Dr. Stephen Henson [Wed, 4 Jan 2012 16:51:14 +0000 (16:51 +0000)]
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
Reviewed by: steve
Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
Dr. Stephen Henson [Wed, 4 Jan 2012 16:46:10 +0000 (16:46 +0000)]
add missing part for SGC restart fix (CVE-2011-4619)
Dr. Stephen Henson [Wed, 4 Jan 2012 15:38:54 +0000 (15:38 +0000)]
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) [include source patch this time!]
Dr. Stephen Henson [Wed, 4 Jan 2012 15:33:15 +0000 (15:33 +0000)]
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
Dr. Stephen Henson [Wed, 4 Jan 2012 15:27:54 +0000 (15:27 +0000)]
Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
Dr. Stephen Henson [Wed, 4 Jan 2012 15:26:29 +0000 (15:26 +0000)]
stop warning
Dr. Stephen Henson [Wed, 4 Jan 2012 15:16:20 +0000 (15:16 +0000)]
Check GOST parameters are not NULL (CVE-2012-0027)
Dr. Stephen Henson [Wed, 4 Jan 2012 15:07:54 +0000 (15:07 +0000)]
Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)
Dr. Stephen Henson [Wed, 4 Jan 2012 14:45:09 +0000 (14:45 +0000)]
fix warnings
Dr. Stephen Henson [Wed, 4 Jan 2012 14:24:48 +0000 (14:24 +0000)]
Submitted by: Adam Langley <agl@chromium.org>
Reviewed by: steve
Fix memory leaks.
Dr. Stephen Henson [Mon, 26 Dec 2011 19:38:19 +0000 (19:38 +0000)]
PR: 2326
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve
Fix incorrect comma expressions and goto f_err as alert has been set.
Dr. Stephen Henson [Mon, 19 Dec 2011 17:04:39 +0000 (17:04 +0000)]
PR: 2563
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve
Improved PRNG seeding for VOS.
Andy Polyakov [Fri, 9 Dec 2011 14:26:56 +0000 (14:26 +0000)]
x86-mont.pl: fix bug in integer-only squaring path.
PR: 2648
Dr. Stephen Henson [Tue, 6 Dec 2011 00:01:00 +0000 (00:01 +0000)]
The default CN prompt message can be confusing when often the CN needs to
be the server FQDN: change it.
[Reported by PSW Group]
Bodo Möller [Fri, 2 Dec 2011 12:51:05 +0000 (12:51 +0000)]
Resolve a stack set-up race condition (if the list of compression
methods isn't presorted, it will be sorted on first read).
Submitted by: Adam Langley
Bodo Möller [Fri, 2 Dec 2011 12:41:00 +0000 (12:41 +0000)]
Fix ecdsatest.c.
Submitted by: Emilia Kasper
Bodo Möller [Fri, 2 Dec 2011 12:24:29 +0000 (12:24 +0000)]
Fix BIO_f_buffer().
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
Andy Polyakov [Mon, 14 Nov 2011 21:21:58 +0000 (21:21 +0000)]
Configure: fix corruption in RC4 implementation in darwin64-x86_64-cc.
Andy Polyakov [Sat, 5 Nov 2011 10:16:46 +0000 (10:16 +0000)]
ppc.pl: fix bug in bn_mul_comba4 [from HEAD].
PR: 2636
Submitted by: Charles Bryant
Richard Levitte [Sun, 30 Oct 2011 11:40:59 +0000 (11:40 +0000)]
Teach mkshared.com to have a look for disabled algorithms in opensslconf.h
Dr. Stephen Henson [Thu, 27 Oct 2011 13:06:34 +0000 (13:06 +0000)]
PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.
Dr. Stephen Henson [Thu, 27 Oct 2011 13:01:08 +0000 (13:01 +0000)]
PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix for ECC keys and DTLS.
Dr. Stephen Henson [Wed, 26 Oct 2011 16:43:14 +0000 (16:43 +0000)]
PR: 2632
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve
Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.
Bodo Möller [Wed, 19 Oct 2011 14:58:34 +0000 (14:58 +0000)]
BN_BLINDING multi-threading fix.
Submitted by: Emilia Kasper (Google)
Bodo Möller [Thu, 13 Oct 2011 15:05:50 +0000 (15:05 +0000)]
use -no_ecdhe when using -no_dhe
Bodo Möller [Thu, 13 Oct 2011 13:24:37 +0000 (13:24 +0000)]
Clarify warning
Bodo Möller [Thu, 13 Oct 2011 13:05:12 +0000 (13:05 +0000)]
In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
Submitted by: Bob Buckholz <bbuckholz@google.com>
Dr. Stephen Henson [Sun, 9 Oct 2011 00:56:32 +0000 (00:56 +0000)]
PR: 2482
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.
