Dr. Stephen Henson
6cc5f194a7
update NEWS
2012-01-18 13:13:31 +00:00
Dr. Stephen Henson
096327a99a
Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
...
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
2012-01-18 13:12:08 +00:00
Dr. Stephen Henson
cc10bcf25e
fix CHANGES entry
2012-01-17 14:18:26 +00:00
Dr. Stephen Henson
875ac0ec00
fix warning
2012-01-10 14:37:00 +00:00
Bodo Möller
bf240f063a
Fix usage indentation
2012-01-05 13:15:29 +00:00
Bodo Möller
dd016b0570
Fix for builds without DTLS support.
...
Submitted by: Brian Carlstrom
2012-01-05 10:21:49 +00:00
Dr. Stephen Henson
244788464a
update for next version
2012-01-04 23:56:13 +00:00
Dr. Stephen Henson
a95808334e
update FAQ
2012-01-04 19:23:07 +00:00
Dr. Stephen Henson
b3cebd5acf
prepare for 0.9.8s release
2012-01-04 19:20:49 +00:00
Dr. Stephen Henson
7b775145e4
update NEWS
2012-01-04 19:16:11 +00:00
Dr. Stephen Henson
7183aa6b9d
make update
2012-01-04 19:12:39 +00:00
Dr. Stephen Henson
eebefe35e7
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
...
Reviewed by: steve
Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
2012-01-04 19:10:16 +00:00
Dr. Stephen Henson
1db0bbdc76
Fix double free in policy check code (CVE-2011-4109)
2012-01-04 19:00:28 +00:00
Dr. Stephen Henson
e643112dd8
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
2012-01-04 18:54:17 +00:00
Dr. Stephen Henson
21c4b25959
Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
2012-01-04 18:52:18 +00:00
Dr. Stephen Henson
41cf2c3aef
stop warning
2012-01-04 18:45:18 +00:00
Dr. Stephen Henson
0e3a930fb4
Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)
2012-01-04 18:44:20 +00:00
Dr. Stephen Henson
0c214e0153
Submitted by: Adam Langley <agl@chromium.org>
...
Reviewed by: steve
Fix memory leaks.
2012-01-04 14:25:10 +00:00
Dr. Stephen Henson
6c61cfbe03
PR: 2326
...
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve
Fix incorrect comma expressions and goto f_err as alert has been set.
2011-12-26 19:38:28 +00:00
Andy Polyakov
2ee77d36a0
x86-mont.pl: fix bug in integer-only squaring path [from HEAD].
...
PR: 2648
2011-12-09 14:28:48 +00:00
Dr. Stephen Henson
24f441e0bb
The default CN prompt message can be confusing when often the CN needs to
...
be the server FQDN: change it.
[Reported by PSW Group]
2011-12-06 00:01:09 +00:00
Bodo Möller
740da44f20
Resolve a stack set-up race condition (if the list of compression
...
methods isn't presorted, it will be sorted on first read).
Submitted by: Adam Langley
2011-12-02 12:50:44 +00:00
Bodo Möller
72033fde7b
Fix ecdsatest.c.
...
Submitted by: Emilia Kasper
2011-12-02 12:40:25 +00:00
Bodo Möller
9adf3fcf9a
Fix BIO_f_buffer().
...
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
2011-12-02 12:23:57 +00:00
Andy Polyakov
65f7456652
ppc.pl: fix bug in bn_mul_comba4 [from HEAD].
...
PR: 2636
Submitted by: Charles Bryant
2011-11-05 10:17:06 +00:00
Dr. Stephen Henson
8794569a08
PR: 2628
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.
2011-10-27 13:06:26 +00:00
Dr. Stephen Henson
f8731bc2fd
PR: 2632
...
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve
Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.
2011-10-26 16:42:48 +00:00
Bodo Möller
195d6bf760
BN_BLINDING multi-threading fix.
...
Submitted by: Emilia Kasper (Google)
2011-10-19 14:57:59 +00:00
Bodo Möller
dacd94b9c8
Oops: this change ( http://cvs.openssl.org/chngview?cn=21503 )
...
wasn't right for 0.9.8-stable (it's actually a fix for
http://cvs.openssl.org/chngview?cn=14494 , which introduced
SSL_CTRL_SET_MAX_SEND_FRAGMENT).
2011-10-19 13:53:41 +00:00
Bodo Möller
8070cb5f87
Clarify warning
2011-10-13 13:24:13 +00:00
Bodo Möller
f7d514f449
In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
...
Submitted by: Bob Buckholz <bbuckholz@google.com>
2011-10-13 13:04:40 +00:00
Dr. Stephen Henson
6d50bce79f
PR: 2482
...
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.
2011-10-09 00:56:18 +00:00
Dr. Stephen Henson
3cf0a38b3e
fix signed/unsigned warning
2011-09-26 17:05:00 +00:00
Dr. Stephen Henson
91a1d08a4c
use keyformat for -x509toreq, don't hard code PEM
2011-09-23 21:49:08 +00:00
Dr. Stephen Henson
85e776885b
PR: 2606
...
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de>
Reviewed by: steve
Handle timezones correctly in UTCTime.
2011-09-23 13:40:06 +00:00
Dr. Stephen Henson
fc4015329f
PR: 2602
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS bug which prevents manual MTU setting
2011-09-23 13:35:32 +00:00
Dr. Stephen Henson
6ec9ff83f3
PR: 2347
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Reviewed by: steve
Fix usage message.
2011-09-23 13:13:02 +00:00
Bodo Möller
db45308477
(EC)DH memory handling fixes.
...
Submitted by: Adam Langley
2011-09-05 10:25:15 +00:00
Bodo Möller
1c7c69a8a5
Fix memory leak on bad inputs.
2011-09-05 09:56:48 +00:00
Bodo Möller
24ad061037
Move OPENSSL_init declaration out of auto-generated code section
...
(it is not auto-generated).
2011-09-05 09:52:58 +00:00
Dr. Stephen Henson
92f96fa721
PR: 2576
...
Submitted by: Doug Goldstein <cardoe@gentoo.org>
Reviewed by: steve
Include header file stdlib.h which is needed on some platforms to get
getenv() declaration.
2011-09-02 11:20:49 +00:00
Dr. Stephen Henson
0d1e362363
PR: 2340
...
Submitted by: "Mauro H. Leggieri" <mxmauro@caiman.com.ar>
Reviewed by: steve
Stop warnings if OPENSSL_NO_DGRAM is defined.
2011-09-01 15:03:10 +00:00
Dr. Stephen Henson
a0bf2c86ab
make timing attack protection unconditional
2011-09-01 14:23:41 +00:00
Dr. Stephen Henson
6a662a45f3
PR: 2573
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS buffering and decryption bug.
2011-09-01 14:01:36 +00:00
Dr. Stephen Henson
24d0524f31
PR: 2588
...
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve
Close file pointer.
2011-09-01 13:48:48 +00:00
Dr. Stephen Henson
c081817c95
PR: 2586
...
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve
Fix brace mismatch.
2011-09-01 13:37:11 +00:00
Dr. Stephen Henson
46a1f2487e
PR: 2559
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS socket error bug
2011-07-20 15:20:19 +00:00
Dr. Stephen Henson
ac02a4b68a
PR: 2555
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS sequence number bug
2011-07-20 15:17:20 +00:00
Dr. Stephen Henson
4ba063d3c5
PR: 2550
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS HelloVerifyRequest Timer bug
2011-07-20 15:12:58 +00:00
Andy Polyakov
e0e0818e4b
config: detect if assembler supports --noexecstack and pass it down [from HEAD].
2011-07-15 19:59:31 +00:00