Dr. Stephen Henson
aabbe99fcb
Update CHANGES and NEWS
2014-06-05 09:04:27 +01:00
mancha
e622237d12
Fix version documentation.
...
Specify -f is for compilation flags. Add -d to synopsis section.
(cherry picked from commit 006397ea62bbcae22c8664d53c2222b808c4bdd1)
Closes #79 .
2014-04-26 11:21:34 +01:00
mancha
f0816174d2
Fix eckey_priv_encode()
...
Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey.
2014-04-24 19:32:17 +00:00
Ben Laurie
9c8dc84ac1
Fix double frees.
2014-04-22 17:02:37 +01:00
Dr. Stephen Henson
ebe221948d
Prepare for 1.0.1h-dev
2014-04-07 17:58:39 +01:00
Dr. Stephen Henson
b2d951e423
Prepare for 1.0.1g release
2014-04-07 17:55:44 +01:00
Dr. Stephen Henson
96db9023b8
Add heartbeat extension bounds check.
...
A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.
Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
2014-04-07 17:53:31 +01:00
Dr. Stephen Henson
51624dbdae
Set TLS padding extension value.
...
Enable TLS padding extension using official value from:
http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
(cherry picked from commit cd6bd5ffda
)
Conflicts:
CHANGES
ssl/tls1.h
2014-04-05 20:52:59 +01:00
Dr. Stephen Henson
4b7a4ba29c
Fix for CVE-2014-0076
...
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483
)
Conflicts:
CHANGES
2014-03-12 14:19:54 +00:00
Dr. Stephen Henson
4a55631e4d
Backport TLS padding extension from master.
...
(cherry picked from commit 8c6d8c2a49
)
Conflicts:
CHANGES
ssl/t1_lib.c
2014-02-05 15:42:04 +00:00
Dr. Stephen Henson
a7304e4b98
Prepare for 1.0.1g-dev
2014-01-06 14:37:03 +00:00
Dr. Stephen Henson
0d8776344c
Prepare for 1.0.1f release
2014-01-06 14:36:07 +00:00
Dr. Stephen Henson
197e0ea817
Fix for TLS record tampering bug CVE-2013-4353
2014-01-06 14:35:04 +00:00
Dr. Stephen Henson
34628967f1
Fix DTLS retransmission from previous session.
...
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
2013-12-20 23:12:18 +00:00
Rob Stradling
13bca90ac5
Update CHANGES.
2013-09-16 15:17:37 +01:00
Bodo Moeller
cc53b38574
Sync CHANGES and NEWS files.
2013-09-16 14:47:56 +02:00
Dr. Stephen Henson
625a55324f
update CHANGES
2013-02-11 16:35:10 +00:00
Dr. Stephen Henson
3151e328e0
prepare for next version
2013-02-11 16:14:11 +00:00
Dr. Stephen Henson
f66db68e1f
prepare for release
2013-02-11 11:57:46 +00:00
Dr. Stephen Henson
41cf07f0ec
prepare for next version
2013-02-06 02:26:24 +00:00
Dr. Stephen Henson
62f4033381
typo
2013-02-04 23:12:58 +00:00
Dr. Stephen Henson
df0d93564e
typo
2013-02-04 22:39:37 +00:00
Dr. Stephen Henson
f1ca56a69f
Add CHANGES entries.
2013-02-04 20:37:46 +00:00
Dr. Stephen Henson
62e4506a7d
Don't try and verify signatures if key is NULL (CVE-2013-0166)
...
Add additional check to catch this in ASN1_item_verify too.
2013-01-29 16:49:24 +00:00
Ben Laurie
5bb6d96558
Make verify return errors.
2012-12-13 15:48:42 +00:00
Ben Laurie
70d91d60bc
Call OCSP Stapling callback after ciphersuite has been chosen, so the
...
right response is stapled. Also change SSL_get_certificate() so it
returns the certificate actually sent.
See http://rt.openssl.org/Ticket/Display.html?id=2836 .