Dr. Stephen Henson [Mon, 26 Sep 2011 17:04:49 +0000 (17:04 +0000)]
fix signed/unsigned warning
Dr. Stephen Henson [Fri, 23 Sep 2011 21:48:59 +0000 (21:48 +0000)]
use keyformat for -x509toreq, don't hard code PEM
Dr. Stephen Henson [Fri, 23 Sep 2011 13:39:45 +0000 (13:39 +0000)]
PR: 2606
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de>
Reviewed by: steve
Handle timezones correctly in UTCTime.
Dr. Stephen Henson [Fri, 23 Sep 2011 13:35:19 +0000 (13:35 +0000)]
PR: 2602
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS bug which prevents manual MTU setting
Dr. Stephen Henson [Fri, 23 Sep 2011 13:12:52 +0000 (13:12 +0000)]
PR: 2347
Submitted by: Tomas Mraz <tmraz@redhat.com>
Reviewed by: steve
Fix usage message.
Dr. Stephen Henson [Tue, 6 Sep 2011 13:44:52 +0000 (13:44 +0000)]
prepare for next version
Dr. Stephen Henson [Tue, 6 Sep 2011 13:01:44 +0000 (13:01 +0000)]
update versions and dates for release
Dr. Stephen Henson [Tue, 6 Sep 2011 12:56:21 +0000 (12:56 +0000)]
update NEWS
Dr. Stephen Henson [Tue, 6 Sep 2011 12:53:56 +0000 (12:53 +0000)]
Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
produce an error (CVE-2011-3207)
Fix TLS ephemeral DH crash bug (CVE-2011-3210)
Bodo Möller [Mon, 5 Sep 2011 10:25:21 +0000 (10:25 +0000)]
(EC)DH memory handling fixes.
Submitted by: Adam Langley
Bodo Möller [Mon, 5 Sep 2011 09:57:03 +0000 (09:57 +0000)]
Fix memory leak on bad inputs.
Bodo Möller [Mon, 5 Sep 2011 09:54:59 +0000 (09:54 +0000)]
"make update"
Dr. Stephen Henson [Fri, 2 Sep 2011 11:28:05 +0000 (11:28 +0000)]
Don't use *from++ in tolower as this is implemented as a macro on some
platforms. Thanks to Shayne Murray <Shayne.Murray@Polycom.com> for
reporting this issue.
Dr. Stephen Henson [Fri, 2 Sep 2011 11:20:41 +0000 (11:20 +0000)]
PR: 2576
Submitted by: Doug Goldstein <cardoe@gentoo.org>
Reviewed by: steve
Include header file stdlib.h which is needed on some platforms to get
getenv() declaration.
Dr. Stephen Henson [Thu, 1 Sep 2011 17:08:44 +0000 (17:08 +0000)]
update NEWS
Dr. Stephen Henson [Thu, 1 Sep 2011 15:42:38 +0000 (15:42 +0000)]
Add error checking to PKCS1_MGF1. From HEAD.
Dr. Stephen Henson [Thu, 1 Sep 2011 15:02:53 +0000 (15:02 +0000)]
PR: 2340
Submitted by: "Mauro H. Leggieri" <mxmauro@caiman.com.ar>
Reviewed by: steve
Stop warnings if OPENSSL_NO_DGRAM is defined.
Dr. Stephen Henson [Thu, 1 Sep 2011 14:23:31 +0000 (14:23 +0000)]
make timing attack protection unconditional
Dr. Stephen Henson [Thu, 1 Sep 2011 14:02:02 +0000 (14:02 +0000)]
PR: 2573
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS buffering and decryption bug.
Dr. Stephen Henson [Thu, 1 Sep 2011 13:52:27 +0000 (13:52 +0000)]
PR: 2589
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve
Initialise p pointer.
Dr. Stephen Henson [Thu, 1 Sep 2011 13:48:57 +0000 (13:48 +0000)]
PR: 2588
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve
Close file pointer.
Dr. Stephen Henson [Thu, 1 Sep 2011 13:45:25 +0000 (13:45 +0000)]
PR: 2586
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve
Zero structure fields properly.
Dr. Stephen Henson [Thu, 1 Sep 2011 13:37:20 +0000 (13:37 +0000)]
PR: 2586
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve
Fix brace mismatch.
Dr. Stephen Henson [Sun, 14 Aug 2011 13:48:42 +0000 (13:48 +0000)]
Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA
using OBJ xref utilities instead of string comparison with OID name.
This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
Andy Polyakov [Fri, 12 Aug 2011 12:32:10 +0000 (12:32 +0000)]
Alpha assembler fixes from HEAD.
