openssl

Author	SHA1	Message	Date
Dr. Stephen Henson	24b2806097	Move CRYPTO_memcmp to o_init.c when compiling with fips: cryptlib.o is in the fips module for fips capable builds.	2013-02-05 16:50:34 +00:00
Ben Laurie	2928cb4c82	Fixups.	2013-02-05 16:50:33 +00:00
Ben Laurie	35a65e814b	Make CBC decoding constant time. This patch makes the decoding of SSLv3 and TLS CBC records constant time. Without this, a timing side-channel can be used to build a padding oracle and mount Vaudenay's attack. This patch also disables the stitched AESNI+SHA mode pending a similar fix to that code. In order to be easy to backport, this change is implemented in ssl/, rather than as a generic AEAD mode. In the future this should be changed around so that HMAC isn't in ssl/, but crypto/ as FIPS expects. (cherry picked from commit `e130841bcc`) Conflicts: crypto/evp/c_allc.c ssl/ssl_algs.c ssl/ssl_locl.h ssl/t1_enc.c (cherry picked from commit 3622239826698a0e534dcf0473204c724bb9b4b4) Conflicts: ssl/d1_enc.c ssl/s3_enc.c ssl/s3_pkt.c ssl/ssl3.h ssl/ssl_algs.c ssl/t1_enc.c	2013-02-05 16:50:32 +00:00
Ben Laurie	2708813166	Add and use a constant-time memcmp. This change adds CRYPTO_memcmp, which compares two vectors of bytes in an amount of time that's independent of their contents. It also changes several MAC compares in the code to use this over the standard memcmp, which may leak information about the size of a matching prefix. (cherry picked from commit `2ee798880a`) Conflicts: crypto/crypto.h ssl/t1_lib.c (cherry picked from commit dc406b59f3169fe191e58906df08dce97edb727c) Conflicts: crypto/crypto.h ssl/d1_pkt.c ssl/s3_pkt.c	2013-02-05 16:50:32 +00:00
Dr. Stephen Henson	66e8211c0b	Don't try and verify signatures if key is NULL (CVE-2013-0166) Add additional check to catch this in ASN1_item_verify too.	2013-02-05 16:50:31 +00:00
Dr. Stephen Henson	dd2dee60f3	Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set	2013-01-23 01:16:59 +00:00
Dr. Stephen Henson	6495179af6	Don't include comp.h if no-comp set.	2013-01-20 01:16:25 +00:00
Dr. Stephen Henson	42e10c3fd6	PR: 2803 Submitted by: jean-etienne.schwartz@bull.net In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.	2012-11-29 19:16:01 +00:00
Bodo Möller	75f0bc4f44	Fix EC_KEY initialization race. Submitted by: Adam Langley	2012-10-05 20:51:47 +00:00
Bodo Möller	f7d2402cab	Fix Valgrind warning. Submitted by: Adam Langley	2012-09-24 19:50:07 +00:00
Richard Levitte	afa0580cd5	Remove duplicate symbol in crypto/symhacks.h Have the new names start in column 48, that makes it easy to see when the 31 character limit is reached (on a 80 column display, do the math)	2012-07-05 09:06:20 +00:00
Dr. Stephen Henson	4baee3031c	PR: 2813 Reported by: Constantine Sapuntzakis <csapuntz@gmail.com> Fix possible deadlock when decoding public keys.	2012-05-11 13:49:15 +00:00
Dr. Stephen Henson	db7a72b224	prepare for next version	2012-05-10 16:01:11 +00:00
Dr. Stephen Henson	f856173c43	prepare for 0.9.8x release	2012-05-10 14:36:07 +00:00
Dr. Stephen Henson	3978429ad5	Reported by: Solar Designer of Openwall Make sure tkeylen is initialised properly when encrypting CMS messages.	2012-05-10 13:27:57 +00:00
Dr. Stephen Henson	e22e770147	prepare for next version	2012-04-23 21:15:22 +00:00
Dr. Stephen Henson	6dde222aae	prepare form 0.9.8w release	2012-04-23 20:45:29 +00:00
Dr. Stephen Henson	8d038a08fb	The fix for CVE-2012-2110 did not take into account that the 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an int in OpenSSL 0.9.8, making it still vulnerable. Fix by rejecting negative len parameter. Thanks to the many people who reported this bug and to Tomas Hoger <thoger@redhat.com> for supplying the fix.	2012-04-23 20:35:55 +00:00
Dr. Stephen Henson	747c6ffda4	correct error code	2012-04-22 13:31:46 +00:00
