Dr. Stephen Henson [Thu, 10 May 2012 14:48:54 +0000 (14:48 +0000)]
prepare for 1.0.0j release
Dr. Stephen Henson [Thu, 10 May 2012 14:45:05 +0000 (14:45 +0000)]
update NEWS
Dr. Stephen Henson [Thu, 10 May 2012 14:44:20 +0000 (14:44 +0000)]
Sanity check record length before skipping explicit IV in DTLS
to fix DoS attack.
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
Dr. Stephen Henson [Thu, 10 May 2012 13:28:28 +0000 (13:28 +0000)]
Reported by: Solar Designer of Openwall
Make sure tkeylen is initialised properly when encrypting CMS messages.
Richard Levitte [Fri, 4 May 2012 10:43:19 +0000 (10:43 +0000)]
Correct environment variable is OPENSSL_ALLOW_PROXY_CERTS.
Andy Polyakov [Fri, 27 Apr 2012 20:21:26 +0000 (20:21 +0000)]
ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance
of digest algorithms, mosty SHA, on Power7. Mystery of century, why SHA,
why slower algorithm are affected more... [from HEAD].
PR: 2794
Submitted by: Ashley Lai
Dr. Stephen Henson [Sun, 22 Apr 2012 13:31:37 +0000 (13:31 +0000)]
correct error code
Dr. Stephen Henson [Sun, 22 Apr 2012 13:21:59 +0000 (13:21 +0000)]
correct old FAQ answers, sync with HEAD
Dr. Stephen Henson [Thu, 19 Apr 2012 17:02:49 +0000 (17:02 +0000)]
prepare for next version
Dr. Stephen Henson [Thu, 19 Apr 2012 11:47:20 +0000 (11:47 +0000)]
prepare for 1.0.0i release
Dr. Stephen Henson [Thu, 19 Apr 2012 11:45:37 +0000 (11:45 +0000)]
update NEWS
Dr. Stephen Henson [Thu, 19 Apr 2012 11:44:51 +0000 (11:44 +0000)]
Check for potentially exploitable overflows in asn1_d2i_read_bio
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.
Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
Andy Polyakov [Thu, 19 Apr 2012 06:40:47 +0000 (06:40 +0000)]
Makefile.org: clear yet another environment variable [from HEAD].
PR: 2793
Andy Polyakov [Mon, 16 Apr 2012 17:43:28 +0000 (17:43 +0000)]
OPENSSL_NO_SOCK fixes [from HEAD].
PR: 2791
Submitted by: Ben Noordhuis
Andy Polyakov [Mon, 16 Apr 2012 17:37:04 +0000 (17:37 +0000)]
Minor compatibility fixes [from HEAD].
PR: 2790
Submitted by: Alexei Khlebnikov
Andy Polyakov [Sun, 15 Apr 2012 17:23:23 +0000 (17:23 +0000)]
s3_srvr.c: fix typo [from HEAD].
PR: 2538
Dr. Stephen Henson [Tue, 10 Apr 2012 22:28:34 +0000 (22:28 +0000)]
update rather ancient EVP digest documentation
Dr. Stephen Henson [Sat, 31 Mar 2012 18:02:35 +0000 (18:02 +0000)]
PR: 2778(part)
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>
Time is always encoded as 4 bytes, not sizeof(Time).
Andy Polyakov [Thu, 29 Mar 2012 17:51:37 +0000 (17:51 +0000)]
ans1/tasn_prn.c: avoid bool in variable names [from HEAD].
PR: 2776
Dr. Stephen Henson [Thu, 22 Mar 2012 15:43:06 +0000 (15:43 +0000)]
Submitted by: Markus Friedl <mfriedl@gmail.com>
Fix memory leaks in 'goto err' cases.
Dr. Stephen Henson [Sun, 18 Mar 2012 18:14:46 +0000 (18:14 +0000)]
Always use SSLv23_{client,server}_method in s_client.c and s_server.c,
the old code came from SSLeay days before TLS was even supported.
Richard Levitte [Wed, 14 Mar 2012 12:38:55 +0000 (12:38 +0000)]
cipher should only be set to PSK if JPAKE is used.
Andy Polyakov [Tue, 13 Mar 2012 19:22:26 +0000 (19:22 +0000)]
config: compensate for bug in Solaris cc drivers, which can remove /dev/null
[from HEAD,1.0.1]
Andy Polyakov [Tue, 13 Mar 2012 19:19:57 +0000 (19:19 +0000)]
x86_64-xlate.pl: remove old kludge.
