oweals/openssl.git
12 years agoFix double free in policy check code (CVE-2011-4109)
Dr. Stephen Henson [Wed, 4 Jan 2012 19:00:28 +0000 (19:00 +0000)]
Fix double free in policy check code (CVE-2011-4109)

12 years agoClear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
Dr. Stephen Henson [Wed, 4 Jan 2012 18:54:17 +0000 (18:54 +0000)]
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)

12 years agoOnly allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
Dr. Stephen Henson [Wed, 4 Jan 2012 18:52:18 +0000 (18:52 +0000)]
Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)

12 years agostop warning
Dr. Stephen Henson [Wed, 4 Jan 2012 18:45:18 +0000 (18:45 +0000)]
stop warning

12 years agoPrevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)
Dr. Stephen Henson [Wed, 4 Jan 2012 18:44:20 +0000 (18:44 +0000)]
Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)

12 years agoSubmitted by: Adam Langley <agl@chromium.org>
Dr. Stephen Henson [Wed, 4 Jan 2012 14:25:10 +0000 (14:25 +0000)]
Submitted by: Adam Langley <agl@chromium.org>
Reviewed by: steve

Fix memory leaks.

12 years agoPR: 2326
Dr. Stephen Henson [Mon, 26 Dec 2011 19:38:28 +0000 (19:38 +0000)]
PR: 2326
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve

Fix incorrect comma expressions and goto f_err as alert has been set.

12 years agox86-mont.pl: fix bug in integer-only squaring path [from HEAD].
Andy Polyakov [Fri, 9 Dec 2011 14:28:48 +0000 (14:28 +0000)]
x86-mont.pl: fix bug in integer-only squaring path [from HEAD].
PR: 2648

12 years agoThe default CN prompt message can be confusing when often the CN needs to
Dr. Stephen Henson [Tue, 6 Dec 2011 00:01:09 +0000 (00:01 +0000)]
The default CN prompt message can be confusing when often the CN needs to
 be the server FQDN: change it.
[Reported by PSW Group]

12 years agoResolve a stack set-up race condition (if the list of compression
Bodo Möller [Fri, 2 Dec 2011 12:50:44 +0000 (12:50 +0000)]
Resolve a stack set-up race condition (if the list of compression
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley

12 years agoFix ecdsatest.c.
Bodo Möller [Fri, 2 Dec 2011 12:40:25 +0000 (12:40 +0000)]
Fix ecdsatest.c.

Submitted by: Emilia Kasper

12 years agoFix BIO_f_buffer().
Bodo Möller [Fri, 2 Dec 2011 12:23:57 +0000 (12:23 +0000)]
Fix BIO_f_buffer().

Submitted by: Adam Langley
Reviewed by: Bodo Moeller

13 years agoppc.pl: fix bug in bn_mul_comba4 [from HEAD].
Andy Polyakov [Sat, 5 Nov 2011 10:17:06 +0000 (10:17 +0000)]
ppc.pl: fix bug in bn_mul_comba4 [from HEAD].
PR: 2636
Submitted by: Charles Bryant

13 years agoPR: 2628
Dr. Stephen Henson [Thu, 27 Oct 2011 13:06:26 +0000 (13:06 +0000)]
PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.

13 years agoPR: 2632
Dr. Stephen Henson [Wed, 26 Oct 2011 16:42:48 +0000 (16:42 +0000)]
PR: 2632
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.

13 years agoBN_BLINDING multi-threading fix.
Bodo Möller [Wed, 19 Oct 2011 14:57:59 +0000 (14:57 +0000)]
BN_BLINDING multi-threading fix.

Submitted by: Emilia Kasper (Google)

13 years agoOops: this change (http://cvs.openssl.org/chngview?cn=21503)
Bodo Möller [Wed, 19 Oct 2011 13:53:41 +0000 (13:53 +0000)]
Oops: this change (cvs.openssl.org/chngview?cn=21503)
wasn't right for 0.9.8-stable (it's actually a fix for
http://cvs.openssl.org/chngview?cn=14494, which introduced
SSL_CTRL_SET_MAX_SEND_FRAGMENT).