PR: 2577
Dr. Stephen Henson [Wed, 20 Jul 2011 15:21:52 +0000 (15:21 +0000)]
PR: 2559
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS socket error bug
Dr. Stephen Henson [Wed, 20 Jul 2011 15:17:33 +0000 (15:17 +0000)]
PR: 2555
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS sequence number bug
Dr. Stephen Henson [Wed, 20 Jul 2011 15:13:16 +0000 (15:13 +0000)]
PR: 2550
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS HelloVerifyRequest Timer bug
Andy Polyakov [Fri, 15 Jul 2011 19:59:18 +0000 (19:59 +0000)]
config: detect if assembler supports --noexecstack and pass it down [from HEAD].
Dr. Stephen Henson [Thu, 14 Jul 2011 12:01:25 +0000 (12:01 +0000)]
PR: 2556 (partial)
Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de>
Reviewed by: steve
Fix OID routines.
Check on encoding leading zero rejection should start at beginning of
encoding.
Allow for initial digit when testing when to use BIGNUMs which can increase
first value by 2 * 40.
Andy Polyakov [Wed, 13 Jul 2011 14:55:11 +0000 (14:55 +0000)]
ms/uplink.c: fix Visual Studio 2010 warning [from HEAD].
Andy Polyakov [Wed, 13 Jul 2011 06:23:25 +0000 (06:23 +0000)]
perlasm/cbc.pl: fix tail processing bug [from HEAD].
PR: 2557
Bodo Möller [Mon, 11 Jul 2011 12:13:50 +0000 (12:13 +0000)]
Fix typo.
Submitted by: Jim Morrison
Dr. Stephen Henson [Wed, 22 Jun 2011 15:39:00 +0000 (15:39 +0000)]
PR: 2470
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Reviewed by: steve
Don't call ERR_remove_state from DllMain.
Dr. Stephen Henson [Wed, 22 Jun 2011 15:29:55 +0000 (15:29 +0000)]
PR: 2543
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Correctly handle errors in DTLSv1_handle_timeout()
Dr. Stephen Henson [Wed, 22 Jun 2011 15:23:32 +0000 (15:23 +0000)]
PR: 2540
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve
Prevent infinite loop in BN_GF2m_mod_inv().
Dr. Stephen Henson [Wed, 22 Jun 2011 15:15:38 +0000 (15:15 +0000)]
correctly encode OIDs near 2^32
Dr. Stephen Henson [Mon, 20 Jun 2011 20:05:38 +0000 (20:05 +0000)]
make EVP_dss() work for DSA signing
Bodo Möller [Wed, 15 Jun 2011 14:21:17 +0000 (14:21 +0000)]
Complete the version history (include information on unreleased
version 0.9.8s to show full information).
Dr. Stephen Henson [Wed, 8 Jun 2011 15:56:20 +0000 (15:56 +0000)]
fix memory leak
Dr. Stephen Henson [Wed, 25 May 2011 15:21:12 +0000 (15:21 +0000)]
PR: 2533
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes
the program to crash. This is due to missing version checks and is fixed with
this patch.
Dr. Stephen Henson [Wed, 25 May 2011 15:15:52 +0000 (15:15 +0000)]
PR: 2529
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve
Call ssl_new() to reallocate SSL BIO internals if we want to replace
the existing internal SSL structure.
Dr. Stephen Henson [Wed, 25 May 2011 15:06:05 +0000 (15:06 +0000)]
PR: 2527
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve
Set cnf to NULL to avoid possible double free.
Dr. Stephen Henson [Wed, 25 May 2011 14:52:44 +0000 (14:52 +0000)]
Fix the ECDSA timing attack mentioned in the paper at:
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
Dr. Stephen Henson [Wed, 25 May 2011 14:43:05 +0000 (14:43 +0000)]
Fix the ECDSA timing attack mentioned in the paper at:
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
Dr. Stephen Henson [Wed, 25 May 2011 14:29:55 +0000 (14:29 +0000)]
Oops use up to date patch for PR#2506
Dr. Stephen Henson [Wed, 25 May 2011 12:36:50 +0000 (12:36 +0000)]
PR: 2512
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix BIO_accept so it can be bound to IPv4 or IPv6 sockets consistently.
Dr. Stephen Henson [Wed, 25 May 2011 12:28:31 +0000 (12:28 +0000)]
PR: 2506
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fully implement SSL_clear for DTLS.
Dr. Stephen Henson [Wed, 25 May 2011 12:24:26 +0000 (12:24 +0000)]
PR: 2505
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS session resumption timer bug.