PR: 2435,2440
Dr. Stephen Henson [Mon, 12 Mar 2012 16:35:49 +0000 (16:35 +0000)]
prepare for next version
Dr. Stephen Henson [Mon, 12 Mar 2012 15:26:48 +0000 (15:26 +0000)]
corrected fix to PR#2711 and also cover mime_param_cmp
Dr. Stephen Henson [Mon, 12 Mar 2012 14:45:07 +0000 (14:45 +0000)]
correct NEWS
Dr. Stephen Henson [Mon, 12 Mar 2012 14:32:54 +0000 (14:32 +0000)]
fix error code
Dr. Stephen Henson [Mon, 12 Mar 2012 14:24:50 +0000 (14:24 +0000)]
prepare for release
Dr. Stephen Henson [Mon, 12 Mar 2012 14:23:35 +0000 (14:23 +0000)]
update NEWS
Dr. Stephen Henson [Mon, 12 Mar 2012 14:22:59 +0000 (14:22 +0000)]
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
continue with symmetric decryption process to avoid leaking timing
information to an attacker.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
Dr. Stephen Henson [Fri, 9 Mar 2012 15:52:09 +0000 (15:52 +0000)]
PR: 2756
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix DTLS timeout handling.
Dr. Stephen Henson [Thu, 8 Mar 2012 14:02:00 +0000 (14:02 +0000)]
check return value of BIO_write in PKCS7_decrypt
Dr. Stephen Henson [Tue, 6 Mar 2012 13:46:52 +0000 (13:46 +0000)]
PR: 2755
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reduce MTU after failed transmissions.
Dr. Stephen Henson [Tue, 6 Mar 2012 13:22:57 +0000 (13:22 +0000)]
PR: 2748
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix possible DTLS timer deadlock.
Andy Polyakov [Sat, 3 Mar 2012 13:48:21 +0000 (13:48 +0000)]
Configure: make no-whirlpool work [from HEAD].
Dr. Stephen Henson [Wed, 29 Feb 2012 14:12:37 +0000 (14:12 +0000)]
PR: 2743
Reported by: Dmitry Belyavsky <beldmit@gmail.com>
Fix memory leak if invalid GOST MAC key given.
Dr. Stephen Henson [Wed, 29 Feb 2012 14:01:40 +0000 (14:01 +0000)]
PR: 2742
Reported by: Dmitry Belyavsky <beldmit@gmail.com>
If resigning with detached content in CMS just copy data across.
Dr. Stephen Henson [Tue, 28 Feb 2012 14:47:25 +0000 (14:47 +0000)]
Fix memory leak cause by race condition when creating public keys.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
Dr. Stephen Henson [Mon, 27 Feb 2012 18:45:06 +0000 (18:45 +0000)]
PR: 2736
Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>
Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.
Dr. Stephen Henson [Mon, 27 Feb 2012 17:07:46 +0000 (17:07 +0000)]
xn is never actually used, remove it
Dr. Stephen Henson [Mon, 27 Feb 2012 16:46:54 +0000 (16:46 +0000)]
PR: 2737
Submitted by: Remi Gacogne <rgacogne-bugs@coredump.fr>
Fix double free in PKCS12_parse if we run out of memory.
Dr. Stephen Henson [Mon, 27 Feb 2012 16:33:16 +0000 (16:33 +0000)]
PR: 2735
Make cryptodev digests work. Thanks to Nikos Mavrogiannopoulos for
this fix.
Dr. Stephen Henson [Mon, 27 Feb 2012 16:27:00 +0000 (16:27 +0000)]
free headers after use in error message
Dr. Stephen Henson [Mon, 27 Feb 2012 15:23:04 +0000 (15:23 +0000)]
Detect symmetric crypto errors in PKCS7_decrypt.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
Dr. Stephen Henson [Thu, 23 Feb 2012 21:50:23 +0000 (21:50 +0000)]
PR: 2711
Submitted by: Tomas Mraz <tmraz@redhat.com>
Tolerate bad MIME headers in parser.
Dr. Stephen Henson [Thu, 23 Feb 2012 21:31:10 +0000 (21:31 +0000)]
PR: 2696
Submitted by: Rob Austein <sra@hactrn.net>
Fix inverted range problem in RFC3779 code.
Thanks to Andrew Chi for generating test cases for this bug.
Dr. Stephen Henson [Thu, 16 Feb 2012 15:21:46 +0000 (15:21 +0000)]
Fix bug in CVE-2011-4619: check we have really received a client hello
before rejecting multiple SGC restarts.
