wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9901 commits 20 branches 302 tags 153 MiB
Commit graph

5137 commits

Author SHA1 Message Date
Ben Laurie
92b2530acd Fix warning (hope this doesn't break other platforms, there's a twisty 
little maze of #ifs, all different).
 2012-10-04 15:03:08 +00:00
Bodo Möller
9ff94ad7ae Fix Valgrind warning. 
Submitted by: Adam Langley
 2012-09-24 19:50:00 +00:00
Bodo Möller
9c5d75d5a9 Fix warning. 
Submitted by: Chromium Authors
 2012-09-17 17:26:03 +00:00
Andy Polyakov
a203df7521 sha1-armv4-large.pl: comply with ABI [from HEAD]. 2012-08-17 20:01:47 +00:00
Richard Levitte
83a4ae6b0b Cosmetics: remove duplicate symbol in crypto/symhacks.h 2012-07-05 08:49:02 +00:00
Richard Levitte
9374bc1c10 Cosmetic: Reorder so it's more similar to the Unixly build. 2012-07-04 17:27:43 +00:00
Andy Polyakov
e9c563fc29 bss_dgram.c: fix typos in Windows code. 2012-07-01 09:12:23 +00:00
Andy Polyakov
4887e07819 x86_64 assembly pack: make it possible to compile with Perl located 
on path with spaces [from HEAD].

PR: 2835
 2012-06-27 13:04:17 +00:00
Andy Polyakov
8d2f61ac70 bss_dgram.c: fix bugs [from HEAD]. 
PR: 2833
 2012-06-19 12:50:09 +00:00
Dr. Stephen Henson
bef20d4a68 PR: 2813 
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>

Fix possible deadlock when decoding public keys.
 2012-05-11 13:50:09 +00:00
Dr. Stephen Henson
dddddb2e6c prepare for next version 2012-05-10 16:01:57 +00:00
Dr. Stephen Henson
8fcb93613a prepare for 1.0.0j release 2012-05-10 14:48:54 +00:00
Dr. Stephen Henson
1e4406a854 Reported by: Solar Designer of Openwall 
Make sure tkeylen is initialised properly when encrypting CMS messages.
 2012-05-10 13:28:28 +00:00
Andy Polyakov
c50847c28b ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance 
of digest algorithms, mosty SHA, on Power7. Mystery of century, why SHA,
why slower algorithm are affected more... [from HEAD].
PR: 2794
Submitted by: Ashley Lai
 2012-04-27 20:21:26 +00:00
Dr. Stephen Henson
b1ce2d24dd correct error code 2012-04-22 13:31:37 +00:00
Dr. Stephen Henson
0ed781740d prepare for next version 2012-04-19 17:02:49 +00:00
Dr. Stephen Henson
d0e542fdc9 prepare for 1.0.0i release 2012-04-19 11:47:20 +00:00
Dr. Stephen Henson
5bd4fcc5c2 Check for potentially exploitable overflows in asn1_d2i_read_bio 
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
 2012-04-19 11:44:51 +00:00
Andy Polyakov
d079b387a3 OPENSSL_NO_SOCK fixes [from HEAD]. 
PR: 2791
Submitted by: Ben Noordhuis
 2012-04-16 17:43:28 +00:00
Andy Polyakov
8eeaeb4b04 Minor compatibility fixes [from HEAD]. 
PR: 2790
Submitted by: Alexei Khlebnikov
 2012-04-16 17:37:04 +00:00
Andy Polyakov
cdc575c46b ans1/tasn_prn.c: avoid bool in variable names [from HEAD]. 
PR: 2776
 2012-03-29 17:51:37 +00:00
Dr. Stephen Henson
2f0aaf76f3 Submitted by: Markus Friedl <mfriedl@gmail.com> 
Fix memory leaks in 'goto err' cases.
 2012-03-22 15:43:06 +00:00
Andy Polyakov
216a2a5fc6 x86_64-xlate.pl: remove old kludge. 
PR: 2435,2440
 2012-03-13 19:19:57 +00:00
Dr. Stephen Henson
c2c6044933 prepare for next version 2012-03-12 16:35:49 +00:00
Dr. Stephen Henson
dc95c53c6f corrected fix to PR#2711 and also cover mime_param_cmp 2012-03-12 15:26:48 +00:00
Dr. Stephen Henson
97183a312e prepare for release 2012-03-12 14:24:50 +00:00
Dr. Stephen Henson
6a0a48433b Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and 
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
 2012-03-12 14:22:59 +00:00
Dr. Stephen Henson
18ea747ce4 check return value of BIO_write in PKCS7_decrypt 2012-03-08 14:02:00 +00:00
Dr. Stephen Henson
f4f512a853 PR: 2755 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
 2012-03-06 13:46:52 +00:00
Dr. Stephen Henson
c8ac945d59 PR: 2742 
Reported by: Dmitry Belyavsky <beldmit@gmail.com>

