wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8610 commits 20 branches 302 tags 153 MiB
Commit graph

8610 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dr. Stephen Henson
36dd4cba3d Sanity check record length before skipping explicit IV in DTLS 
to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
 2012-05-10 14:33:11 +00:00
Dr. Stephen Henson
3978429ad5 Reported by: Solar Designer of Openwall 
Make sure tkeylen is initialised properly when encrypting CMS messages.
 2012-05-10 13:27:57 +00:00
Richard Levitte
885945d6e1 Correct environment variable is OPENSSL_ALLOW_PROXY_CERTS. 2012-05-04 10:43:17 +00:00
Dr. Stephen Henson
e22e770147 prepare for next version 2012-04-23 21:15:22 +00:00
Dr. Stephen Henson
e0c0203341 update STATUS 2012-04-23 21:03:04 +00:00
Dr. Stephen Henson
e1eec61e26 correct STATUS 2012-04-23 20:51:18 +00:00
Dr. Stephen Henson
296fa128c9 correct NEWS 2012-04-23 20:49:21 +00:00
Dr. Stephen Henson
6dde222aae prepare form 0.9.8w release 2012-04-23 20:45:29 +00:00
Dr. Stephen Henson
391ac37018 update NEWS 2012-04-23 20:43:35 +00:00
Dr. Stephen Henson
8d038a08fb The fix for CVE-2012-2110 did not take into account that the 
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
int in OpenSSL 0.9.8, making it still vulnerable. Fix by
rejecting negative len parameter.

Thanks to the many people who reported this bug and to Tomas Hoger
<thoger@redhat.com> for supplying the fix.
 2012-04-23 20:35:55 +00:00
Dr. Stephen Henson
747c6ffda4 correct error code 2012-04-22 13:31:46 +00:00
Dr. Stephen Henson
d4cddc54f0 correct old FAQ answers, sync with HEAD 2012-04-22 13:22:38 +00:00
Dr. Stephen Henson
eb7112c18e prepare for next version 2012-04-19 17:03:28 +00:00
Dr. Stephen Henson
fef9e07930 update FAQ 2012-04-19 12:05:18 +00:00
Dr. Stephen Henson
8ab27e6ef7 prepare for 0.9.8v release 2012-04-19 11:39:03 +00:00
Dr. Stephen Henson
6415055590 update NEWS 2012-04-19 11:37:17 +00:00
Dr. Stephen Henson
556e27b14f Check for potentially exploitable overflows in asn1_d2i_read_bio 
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
 2012-04-19 11:36:09 +00:00
Dr. Stephen Henson
af0c009d70 use /fixed argument when linking FIPS targets to disable address space layout randomization 2012-04-15 16:48:34 +00:00
Dr. Stephen Henson
0b1cf4a139 PR: 2778(part) 
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Time is always encoded as 4 bytes, not sizeof(Time).
 2012-03-31 18:02:23 +00:00
Dr. Stephen Henson
a9101cdcaa Always use SSLv23_{client,server}_method in s_client.c and s_server.c, 
the old code came from SSLeay days before TLS was even supported.
 2012-03-18 18:18:30 +00:00
Dr. Stephen Henson
e351e2a7cf prepare for next version 2012-03-12 16:35:13 +00:00
Dr. Stephen Henson
215276243d corrected fix to PR#2711 and also cover mime_param_cmp 2012-03-12 15:25:53 +00:00
Dr. Stephen Henson
ddb7832852 correct FAQ 2012-03-12 15:01:44 +00:00
Dr. Stephen Henson
2fad41d155 prepare for release 2012-03-12 14:53:14 +00:00
Dr. Stephen Henson
b9c3d9168f update NEWS 2012-03-12 14:52:14 +00:00
Dr. Stephen Henson
4f2fc3c2dd Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and 
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
 2012-03-12 14:51:45 +00:00
Dr. Stephen Henson
48819f4d54 fix error code 2012-03-12 14:50:55 +00:00
Dr. Stephen Henson
b0cbdd3eba manually patch missing part of PR#2756 2012-03-12 12:46:52 +00:00
Dr. Stephen Henson
5016107550 PR: 2756 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.
 2012-03-09 15:51:56 +00:00
Dr. Stephen Henson
25d5d15fd5 check return value of BIO_write in PKCS7_decrypt 2012-03-08 14:01:44 +00:00
Dr. Stephen Henson
725713f74a PR: 2755 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions. [0.9.8 version of patch]
 2012-03-07 15:14:16 +00:00
Dr. Stephen Henson
73eb0972cf return failure code if I/O error 2012-03-06 19:08:30 +00:00
Dr. Stephen Henson
6720779c7e revert PR#2755: it breaks compilation 2012-03-06 18:25:33 +00:00
Dr. Stephen Henson
b2a2c6af2a PR: 2755 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
 2012-03-06 13:45:47 +00:00
Dr. Stephen Henson
272993bac4 PR: 2696 Submitted by: Rob Austein <sra@hactrn.net> 
Fix inverted range problem in RFC3779 code.

Thanks to Andrew Chi for generating test cases for this bug.

[from HEAD]
 2012-03-06 13:37:52 +00:00
Dr. Stephen Henson
58532ae047 oops, revert unrelated patches 2012-03-06 13:22:32 +00:00
Dr. Stephen Henson
4e7f6d380d PR: 2748 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.
 2012-03-06 13:20:20 +00:00
Dr. Stephen Henson
f0be325f88 Fix memory leak cause by race condition when creating public keys. 
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
 2012-02-28 14:47:36 +00:00
Dr. Stephen Henson
b66af23aa9 free headers after use in error message 2012-02-27 16:26:32 +00:00
Dr. Stephen Henson
29d0c13e97 Detect symmetric crypto errors in PKCS7_decrypt. 
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
 2012-02-27 15:23:20 +00:00
Dr. Stephen Henson
8a4e81a269 PR: 2711 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Tolerate bad MIME headers in parser.
 2012-02-23 21:50:13 +00:00
Dr. Stephen Henson
843fc7b681 Fix bug in CVE-2011-4619: check we have really received a client hello 
before rejecting multiple SGC restarts.
 2012-02-16 15:21:17 +00:00
Dr. Stephen Henson
6dcb6bf1c1 PR: 2703 
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Fix some memory and resource leaks in CAPI ENGINE.
 2012-02-11 23:12:34 +00:00
Dr. Stephen Henson
1061c3cb3c PR: 2705 
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Only create ex_data indices once for CAPI engine.
 2012-02-11 23:07:32 +00:00
Dr. Stephen Henson
0d0f15d8d1 fix Visual Studio 2010 warning [from HEAD] (original by appro) 2012-01-20 23:24:17 +00:00
Dr. Stephen Henson
a72ce94213 prepare for next version 2012-01-18 14:27:13 +00:00
Dr. Stephen Henson
f71d59c70e update FAQ 2012-01-18 13:15:37 +00:00
Dr. Stephen Henson
3309f8313c prepare for release 2012-01-18 13:14:49 +00:00
Dr. Stephen Henson
6cc5f194a7 update NEWS 2012-01-18 13:13:31 +00:00
Dr. Stephen Henson
096327a99a Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. 
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
 2012-01-18 13:12:08 +00:00