Dr. Stephen Henson	eb7112c18e	prepare for next version	2012-04-19 17:03:28 +00:00
Dr. Stephen Henson	8ab27e6ef7	prepare for 0.9.8v release	2012-04-19 11:39:03 +00:00
Dr. Stephen Henson	556e27b14f	Check for potentially exploitable overflows in asn1_d2i_read_bio BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)	2012-04-19 11:36:09 +00:00
Dr. Stephen Henson	e351e2a7cf	prepare for next version	2012-03-12 16:35:13 +00:00
Dr. Stephen Henson	215276243d	corrected fix to PR#2711 and also cover mime_param_cmp	2012-03-12 15:25:53 +00:00
Dr. Stephen Henson	2fad41d155	prepare for release	2012-03-12 14:53:14 +00:00
Dr. Stephen Henson	4f2fc3c2dd	Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and continue with symmetric decryption process to avoid leaking timing information to an attacker. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this issue. (CVE-2012-0884)	2012-03-12 14:51:45 +00:00
Dr. Stephen Henson	25d5d15fd5	check return value of BIO_write in PKCS7_decrypt	2012-03-08 14:01:44 +00:00
Dr. Stephen Henson	725713f74a	PR: 2755 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reduce MTU after failed transmissions. [0.9.8 version of patch]	2012-03-07 15:14:16 +00:00
Dr. Stephen Henson	73eb0972cf	return failure code if I/O error	2012-03-06 19:08:30 +00:00
Dr. Stephen Henson	6720779c7e	revert PR#2755: it breaks compilation	2012-03-06 18:25:33 +00:00
Dr. Stephen Henson	b2a2c6af2a	PR: 2755 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reduce MTU after failed transmissions.	2012-03-06 13:45:47 +00:00
Dr. Stephen Henson	272993bac4	PR: 2696 Submitted by: Rob Austein <sra@hactrn.net> Fix inverted range problem in RFC3779 code. Thanks to Andrew Chi for generating test cases for this bug. [from HEAD]	2012-03-06 13:37:52 +00:00
Dr. Stephen Henson	58532ae047	oops, revert unrelated patches	2012-03-06 13:22:32 +00:00
Dr. Stephen Henson	4e7f6d380d	PR: 2748 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix possible DTLS timer deadlock.	2012-03-06 13:20:20 +00:00
Dr. Stephen Henson	f0be325f88	Fix memory leak cause by race condition when creating public keys. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.	2012-02-28 14:47:36 +00:00
Dr. Stephen Henson	b66af23aa9	free headers after use in error message	2012-02-27 16:26:32 +00:00
Dr. Stephen Henson	29d0c13e97	Detect symmetric crypto errors in PKCS7_decrypt. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.	2012-02-27 15:23:20 +00:00
Dr. Stephen Henson	8a4e81a269	PR: 2711 Submitted by: Tomas Mraz <tmraz@redhat.com> Tolerate bad MIME headers in parser.	2012-02-23 21:50:13 +00:00
Dr. Stephen Henson	a72ce94213	prepare for next version	2012-01-18 14:27:13 +00:00
Dr. Stephen Henson	3309f8313c	prepare for release	2012-01-18 13:14:49 +00:00
Dr. Stephen Henson	875ac0ec00	fix warning	2012-01-10 14:37:00 +00:00
Dr. Stephen Henson	244788464a	update for next version	2012-01-04 23:56:13 +00:00
Dr. Stephen Henson	b3cebd5acf	prepare for 0.9.8s release	2012-01-04 19:20:49 +00:00
Dr. Stephen Henson	1db0bbdc76	Fix double free in policy check code (CVE-2011-4109)	2012-01-04 19:00:28 +00:00
Dr. Stephen Henson	0e3a930fb4	Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)	2012-01-04 18:44:20 +00:00
Andy Polyakov	2ee77d36a0	x86-mont.pl: fix bug in integer-only squaring path [from HEAD]. PR: 2648	2011-12-09 14:28:48 +00:00
Bodo Möller	72033fde7b	Fix ecdsatest.c. Submitted by: Emilia Kasper	2011-12-02 12:40:25 +00:00
Bodo Möller	9adf3fcf9a	Fix BIO_f_buffer(). Submitted by: Adam Langley Reviewed by: Bodo Moeller	2011-12-02 12:23:57 +00:00
Andy Polyakov	65f7456652	ppc.pl: fix bug in bn_mul_comba4 [from HEAD]. PR: 2636 Submitted by: Charles Bryant	2011-11-05 10:17:06 +00:00