If resigning with detached content in CMS just copy data across.
 2012-02-29 14:01:40 +00:00
Dr. Stephen Henson
92aa50bc03 Fix memory leak cause by race condition when creating public keys. 
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
 2012-02-28 14:47:25 +00:00
Dr. Stephen Henson
2f31308b17 PR: 2736 
Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.
 2012-02-27 18:45:06 +00:00
Dr. Stephen Henson
468d58e712 xn is never actually used, remove it 2012-02-27 17:07:46 +00:00
Dr. Stephen Henson
dd4b50ff6a PR: 2737 
Submitted by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Fix double free in PKCS12_parse if we run out of memory.
 2012-02-27 16:46:54 +00:00
Dr. Stephen Henson
030d5b8c97 PR: 2735 
Make cryptodev digests work. Thanks to Nikos Mavrogiannopoulos for
this fix.
 2012-02-27 16:33:16 +00:00
Dr. Stephen Henson
9b73be38ab free headers after use in error message 2012-02-27 16:27:00 +00:00
Dr. Stephen Henson
e5bf2f5d4c Detect symmetric crypto errors in PKCS7_decrypt. 
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
 2012-02-27 15:23:04 +00:00
Dr. Stephen Henson
a7096946fa PR: 2711 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Tolerate bad MIME headers in parser.
 2012-02-23 21:50:23 +00:00
Dr. Stephen Henson
4a8362a68b PR: 2696 
Submitted by: Rob Austein <sra@hactrn.net>

Fix inverted range problem in RFC3779 code.

Thanks to Andrew Chi for generating test cases for this bug.
 2012-02-23 21:31:10 +00:00
Dr. Stephen Henson
276eb93218 PR: 2717 
Submitted by: Tim Rice <tim@multitalents.net>

Make compilation work on OpenServer 5.0.7
 2012-02-12 18:25:11 +00:00
Andy Polyakov
6b1fb9179e x86_64-xlate.pl: proper solution for RT#2620 [from HEAD]. 2012-01-21 11:35:29 +00:00
Dr. Stephen Henson
702175817f prepare for next version 2012-01-18 14:27:57 +00:00
Dr. Stephen Henson
703ec840dc prepare for release 2012-01-18 13:38:34 +00:00
Andy Polyakov
7aa6d2fcf9 Fix OPNESSL vs. OPENSSL typos [from HEAD]. 
PR: 2613
Submitted by: Leena Heino
 2012-01-15 13:40:40 +00:00
Andy Polyakov
27b1f137ff Sanitize usage of <ctype.h> functions. It's important that characters 
are passed zero-extended, not sign-extended [from HEAD].
PR: 2682
 2012-01-12 16:37:20 +00:00
Andy Polyakov
f63c927e8e asn1/t_x509.c: fix serial number print, harmonize with a_int.c [from HEAD]. 
PR: 2675
Submitted by: Annie Yousar
 2012-01-12 16:36:30 +00:00
Andy Polyakov
9100840258 aes-sparcv9.pl: clean up regexp [from HEAD]. 
PR: 2685
 2012-01-11 15:32:57 +00:00
Dr. Stephen Henson
0f32c83c91 fix warning 2012-01-10 14:37:09 +00:00
Dr. Stephen Henson
08e8d58785 update for next version 2012-01-04 23:55:26 +00:00
Dr. Stephen Henson
c90c41f09d prepare for release 2012-01-04 17:01:33 +00:00
Dr. Stephen Henson
356de7146e Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) 2012-01-04 15:07:54 +00:00
Dr. Stephen Henson
9eab925395 fix warnings 2012-01-04 14:45:09 +00:00
Dr. Stephen Henson
ef7545a3e6 PR: 2563 
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve

Improved PRNG seeding for VOS.
 2011-12-19 17:04:39 +00:00
Andy Polyakov
fecb4ff331 x86-mont.pl: fix bug in integer-only squaring path. 
PR: 2648
 2011-12-09 14:26:56 +00:00
Bodo Möller
47091035f1 Fix ecdsatest.c. 
Submitted by: Emilia Kasper
 2011-12-02 12:41:00 +00:00
Bodo Möller
f3d51d7740 Fix BIO_f_buffer(). 
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
 2011-12-02 12:24:29 +00:00
Andy Polyakov
2fb94e4861 ppc.pl: fix bug in bn_mul_comba4 [from HEAD]. 
PR: 2636
Submitted by: Charles Bryant
 2011-11-05 10:16:46 +00:00
Dr. Stephen Henson
f53337b89c PR: 2632 
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.
 2011-10-26 16:43:14 +00:00
Bodo Möller
f70a5895e3 BN_BLINDING multi-threading fix. 
Submitted by: Emilia Kasper (Google)
 2011-10-19 14:58:34 +00:00
Dr. Stephen Henson
42369021ed PR: 2482 
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.
 2011-10-09 00:56:32 +00:00
Dr. Stephen Henson
c11ada6c99 PR: 2606 
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de>
Reviewed by: steve

Handle timezones correctly in UTCTime.
 2011-09-23 13:39:45 +00:00
Dr. Stephen Henson
ab06ff6bee prepare for next version 2011-09-06 13:44:52 +00:00
Dr. Stephen Henson
bba8456e65 update versions and dates for release 2011-09-06 13:01:44 +00:00
Dr. Stephen Henson
c2a8133d1c Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past 
produce an error (CVE-2011-3207)

Fix TLS ephemeral DH crash bug (CVE-2011-3210)
 2011-09-06 12:53:56 +00:00
Bodo Möller
8eaf563c41 Fix memory leak on bad inputs. 2011-09-05 09:57:03 +00:00
Bodo Möller
80d7e6b039 "make update" 2011-09-05 09:54:59 +00:00
Dr. Stephen Henson
9c44e33230 Don't use *from++ in tolower as this is implemented as a macro on some 
platforms. Thanks to Shayne Murray <Shayne.Murray@Polycom.com> for
reporting this issue.
 2011-09-02 11:28:05 +00:00
Dr. Stephen Henson
b86f3197b7 PR: 2576 
Submitted by: Doug Goldstein <cardoe@gentoo.org>
Reviewed by: steve

Include header file stdlib.h which is needed on some platforms to get
getenv() declaration.
 2011-09-02 11:20:41 +00:00
Dr. Stephen Henson
dd3a770e07 Add error checking to PKCS1_MGF1. From HEAD. 2011-09-01 15:42:38 +00:00
Dr. Stephen Henson
64763ce09b PR: 2340 
Submitted by: "Mauro H. Leggieri" <mxmauro@caiman.com.ar>
Reviewed by: steve

Stop warnings if OPENSSL_NO_DGRAM is defined.
 2011-09-01 15:02:53 +00:00
Dr. Stephen Henson
2fffc29bd1 make timing attack protection unconditional 2011-09-01 14:23:31 +00:00
Dr. Stephen Henson
b5bd966ea4 PR: 2589 
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Initialise p pointer.
 2011-09-01 13:52:27 +00:00
Dr. Stephen Henson
e71f7786e3 PR: 2588 
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Close file pointer.
 2011-09-01 13:48:57 +00:00
Andy Polyakov
2e4abe2ce2 Alpha assembler fixes from HEAD. 
PR: 2577
 2011-08-12 12:32:10 +00:00
Dr. Stephen Henson
ea294bb50e PR: 2559 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS socket error bug
 2011-07-20 15:21:52 +00:00
Dr. Stephen Henson
fe8629e1a5 PR: 2556 (partial) 
Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de>
Reviewed by: steve

Fix OID routines.

Check on encoding leading zero rejection should start at beginning of
encoding.