2012-09-17 14:39:38 +00:00
Dr. Stephen Henson
eeca72f71e
PR: 2813
...
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>
Fix possible deadlock when decoding public keys.
2012-05-11 13:52:46 +00:00
Dr. Stephen Henson
6e164e5c3d
PR: 2811
...
Reported by: Phil Pennock <openssl-dev@spodhuis.org>
Make renegotiation work for TLS 1.2, 1.1 by not using a lower record
version client hello workaround if renegotiating.
2012-05-11 13:32:26 +00:00
Dr. Stephen Henson
d9c34505e5
prepare for next version
2012-05-10 16:02:30 +00:00
Dr. Stephen Henson
f9885acc8c
prepare for 1.0.1c release
2012-05-10 15:16:37 +00:00
Dr. Stephen Henson
d414a5a0f0
Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and
...
DTLS to fix DoS attack.
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
2012-05-10 15:10:15 +00:00
Dr. Stephen Henson
5b9d0995a1
Reported by: Solar Designer of Openwall
...
Make sure tkeylen is initialised properly when encrypting CMS messages.
2012-05-10 13:34:22 +00:00
Dr. Stephen Henson
c76b7a1a82
Don't try to use unvalidated composite ciphers in FIPS mode
2012-04-26 18:49:45 +00:00
Dr. Stephen Henson
c940e07014
prepare for next version
2012-04-26 12:01:38 +00:00
Dr. Stephen Henson
effa47b80a
prepare for 1.0.1b release
2012-04-26 10:40:39 +00:00
Andy Polyakov
748628ced0
CHANGES: clarify.
2012-04-26 07:34:39 +00:00
Andy Polyakov
6791060eae
CHANGEs: fix typos and clarify.
2012-04-26 07:25:04 +00:00
Dr. Stephen Henson
502dfeb8de
Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and
...
OpenSSL 1.0.0. Add CHANGES entry noting the consequences.
2012-04-25 23:08:44 +00:00
Andy Polyakov
5bbed29518
s23_clnt.c: ensure interoperability by maitaining client "version capability"
...
vector contiguous [from HEAD].
PR: 2802
2012-04-25 22:07:23 +00:00
Dr. Stephen Henson
e7d2a37158
update for next version
2012-04-19 16:53:43 +00:00
Dr. Stephen Henson
531c6fc8f3
prepare for 1.0.1a release
2012-04-19 12:17:19 +00:00
Dr. Stephen Henson
8d5505d099
Check for potentially exploitable overflows in asn1_d2i_read_bio
...
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.
Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
2012-04-19 12:13:59 +00:00
Bodo Möller
4d936ace08
Disable SHA-2 ciphersuites in < TLS 1.2 connections.
...
(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)
Submitted by: Adam Langley
2012-04-17 15:20:17 +00:00
Dr. Stephen Henson
89bd25eb26
Additional workaround for PR#2771
...
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
ciphersuites to this value. A value of 50 should be sufficient.
Document workarounds in CHANGES.
2012-04-17 14:41:23 +00:00
Andy Polyakov
d2f950c984
CHANGES: mention vpaes fix and harmonize with 1.0.0.
...
PR: 2775
2012-03-31 18:55:41 +00:00
Dr. Stephen Henson
e733dea3ce
update version to 1.0.1a-dev
2012-03-22 15:18:19 +00:00
Dr. Stephen Henson
f3dcae15ac
prepare for 1.0.1 release
2012-03-14 12:04:40 +00:00
Dr. Stephen Henson
08e4c7a967
correct CHANGES
2012-02-23 22:13:59 +00:00
Dr. Stephen Henson
a8314df902
Fix bug in CVE-2011-4619: check we have really received a client hello
...
before rejecting multiple SGC restarts.
2012-02-16 15:25:39 +00:00
Dr. Stephen Henson
0cd7a0325f
Additional compatibility fix for MDC2 signature format.
...
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.
2012-02-15 14:14:01 +00:00