Dr. Stephen Henson [Sun, 12 Feb 2012 18:47:02 +0000 (18:47 +0000)]
PR: 2713
Submitted by: Tomas Mraz <tmraz@redhat.com>
Move libraries that are not needed for dynamic linking to Libs.private in
the .pc files
Dr. Stephen Henson [Sun, 12 Feb 2012 18:25:11 +0000 (18:25 +0000)]
PR: 2717
Submitted by: Tim Rice <tim@multitalents.net>
Make compilation work on OpenServer 5.0.7
Dr. Stephen Henson [Sat, 11 Feb 2012 23:12:48 +0000 (23:12 +0000)]
PR: 2703
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>
Fix some memory and resource leaks in CAPI ENGINE.
Dr. Stephen Henson [Sat, 11 Feb 2012 23:07:48 +0000 (23:07 +0000)]
PR: 2705
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>
Only create ex_data indices once for CAPI engine.
Dr. Stephen Henson [Fri, 10 Feb 2012 19:54:37 +0000 (19:54 +0000)]
PR: 2710
Submitted by: Tomas Mraz <tmraz@redhat.com>
Check return codes for load_certs_crls.
Andy Polyakov [Sat, 21 Jan 2012 11:35:29 +0000 (11:35 +0000)]
x86_64-xlate.pl: proper solution for RT#2620 [from HEAD].
Dr. Stephen Henson [Wed, 18 Jan 2012 14:27:57 +0000 (14:27 +0000)]
prepare for next version
Dr. Stephen Henson [Wed, 18 Jan 2012 13:38:34 +0000 (13:38 +0000)]
prepare for release
Dr. Stephen Henson [Wed, 18 Jan 2012 13:36:59 +0000 (13:36 +0000)]
update NEWS
Dr. Stephen Henson [Wed, 18 Jan 2012 13:36:04 +0000 (13:36 +0000)]
Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
Dr. Stephen Henson [Tue, 17 Jan 2012 14:19:51 +0000 (14:19 +0000)]
fix CHANGES entry
Andy Polyakov [Sun, 15 Jan 2012 13:40:40 +0000 (13:40 +0000)]
Fix OPNESSL vs. OPENSSL typos [from HEAD].
PR: 2613
Submitted by: Leena Heino
Andy Polyakov [Thu, 12 Jan 2012 16:37:20 +0000 (16:37 +0000)]
Sanitize usage of <ctype.h> functions. It's important that characters
are passed zero-extended, not sign-extended [from HEAD].
PR: 2682
Andy Polyakov [Thu, 12 Jan 2012 16:36:30 +0000 (16:36 +0000)]
asn1/t_x509.c: fix serial number print, harmonize with a_int.c [from HEAD].
PR: 2675
Submitted by: Annie Yousar
Andy Polyakov [Wed, 11 Jan 2012 21:42:20 +0000 (21:42 +0000)]
ecdsa.pod: typo.
PR: 2678
Submitted by: Annie Yousar
Andy Polyakov [Wed, 11 Jan 2012 15:32:57 +0000 (15:32 +0000)]
aes-sparcv9.pl: clean up regexp [from HEAD].
PR: 2685
Dr. Stephen Henson [Tue, 10 Jan 2012 14:37:09 +0000 (14:37 +0000)]
fix warning
Bodo Möller [Thu, 5 Jan 2012 13:38:47 +0000 (13:38 +0000)]
Update for 0.9.8s.
Bodo Möller [Thu, 5 Jan 2012 13:15:50 +0000 (13:15 +0000)]
Fix usage indentation
Bodo Möller [Thu, 5 Jan 2012 10:22:23 +0000 (10:22 +0000)]
Fix for builds without DTLS support.
Submitted by: Brian Carlstrom
Dr. Stephen Henson [Wed, 4 Jan 2012 23:55:26 +0000 (23:55 +0000)]
update for next version
Dr. Stephen Henson [Wed, 4 Jan 2012 17:01:33 +0000 (17:01 +0000)]
prepare for release
Dr. Stephen Henson [Wed, 4 Jan 2012 16:57:14 +0000 (16:57 +0000)]
update NEWS
Dr. Stephen Henson [Wed, 4 Jan 2012 16:52:53 +0000 (16:52 +0000)]
make update
Dr. Stephen Henson [Wed, 4 Jan 2012 16:51:14 +0000 (16:51 +0000)]
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
Reviewed by: steve
Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
Dr. Stephen Henson [Wed, 4 Jan 2012 16:46:10 +0000 (16:46 +0000)]
add missing part for SGC restart fix (CVE-2011-4619)
Dr. Stephen Henson [Wed, 4 Jan 2012 15:38:54 +0000 (15:38 +0000)]
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) [include source patch this time!]