Allow for initial digit when testing when to use BIGNUMs which can increase
first value by 2 * 40.
 2011-07-14 12:01:25 +00:00
Andy Polyakov
b680fef061 perlasm/cbc.pl: fix tail processing bug [from HEAD]. 
PR: 2557
 2011-07-13 06:23:25 +00:00
Dr. Stephen Henson
8b9db484ed PR: 2470 
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Reviewed by: steve

Don't call ERR_remove_state from DllMain.
 2011-06-22 15:39:00 +00:00
Dr. Stephen Henson
419a530194 PR: 2540 
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Prevent infinite loop in BN_GF2m_mod_inv().
 2011-06-22 15:23:32 +00:00
Dr. Stephen Henson
69a8901eb1 correctly encode OIDs near 2^32 2011-06-22 15:15:38 +00:00
Dr. Stephen Henson
2bcd08e691 make EVP_dss() work for DSA signing 2011-06-20 20:05:38 +00:00
Dr. Stephen Henson
92107f8150 Fix the ECDSA timing attack mentioned in the paper at: 
http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
 2011-05-25 14:52:44 +00:00
Dr. Stephen Henson
e82d6a2019 Fix the ECDSA timing attack mentioned in the paper at: 
http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
 2011-05-25 14:43:05 +00:00
Dr. Stephen Henson
dda8dcd2c0 PR: 2512 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix BIO_accept so it can be bound to IPv4 or IPv6 sockets consistently.
 2011-05-25 12:36:50 +00:00
Dr. Stephen Henson
c4f1942a76 inherit HMAC flags from MD_CTX 2011-05-19 17:39:49 +00:00
Dr. Stephen Henson
51eb247d0f no need to include memory.h 2011-04-30 23:38:24 +00:00
Dr. Stephen Henson
8d22673a62 check buffer is larger enough before overwriting 2011-04-06 18:07:02 +00:00
Richard Levitte
067d72a082 Corrections to the VMS build system. 
Submitted by Steven M. Schweda <sms@antinode.info>
 2011-03-25 16:21:39 +00:00
Dr. Stephen Henson
ac0f3f506a make some non-VMS builds work again 2011-03-25 15:06:50 +00:00
Richard Levitte
f819147028 For VMS, implement the possibility to choose 64-bit pointers with 
different options:
"64"		The build system will choose /POINTER_SIZE=64=ARGV if
		the compiler supports it, otherwise /POINTER_SIZE=64.
"64="		The build system will force /POINTER_SIZE=64.
"64=ARGV"	The build system will force /POINTER_SIZE=64=ARGV.
 2011-03-25 09:40:18 +00:00
Richard Levitte
a530963f05 make update (1.0.0-stable) 2011-03-22 23:56:18 +00:00
Richard Levitte
2f91cb2c5e Keep file references in the VMS build files in the same order as they 
are in the Unix Makefiles
 2011-03-19 10:44:41 +00:00
Richard Levitte
2d842a90f8 Apply all the changes submitted by Steven M. Schweda <sms@antinode.info> 2011-03-19 09:44:53 +00:00
Andy Polyakov
7d0ed89d57 s390x-mont.pl: optimize for z196. 2011-03-04 13:11:54 +00:00
Andy Polyakov
0912fae6ce dso_dlfcn.c: make it work on Tru64 4.0 [from HEAD]. 
PR: 2316
 2011-02-12 16:46:10 +00:00
Bodo Möller
c9355e20c3 start 1.0.0e-dev 2011-02-08 17:58:45 +00:00
Bodo Möller
6545372c24 OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) 
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
 2011-02-08 17:10:53 +00:00
Bodo Möller
d48df9a91b Assorted bugfixes: 
- safestack macro changes for C++ were incomplete
- RLE decompression boundary case
- SSL 2.0 key arg length check

Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)
 2011-02-03 12:04:40 +00:00
Dr. Stephen Henson
a677c87b7b Since FIPS 186-3 specifies we use the leftmost bits of the digest 
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
 2011-02-01 12:54:04 +00:00
Dr. Stephen Henson
f8a123b4a2 stop warnings about no previous prototype when compiling shared engines 2011-01-30 01:05:38 +00:00