13 years agoClarify warning
Bodo Möller [Thu, 13 Oct 2011 13:24:13 +0000 (13:24 +0000)]
Clarify warning

13 years agoIn ssl3_clear, preserve s3->init_extra along with s3->rbuf.
Bodo Möller [Thu, 13 Oct 2011 13:04:40 +0000 (13:04 +0000)]
In ssl3_clear, preserve s3->init_extra along with s3->rbuf.

Submitted by: Bob Buckholz <bbuckholz@google.com>

13 years agoPR: 2482
Dr. Stephen Henson [Sun, 9 Oct 2011 00:56:18 +0000 (00:56 +0000)]
PR: 2482
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.

13 years agofix signed/unsigned warning
Dr. Stephen Henson [Mon, 26 Sep 2011 17:05:00 +0000 (17:05 +0000)]
fix signed/unsigned warning

13 years agouse keyformat for -x509toreq, don't hard code PEM
Dr. Stephen Henson [Fri, 23 Sep 2011 21:49:08 +0000 (21:49 +0000)]
use keyformat for -x509toreq, don't hard code PEM

13 years agoPR: 2606
Dr. Stephen Henson [Fri, 23 Sep 2011 13:40:06 +0000 (13:40 +0000)]
PR: 2606
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de>
Reviewed by: steve

Handle timezones correctly in UTCTime.

13 years agoPR: 2602
Dr. Stephen Henson [Fri, 23 Sep 2011 13:35:32 +0000 (13:35 +0000)]
PR: 2602
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS bug which prevents manual MTU setting

13 years agoPR: 2347
Dr. Stephen Henson [Fri, 23 Sep 2011 13:13:02 +0000 (13:13 +0000)]
PR: 2347
Submitted by: Tomas Mraz <tmraz@redhat.com>
Reviewed by: steve

Fix usage message.

13 years ago(EC)DH memory handling fixes.
Bodo Möller [Mon, 5 Sep 2011 10:25:15 +0000 (10:25 +0000)]
(EC)DH memory handling fixes.

Submitted by: Adam Langley

13 years agoFix memory leak on bad inputs.
Bodo Möller [Mon, 5 Sep 2011 09:56:48 +0000 (09:56 +0000)]
Fix memory leak on bad inputs.

13 years agoMove OPENSSL_init declaration out of auto-generated code section
Bodo Möller [Mon, 5 Sep 2011 09:52:58 +0000 (09:52 +0000)]
Move OPENSSL_init declaration out of auto-generated code section
(it is not auto-generated).

13 years agoPR: 2576
Dr. Stephen Henson [Fri, 2 Sep 2011 11:20:49 +0000 (11:20 +0000)]
PR: 2576
Submitted by: Doug Goldstein <cardoe@gentoo.org>
Reviewed by: steve

Include header file stdlib.h which is needed on some platforms to get
getenv() declaration.

13 years agoPR: 2340
Dr. Stephen Henson [Thu, 1 Sep 2011 15:03:10 +0000 (15:03 +0000)]
PR: 2340
Submitted by: "Mauro H. Leggieri" <mxmauro@caiman.com.ar>
Reviewed by: steve

Stop warnings if OPENSSL_NO_DGRAM is defined.

13 years agomake timing attack protection unconditional
Dr. Stephen Henson [Thu, 1 Sep 2011 14:23:41 +0000 (14:23 +0000)]
make timing attack protection unconditional

13 years agoPR: 2573
Dr. Stephen Henson [Thu, 1 Sep 2011 14:01:36 +0000 (14:01 +0000)]
PR: 2573
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS buffering and decryption bug.