Dr. Stephen Henson	f8731bc2fd	PR: 2632 Submitted by: emmanuel.azencot@bull.net Reviewed by: steve Return -1 immediately if not affine coordinates as BN_CTX has not been set up.	2011-10-26 16:42:48 +00:00
Bodo Möller	195d6bf760	BN_BLINDING multi-threading fix. Submitted by: Emilia Kasper (Google)	2011-10-19 14:57:59 +00:00
Dr. Stephen Henson	6d50bce79f	PR: 2482 Submitted by: Rob Austein <sra@hactrn.net> Reviewed by: steve Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.	2011-10-09 00:56:18 +00:00
Dr. Stephen Henson	85e776885b	PR: 2606 Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de> Reviewed by: steve Handle timezones correctly in UTCTime.	2011-09-23 13:40:06 +00:00
Bodo Möller	1c7c69a8a5	Fix memory leak on bad inputs.	2011-09-05 09:56:48 +00:00
Bodo Möller	24ad061037	Move OPENSSL_init declaration out of auto-generated code section (it is not auto-generated).	2011-09-05 09:52:58 +00:00
Dr. Stephen Henson	92f96fa721	PR: 2576 Submitted by: Doug Goldstein <cardoe@gentoo.org> Reviewed by: steve Include header file stdlib.h which is needed on some platforms to get getenv() declaration.	2011-09-02 11:20:49 +00:00
Dr. Stephen Henson	0d1e362363	PR: 2340 Submitted by: "Mauro H. Leggieri" <mxmauro@caiman.com.ar> Reviewed by: steve Stop warnings if OPENSSL_NO_DGRAM is defined.	2011-09-01 15:03:10 +00:00
Dr. Stephen Henson	a0bf2c86ab	make timing attack protection unconditional	2011-09-01 14:23:41 +00:00
Dr. Stephen Henson	24d0524f31	PR: 2588 Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com> Reviewed by: steve Close file pointer.	2011-09-01 13:48:48 +00:00
Dr. Stephen Henson	46a1f2487e	PR: 2559 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS socket error bug	2011-07-20 15:20:19 +00:00
Dr. Stephen Henson	82a5049f6a	PR: 2556 (partial) Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de> Reviewed by: steve Fix OID routines. Check on encoding leading zero rejection should start at beginning of encoding. Allow for initial digit when testing when to use BIGNUMs which can increase first value by 2 * 40.	2011-07-14 12:01:08 +00:00
Andy Polyakov	d027b75b73	perlasm/cbc.pl: fix tail processing bug [from HEAD]. PR: 2557	2011-07-13 06:25:15 +00:00
Dr. Stephen Henson	87d14a3625	PR: 2470 Submitted by: Corinna Vinschen <vinschen@redhat.com> Reviewed by: steve Don't call ERR_remove_state from DllMain.	2011-06-22 15:39:19 +00:00
Dr. Stephen Henson	22152d6885	PR: 2540 Submitted by: emmanuel.azencot@bull.net Reviewed by: steve Prevent infinite loop in BN_GF2m_mod_inv().	2011-06-22 15:23:20 +00:00
Dr. Stephen Henson	102bcbce8d	correctly encode OIDs near 2^32	2011-06-22 15:15:20 +00:00
Andy Polyakov	8655de423d	rc4_skey.c [0.9.8]: at some point rc4_skey and x86[_64]cpuid were modified to examine bit#20 on x86[_64], but it was erroneously reverted to bit#28 in 2008 in process of FIPS integration.	2011-06-06 19:58:21 +00:00
Dr. Stephen Henson	bc7ee385f5	Fix the ECDSA timing attack mentioned in the paper at: http://eprint.iacr.org/2011/232.pdf Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for bringing this to our attention.	2011-05-25 14:52:54 +00:00
Dr. Stephen Henson	1e368ab08f	Fix the ECDSA timing attack mentioned in the paper at: http://eprint.iacr.org/2011/232.pdf Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for bringing this to our attention.	2011-05-25 14:43:47 +00:00
Dr. Stephen Henson	6d12b1f82b	check buffer is larger enough before overwriting	2011-04-06 18:07:12 +00:00
Bodo Möller	d430f56de6	start 0.9.8s-dev	2011-02-08 17:58:34 +00:00
Bodo Möller	957ebe98fb	OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) Submitted by: Neel Mehta, Adam Langley, Bodo Moeller	2011-02-08 17:10:47 +00:00
Bodo Möller	9d09fc8485	Assorted bugfixes: - RLE decompression boundary case - SSL 2.0 key arg length check Submitted by: Google (Neel Mehta, Bodo Moeller)	2011-02-03 12:04:48 +00:00