Dr. Stephen Henson [Thu, 19 May 2011 17:56:47 +0000 (17:56 +0000)]
update date
Dr. Stephen Henson [Thu, 19 May 2011 17:39:49 +0000 (17:39 +0000)]
inherit HMAC flags from MD_CTX
Dr. Stephen Henson [Thu, 19 May 2011 16:18:25 +0000 (16:18 +0000)]
set encodedPoint to NULL after freeing it
Dr. Stephen Henson [Sat, 30 Apr 2011 23:38:24 +0000 (23:38 +0000)]
no need to include memory.h
Dr. Stephen Henson [Wed, 6 Apr 2011 18:07:02 +0000 (18:07 +0000)]
check buffer is larger enough before overwriting
Dr. Stephen Henson [Sun, 3 Apr 2011 17:15:08 +0000 (17:15 +0000)]
PR: 2462
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS Retransmission Buffer Bug
Dr. Stephen Henson [Sun, 3 Apr 2011 16:26:14 +0000 (16:26 +0000)]
PR: 2458
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Don't change state when answering DTLS ClientHello.
Dr. Stephen Henson [Sun, 3 Apr 2011 15:49:03 +0000 (15:49 +0000)]
PR: 2457
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS fragment reassembly bug.
Richard Levitte [Fri, 25 Mar 2011 16:21:39 +0000 (16:21 +0000)]
Corrections to the VMS build system.
Submitted by Steven M. Schweda <sms@antinode.info>
Dr. Stephen Henson [Fri, 25 Mar 2011 15:06:50 +0000 (15:06 +0000)]
make some non-VMS builds work again
Richard Levitte [Fri, 25 Mar 2011 09:40:18 +0000 (09:40 +0000)]
For VMS, implement the possibility to choose 64-bit pointers with
different options:
"64" The build system will choose /POINTER_SIZE=64=ARGV if
the compiler supports it, otherwise /POINTER_SIZE=64.
"64=" The build system will force /POINTER_SIZE=64.
"64=ARGV" The build system will force /POINTER_SIZE=64=ARGV.
Richard Levitte [Tue, 22 Mar 2011 23:56:18 +0000 (23:56 +0000)]
make update (1.0.0-stable)
Richard Levitte [Tue, 22 Mar 2011 23:54:13 +0000 (23:54 +0000)]
* util/mkdef.pl: Add crypto/o_str.h and crypto/o_time.h. Maybe some
more need to be added...
Richard Levitte [Sun, 20 Mar 2011 14:01:20 +0000 (14:01 +0000)]
* apps/makeapps.com: Forgot to end the check for /POINTER_SIZE=64=ARGV
with turning trapping back on.
* test/maketests.com: Do the same check for /POINTER_SIZE=64=ARGV
here.
* test/clean-test.com: A new script for cleaning up.
Richard Levitte [Sun, 20 Mar 2011 13:15:41 +0000 (13:15 +0000)]
* apps/openssl.c: For VMS, take care of copying argv if needed much earlier,
directly in main(). 'if needed' also includes when argv is a 32 bit
pointer in an otherwise 64 bit environment.
* apps/makeapps.com: When using /POINTER_SIZE=64, try to use the additional
=ARGV, but only if it's supported. Fortunately, DCL is very helpful
telling us in this case.
Richard Levitte [Sat, 19 Mar 2011 10:44:41 +0000 (10:44 +0000)]
Keep file references in the VMS build files in the same order as they
are in the Unix Makefiles
Richard Levitte [Sat, 19 Mar 2011 09:45:45 +0000 (09:45 +0000)]
Change INSTALL.VMS to reflect the changes done on the build and
install scripts. This could need some more work.
Richard Levitte [Sat, 19 Mar 2011 09:44:53 +0000 (09:44 +0000)]
Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>
Dr. Stephen Henson [Sun, 13 Mar 2011 18:20:14 +0000 (18:20 +0000)]
PR: 2469
Submitted by: Jim Studt <jim@studt.net>
Reviewed by: steve
Check mac is present before trying to retrieve mac iteration count.
Dr. Stephen Henson [Thu, 10 Mar 2011 18:27:56 +0000 (18:27 +0000)]
make no-dsa work again
Andy Polyakov [Fri, 4 Mar 2011 13:11:54 +0000 (13:11 +0000)]
s390x-mont.pl: optimize for z196.
Andy Polyakov [Sat, 12 Feb 2011 16:46:10 +0000 (16:46 +0000)]
dso_dlfcn.c: make it work on Tru64 4.0 [from HEAD].
PR: 2316
Bodo Möller [Tue, 8 Feb 2011 19:06:57 +0000 (19:06 +0000)]
Sync with 0.9.8 branch.