13 years agoPR: 2588
Dr. Stephen Henson [Thu, 1 Sep 2011 13:48:48 +0000 (13:48 +0000)]
PR: 2588
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Close file pointer.

13 years agoPR: 2586
Dr. Stephen Henson [Thu, 1 Sep 2011 13:37:11 +0000 (13:37 +0000)]
PR: 2586
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Fix brace mismatch.

13 years agoPR: 2559
Dr. Stephen Henson [Wed, 20 Jul 2011 15:20:19 +0000 (15:20 +0000)]
PR: 2559
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS socket error bug

13 years agoPR: 2555
Dr. Stephen Henson [Wed, 20 Jul 2011 15:17:20 +0000 (15:17 +0000)]
PR: 2555
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS sequence number bug

13 years agoPR: 2550
Dr. Stephen Henson [Wed, 20 Jul 2011 15:12:58 +0000 (15:12 +0000)]
PR: 2550
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS HelloVerifyRequest Timer bug

13 years agoconfig: detect if assembler supports --noexecstack and pass it down [from HEAD].
Andy Polyakov [Fri, 15 Jul 2011 19:59:31 +0000 (19:59 +0000)]
config: detect if assembler supports --noexecstack and pass it down [from HEAD].

13 years agoPR: 2556 (partial)
Dr. Stephen Henson [Thu, 14 Jul 2011 12:01:08 +0000 (12:01 +0000)]
PR: 2556 (partial)
Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de>
Reviewed by: steve

Fix OID routines.

Check on encoding leading zero rejection should start at beginning of
encoding.

Allow for initial digit when testing when to use BIGNUMs which can increase
first value by 2 * 40.

13 years agoperlasm/cbc.pl: fix tail processing bug [from HEAD].
Andy Polyakov [Wed, 13 Jul 2011 06:25:15 +0000 (06:25 +0000)]
perlasm/cbc.pl: fix tail processing bug [from HEAD].
PR: 2557

13 years agoPR: 2471
Dr. Stephen Henson [Wed, 22 Jun 2011 15:46:37 +0000 (15:46 +0000)]
PR: 2471
Submitted by: Corinna Vinschen

util/cygwin.sh: maintainer's update [from HEAD].

13 years agoPR: 2470
Dr. Stephen Henson [Wed, 22 Jun 2011 15:39:19 +0000 (15:39 +0000)]
PR: 2470
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Reviewed by: steve

Don't call ERR_remove_state from DllMain.

13 years agoPR: 2543
Dr. Stephen Henson [Wed, 22 Jun 2011 15:29:36 +0000 (15:29 +0000)]
PR: 2543
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Correctly handle errors in DTLSv1_handle_timeout()

13 years agoPR: 2540
Dr. Stephen Henson [Wed, 22 Jun 2011 15:23:20 +0000 (15:23 +0000)]
PR: 2540
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Prevent infinite loop in BN_GF2m_mod_inv().

13 years agocorrectly encode OIDs near 2^32
Dr. Stephen Henson [Wed, 22 Jun 2011 15:15:20 +0000 (15:15 +0000)]
correctly encode OIDs near 2^32

13 years agorc4_skey.c [0.9.8]: at some point rc4_skey and x86[_64]cpuid were modified
Andy Polyakov [Mon, 6 Jun 2011 19:58:21 +0000 (19:58 +0000)]
rc4_skey.c [0.9.8]: at some point rc4_skey and x86[_64]cpuid were modified
to examine bit#20 on x86[_64], but it was erroneously reverted to bit#28
in 2008 in process of FIPS integration.

13 years agoPR: 2529
Dr. Stephen Henson [Wed, 25 May 2011 15:15:43 +0000 (15:15 +0000)]
PR: 2529
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Call ssl_new() to reallocate SSL BIO internals if we want to replace
the existing internal SSL structure.

13 years agoPR: 2527
Dr. Stephen Henson [Wed, 25 May 2011 15:06:32 +0000 (15:06 +0000)]
PR: 2527
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Set cnf to NULL to avoid possible double free.

