b3 PR: 2529
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Call ssl_new() to reallocate SSL BIO internals if we want to replace
the existing internal SSL structure.
2011-05-25 15:15:43 +00:00
Dr. Stephen Henson
03e3fbb702 PR: 2527
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Set cnf to NULL to avoid possible double free.
2011-05-25 15:06:32 +00:00
Dr. Stephen Henson
bc7ee385f5 Fix the ECDSA timing attack mentioned in the paper at:
http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:52:54 +00:00
Dr. Stephen Henson
1e368ab08f Fix the ECDSA timing attack mentioned in the paper at:
http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:43:47 +00:00
Dr. Stephen Henson
2c77c5c8db Oops use up to date patch for PR#2506 2011-05-25 14:29:39 +00:00
Dr. Stephen Henson
1eb38c563f PR: 2506
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fully implement SSL_clear for DTLS.
2011-05-25 12:28:42 +00:00