Dr. Stephen Henson [Wed, 4 Jan 2012 15:33:15 +0000 (15:33 +0000)]
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
Dr. Stephen Henson [Wed, 4 Jan 2012 15:27:54 +0000 (15:27 +0000)]
Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
Dr. Stephen Henson [Wed, 4 Jan 2012 15:26:29 +0000 (15:26 +0000)]
stop warning
Dr. Stephen Henson [Wed, 4 Jan 2012 15:16:20 +0000 (15:16 +0000)]
Check GOST parameters are not NULL (CVE-2012-0027)
Dr. Stephen Henson [Wed, 4 Jan 2012 15:07:54 +0000 (15:07 +0000)]
Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)
Dr. Stephen Henson [Wed, 4 Jan 2012 14:45:09 +0000 (14:45 +0000)]
fix warnings
Dr. Stephen Henson [Wed, 4 Jan 2012 14:24:48 +0000 (14:24 +0000)]
Submitted by: Adam Langley <agl@chromium.org>
Reviewed by: steve
Fix memory leaks.
Dr. Stephen Henson [Mon, 26 Dec 2011 19:38:19 +0000 (19:38 +0000)]
PR: 2326
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve
Fix incorrect comma expressions and goto f_err as alert has been set.
Dr. Stephen Henson [Mon, 19 Dec 2011 17:04:39 +0000 (17:04 +0000)]
PR: 2563
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve
Improved PRNG seeding for VOS.
Andy Polyakov [Fri, 9 Dec 2011 14:26:56 +0000 (14:26 +0000)]
x86-mont.pl: fix bug in integer-only squaring path.
PR: 2648
Dr. Stephen Henson [Tue, 6 Dec 2011 00:01:00 +0000 (00:01 +0000)]
The default CN prompt message can be confusing when often the CN needs to
be the server FQDN: change it.
[Reported by PSW Group]
Bodo Möller [Fri, 2 Dec 2011 12:51:05 +0000 (12:51 +0000)]
Resolve a stack set-up race condition (if the list of compression
methods isn't presorted, it will be sorted on first read).
Submitted by: Adam Langley
Bodo Möller [Fri, 2 Dec 2011 12:41:00 +0000 (12:41 +0000)]
Fix ecdsatest.c.
Submitted by: Emilia Kasper
Bodo Möller [Fri, 2 Dec 2011 12:24:29 +0000 (12:24 +0000)]
Fix BIO_f_buffer().
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
Andy Polyakov [Mon, 14 Nov 2011 21:21:58 +0000 (21:21 +0000)]
Configure: fix corruption in RC4 implementation in darwin64-x86_64-cc.
Andy Polyakov [Sat, 5 Nov 2011 10:16:46 +0000 (10:16 +0000)]
ppc.pl: fix bug in bn_mul_comba4 [from HEAD].
PR: 2636
Submitted by: Charles Bryant
Richard Levitte [Sun, 30 Oct 2011 11:40:59 +0000 (11:40 +0000)]
Teach mkshared.com to have a look for disabled algorithms in opensslconf.h
Dr. Stephen Henson [Thu, 27 Oct 2011 13:06:34 +0000 (13:06 +0000)]
PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.
Dr. Stephen Henson [Thu, 27 Oct 2011 13:01:08 +0000 (13:01 +0000)]
PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix for ECC keys and DTLS.
Dr. Stephen Henson [Wed, 26 Oct 2011 16:43:14 +0000 (16:43 +0000)]
PR: 2632
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve
Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.
Bodo Möller [Wed, 19 Oct 2011 14:58:34 +0000 (14:58 +0000)]
BN_BLINDING multi-threading fix.
Submitted by: Emilia Kasper (Google)
Bodo Möller [Thu, 13 Oct 2011 15:05:50 +0000 (15:05 +0000)]
use -no_ecdhe when using -no_dhe
Bodo Möller [Thu, 13 Oct 2011 13:24:37 +0000 (13:24 +0000)]
Clarify warning
Bodo Möller [Thu, 13 Oct 2011 13:05:12 +0000 (13:05 +0000)]
In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
Submitted by: Bob Buckholz <bbuckholz@google.com>
Dr. Stephen Henson [Sun, 9 Oct 2011 00:56:32 +0000 (00:56 +0000)]
PR: 2482
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.