13 years agoFix the ECDSA timing attack mentioned in the paper at:
Dr. Stephen Henson [Wed, 25 May 2011 14:52:54 +0000 (14:52 +0000)]
Fix the ECDSA timing attack mentioned in the paper at:

http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.

13 years agoFix the ECDSA timing attack mentioned in the paper at:
Dr. Stephen Henson [Wed, 25 May 2011 14:43:47 +0000 (14:43 +0000)]
Fix the ECDSA timing attack mentioned in the paper at:

http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.

13 years agoOops use up to date patch for PR#2506
Dr. Stephen Henson [Wed, 25 May 2011 14:29:39 +0000 (14:29 +0000)]
Oops use up to date patch for PR#2506

13 years agoPR: 2506
Dr. Stephen Henson [Wed, 25 May 2011 12:28:42 +0000 (12:28 +0000)]
PR: 2506
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fully implement SSL_clear for DTLS.

13 years agoPR: 2505
Dr. Stephen Henson [Wed, 25 May 2011 12:24:03 +0000 (12:24 +0000)]
PR: 2505
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS session resumption timer bug.

13 years agoupdate date
Dr. Stephen Henson [Thu, 19 May 2011 17:57:08 +0000 (17:57 +0000)]
update date

13 years agoset encodedPoint to NULL after freeing it
Dr. Stephen Henson [Thu, 19 May 2011 16:18:39 +0000 (16:18 +0000)]
set encodedPoint to NULL after freeing it

13 years agocheck buffer is larger enough before overwriting
Dr. Stephen Henson [Wed, 6 Apr 2011 18:07:12 +0000 (18:07 +0000)]
check buffer is larger enough before overwriting

13 years agoPR: 2462
Dr. Stephen Henson [Sun, 3 Apr 2011 17:15:23 +0000 (17:15 +0000)]
PR: 2462
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS Retransmission Buffer Bug

13 years agoPR: 2458
Dr. Stephen Henson [Sun, 3 Apr 2011 16:26:33 +0000 (16:26 +0000)]
PR: 2458
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Don't change state when answering DTLS ClientHello.

13 years agoPR: 2457
Dr. Stephen Henson [Sun, 3 Apr 2011 15:49:26 +0000 (15:49 +0000)]
PR: 2457
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS fragment reassembly bug.

13 years agoPR: 2469
Dr. Stephen Henson [Sun, 13 Mar 2011 18:23:24 +0000 (18:23 +0000)]
PR: 2469
Submitted by: Jim Studt <jim@studt.net>
Reviewed by: steve

Check mac is present before trying to retrieve mac iteration count.

13 years agostart 0.9.8s-dev
Bodo Möller [Tue, 8 Feb 2011 17:58:34 +0000 (17:58 +0000)]
start 0.9.8s-dev

13 years agoOCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) OpenSSL_0_9_8r
Bodo Möller [Tue, 8 Feb 2011 17:10:47 +0000 (17:10 +0000)]
OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)

Submitted by: Neel Mehta, Adam Langley, Bodo Moeller

13 years agoAssorted bugfixes:
Bodo Möller [Thu, 3 Feb 2011 12:04:48 +0000 (12:04 +0000)]
Assorted bugfixes:
- RLE decompression boundary case
- SSL 2.0 key arg length check

Submitted by: Google (Neel Mehta, Bodo Moeller)

13 years agoUpdate 0.9.7-branch section with information from 1.0.0-branch NEWS file
Bodo Möller [Thu, 3 Feb 2011 11:44:00 +0000 (11:44 +0000)]
Update 0.9.7-branch section with information from 1.0.0-branch NEWS file

13 years ago"make update"
Bodo Möller [Thu, 3 Feb 2011 10:28:14 +0000 (10:28 +0000)]
"make update"

13 years agoPR: 2433
Dr. Stephen Henson [Mon, 24 Jan 2011 16:21:00 +0000 (16:21 +0000)]
PR: 2433
Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve

Constify ASN1_STRING_set_default_mask_asc().