Dr. Stephen Henson	a3dc628d86	PR: 2433 Submitted by: Chris Wilson <chris@qwirx.com> Reviewed by: steve Constify ASN1_STRING_set_default_mask_asc().	2011-01-24 16:21:00 +00:00
Dr. Stephen Henson	3c159fc1a5	check EC public key isn't point at infinity	2011-01-24 15:08:12 +00:00
Dr. Stephen Henson	6056afd223	PR: 1612 Submitted by: Robert Jackson <robert@rjsweb.net> Reviewed by: steve Fix EC_POINT_cmp function for case where b but not a is the point at infinity.	2011-01-24 14:42:11 +00:00
Dr. Stephen Henson	f4a4a0fdc7	PR: 2411 Submitted by: Rob Austein <sra@hactrn.net> Reviewed by: steve Fix corner cases in RFC3779 code.	2011-01-03 01:40:22 +00:00
Dr. Stephen Henson	9ad765173f	Fix escaping code for string printing. If any escaping is enabled we must escape the escape character itself (backslash).	2011-01-03 01:26:33 +00:00
Dr. Stephen Henson	c8e3c1a9b5	PR: 2410 Submitted by: Rob Austein <sra@hactrn.net> Reviewed by: steve Use OPENSSL_assert() instead of assert().	2011-01-03 01:20:03 +00:00
Dr. Stephen Henson	ae378b769a	use fips-dev not dev-fips	2011-01-03 00:43:47 +00:00
Dr. Stephen Henson	4de4e35459	PR: 2416 Submitted by: Mark Phalan <mark.phalan@oracle.com> Reviewed by: steve Use L suffix in version number.	2011-01-03 00:25:47 +00:00
Bodo Möller	5537a83e56	Add missing explicit instruction size. [CVS head and later branches have this since revision 1.7 of this file.] Submitted by: Chandler Carruth (Google)	2010-12-13 20:47:26 +00:00
Dr. Stephen Henson	b8be571868	update for next release	2010-12-02 19:42:28 +00:00
Dr. Stephen Henson	acd43bf38c	prepare for release	2010-12-02 18:53:52 +00:00
Dr. Stephen Henson	7258d33794	PR: 2386 Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch> Reviewed by: steve Correct SKM_ASN1_SET_OF_d2i macro.	2010-12-02 18:02:02 +00:00
Dr. Stephen Henson	4d6af5c5d2	../comm.txt	2010-11-27 17:33:34 +00:00
Ben Laurie	efed63d783	Backport J-PAKE fix.	2010-11-26 16:03:23 +00:00
Dr. Stephen Henson	0067580321	update for next version	2010-11-16 16:35:37 +00:00
Dr. Stephen Henson	82e0073624	oops, correct version number	2010-11-16 14:56:17 +00:00
Dr. Stephen Henson	7e541b1a7f	prepare for release	2010-11-16 14:37:28 +00:00
Dr. Stephen Henson	3e8b8b8990	Submitted by: Jonathan Dixon <joth@chromium.org> Reviewed by: steve If store is NULL set flags correctly.	2010-11-02 15:57:00 +00:00
Dr. Stephen Henson	05bbbe9204	PR: 2295 Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com> Reviewed by: steve OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code elimination.	2010-10-11 23:28:54 +00:00
Dr. Stephen Henson	93fc0e0e40	We can't always read 6 bytes in an OCSP response: fix so error statuses are read correctly for non-blocking I/O.	2010-10-06 18:01:35 +00:00
Dr. Stephen Henson	6cb5746b65	Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), this means that some implementations will be used automatically, e.g. aesni, we do this for cryptodev anyway. Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.	2010-10-03 18:55:57 +00:00
Dr. Stephen Henson	ae3b60ba99	fix bug in AES_unwrap()	2010-08-30 23:57:03 +00:00
Bodo Möller	d4ba6424a1	ECC library bugfixes. Submitted by: Emilia Kapser (Google)	2010-08-26 12:10:25 +00:00
Dr. Stephen Henson	78dcaa0609	PR: 2297 Submitted by: Antony, Benoy <bantony@ebay.com> Approved by: steve@openssl.org Fix bug in AES wrap code when t > 0xff.	2010-07-09 17:24:29 +00:00
Dr. Stephen Henson	65b4c34d86	initialise pbe_tmp	2010-07-08 16:51:48 +00:00
Andy Polyakov	d8486c312c	rand_nw.c: compensate for gcc bug (using %edx instead of %eax at -O3) [from HEAD]. PR: 2296	2010-07-08 09:15:14 +00:00
Dr. Stephen Henson	63e3676e68	fix so it is safe to repeatedly add PBE algorithms	2010-06-26 12:55:01 +00:00
Dr. Stephen Henson	1dac2cae68	prepare for next release	2010-06-16 13:40:09 +00:00

1 2 3 4 5 ...

4252 commits