13 years agocheck EC public key isn't point at infinity
Dr. Stephen Henson [Mon, 24 Jan 2011 15:08:12 +0000 (15:08 +0000)]
check EC public key isn't point at infinity

13 years agoPR: 1612
Dr. Stephen Henson [Mon, 24 Jan 2011 14:42:11 +0000 (14:42 +0000)]
PR: 1612
Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve

Fix EC_POINT_cmp function for case where b but not a is the point at infinity.

13 years agoPR: 2434
Richard Levitte [Thu, 20 Jan 2011 22:12:50 +0000 (22:12 +0000)]
PR: 2434

Under Windows, there seems to be a problem relinking fips_premain_dso
because that file is locked.  Changing from backtick op to using
system() with redirection and reading the hash from the output file
seems to fix the problem.

In an ideal world, there should be no difference, as a command in a
backtick op should terminate before the backtick returns, same as it
does with system().  We suspect, though, that the loaded binary is
cached by Windows for a little while, and that reading the output from
a file provides enough delay for the lock to drop before we try to
relink.

13 years agoSince DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed
Dr. Stephen Henson [Tue, 4 Jan 2011 19:33:01 +0000 (19:33 +0000)]
Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed
alert.

13 years agoPR: 2411
Dr. Stephen Henson [Mon, 3 Jan 2011 01:40:22 +0000 (01:40 +0000)]
PR: 2411
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Fix corner cases in RFC3779 code.

13 years agoFix escaping code for string printing. If *any* escaping is enabled we
Dr. Stephen Henson [Mon, 3 Jan 2011 01:26:33 +0000 (01:26 +0000)]
Fix escaping code for string printing. If *any* escaping is enabled we
must escape the escape character itself (backslash).

13 years agoPR: 2410
Dr. Stephen Henson [Mon, 3 Jan 2011 01:20:03 +0000 (01:20 +0000)]
PR: 2410
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Use OPENSSL_assert() instead of assert().

13 years agouse fips-dev not dev-fips
Dr. Stephen Henson [Mon, 3 Jan 2011 00:43:47 +0000 (00:43 +0000)]
use fips-dev not dev-fips

13 years agoPR: 2416
Dr. Stephen Henson [Mon, 3 Jan 2011 00:25:47 +0000 (00:25 +0000)]
PR: 2416
Submitted by: Mark Phalan <mark.phalan@oracle.com>
Reviewed by: steve

Use L suffix in version number.

13 years agoAdd missing explicit instruction size.
Bodo Möller [Mon, 13 Dec 2010 20:47:26 +0000 (20:47 +0000)]
Add missing explicit instruction size.
[CVS head and later branches have this since revision 1.7 of this file.]

Submitted by: Chandler Carruth (Google)

13 years agoadd Android changes from FIPS 1.2.2 module
Dr. Stephen Henson [Sat, 11 Dec 2010 00:30:43 +0000 (00:30 +0000)]
add Android changes from FIPS 1.2.2 module

13 years agoupdate for next release
Dr. Stephen Henson [Thu, 2 Dec 2010 19:42:28 +0000 (19:42 +0000)]
update for next release

13 years agoprepare for release OpenSSL_0_9_8q
Dr. Stephen Henson [Thu, 2 Dec 2010 18:53:52 +0000 (18:53 +0000)]
prepare for release

13 years agoupdate FAQ
Dr. Stephen Henson [Thu, 2 Dec 2010 18:53:34 +0000 (18:53 +0000)]
update FAQ

13 years agofix for CVE-2010-4180
Dr. Stephen Henson [Thu, 2 Dec 2010 18:49:28 +0000 (18:49 +0000)]
fix for CVE-2010-4180

13 years agoPR: 2386
Dr. Stephen Henson [Thu, 2 Dec 2010 18:02:02 +0000 (18:02 +0000)]
PR: 2386
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve

Correct SKM_ASN1_SET_OF_d2i macro.

13 years agouse consistent FAQ between version
Dr. Stephen Henson [Thu, 2 Dec 2010 00:11:32 +0000 (00:11 +0000)]
use consistent FAQ between version

13 years agoupdate README
Dr. Stephen Henson [Wed, 1 Dec 2010 17:50:41 +0000 (17:50 +0000)]
update README

13 years agooops, no corrected fix needed for 0.9.8 branch
Dr. Stephen Henson [Wed, 1 Dec 2010 17:48:59 +0000 (17:48 +0000)]
oops, no corrected fix needed for 0.9.8 branch

13 years agoupdate NEWS
Dr. Stephen Henson [Wed, 1 Dec 2010 17:16:36 +0000 (17:16 +0000)]
update NEWS

13 years agoadd CVE to JPAKE fix
Dr. Stephen Henson [Mon, 29 Nov 2010 18:47:51 +0000 (18:47 +0000)]
add CVE to JPAKE fix

13 years ago../comm.txt
Dr. Stephen Henson [Sat, 27 Nov 2010 17:33:34 +0000 (17:33 +0000)]
../comm.txt

14 years agoBackport J-PAKE fix.
Ben Laurie [Fri, 26 Nov 2010 16:03:23 +0000 (16:03 +0000)]
Backport J-PAKE fix.

14 years agoadd acknowledgements file to 0.9.8 branch too
Dr. Stephen Henson [Mon, 22 Nov 2010 16:35:15 +0000 (16:35 +0000)]
add acknowledgements file to 0.9.8 branch too

14 years agoupdate for next version
Dr. Stephen Henson [Tue, 16 Nov 2010 16:35:37 +0000 (16:35 +0000)]
update for next version

14 years agooops, correct version number OpenSSL_0_9_8p
Dr. Stephen Henson [Tue, 16 Nov 2010 14:56:17 +0000 (14:56 +0000)]
oops, correct version number

14 years agoprepare for release
Dr. Stephen Henson [Tue, 16 Nov 2010 14:37:28 +0000 (14:37 +0000)]
prepare for release

14 years agofix CVE-2010-3864
Dr. Stephen Henson [Tue, 16 Nov 2010 14:26:18 +0000 (14:26 +0000)]
fix CVE-2010-3864

14 years agoSubmitted by: Jonathan Dixon <joth@chromium.org>
Dr. Stephen Henson [Tue, 2 Nov 2010 15:57:00 +0000 (15:57 +0000)]
Submitted by: Jonathan Dixon <joth@chromium.org>
Reviewed by: steve

If store is NULL set flags correctly.

14 years agoPR: 2295
Dr. Stephen Henson [Mon, 11 Oct 2010 23:28:54 +0000 (23:28 +0000)]
PR: 2295
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.

14 years agoPR: 2314
Dr. Stephen Henson [Sun, 10 Oct 2010 12:21:23 +0000 (12:21 +0000)]
PR: 2314
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve

Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939

14 years agoWe can't always read 6 bytes in an OCSP response: fix so error statuses
Dr. Stephen Henson [Wed, 6 Oct 2010 18:01:35 +0000 (18:01 +0000)]
We can't always read 6 bytes in an OCSP response: fix so error statuses
are read correctly for non-blocking I/O.

14 years agoMinor documentation fixes, PR#2345
Dr. Stephen Henson [Mon, 4 Oct 2010 13:28:15 +0000 (13:28 +0000)]
Minor documentation fixes, PR#2345

14 years agoMinor documentation fixes, PR#2344
Dr. Stephen Henson [Mon, 4 Oct 2010 13:25:29 +0000 (13:25 +0000)]
Minor documentation fixes, PR#2344