oweals/openssl.git
12 years agoPR: 2908
Dr. Stephen Henson [Wed, 21 Nov 2012 14:01:38 +0000 (14:01 +0000)]
PR: 2908
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

Fix DH double free if parameter generation fails.

12 years agocorrect docs
Dr. Stephen Henson [Mon, 19 Nov 2012 20:07:23 +0000 (20:07 +0000)]
correct docs

12 years agoPR: 2880
Dr. Stephen Henson [Sun, 18 Nov 2012 15:20:40 +0000 (15:20 +0000)]
PR: 2880
Submitted by: "Florian Rüchel" <florian.ruechel@ruhr-uni-bochum.de>

Correctly handle local machine keys in the capi ENGINE.

12 years agoaix[64]-cc: get MT support right [from HEAD].
Andy Polyakov [Tue, 16 Oct 2012 08:22:55 +0000 (08:22 +0000)]
aix[64]-cc: get MT support right [from HEAD].

PR: 2896

12 years agoFix EC_KEY initialization race.
Bodo Möller [Fri, 5 Oct 2012 20:51:47 +0000 (20:51 +0000)]
Fix EC_KEY initialization race.

Submitted by: Adam Langley

12 years agobackport OCSP fix enhancement
Dr. Stephen Henson [Fri, 5 Oct 2012 13:02:31 +0000 (13:02 +0000)]
backport OCSP fix enhancement

12 years agoUpdate CHANGES for OCSP fix.
Ben Laurie [Fri, 5 Oct 2012 13:00:17 +0000 (13:00 +0000)]
Update CHANGES for OCSP fix.

12 years agoBackport OCSP fix.
Ben Laurie [Fri, 5 Oct 2012 12:50:24 +0000 (12:50 +0000)]
Backport OCSP fix.

12 years agoFix Valgrind warning.
Bodo Möller [Mon, 24 Sep 2012 19:50:07 +0000 (19:50 +0000)]
Fix Valgrind warning.

Submitted by: Adam Langley

12 years ago* Configure: make the debug-levitte-linux{elf,noasm} less extreme.
Richard Levitte [Mon, 24 Sep 2012 18:49:09 +0000 (18:49 +0000)]
* Configure: make the debug-levitte-linux{elf,noasm} less extreme.

12 years ago* ssl/t1_enc.c (tls1_change_cipher_state): Stupid bug. Fortunately in
Richard Levitte [Fri, 21 Sep 2012 13:08:32 +0000 (13:08 +0000)]
* ssl/t1_enc.c (tls1_change_cipher_state): Stupid bug.  Fortunately in
  debugging code that's seldom used.

12 years agofix memory leak
Dr. Stephen Henson [Tue, 11 Sep 2012 13:45:42 +0000 (13:45 +0000)]
fix memory leak

12 years agoRemove duplicate symbol in crypto/symhacks.h
Richard Levitte [Thu, 5 Jul 2012 09:06:20 +0000 (09:06 +0000)]
Remove duplicate symbol in crypto/symhacks.h
Have the new names start in column 48, that makes it easy to see when
the 31 character limit is reached (on a 80 column display, do the math)

12 years agoPR: 2813
Dr. Stephen Henson [Fri, 11 May 2012 13:49:15 +0000 (13:49 +0000)]
PR: 2813
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>

Fix possible deadlock when decoding public keys.

12 years agoprepare for next version
Dr. Stephen Henson [Thu, 10 May 2012 16:01:11 +0000 (16:01 +0000)]
prepare for next version

12 years agoupdate FAQ OpenSSL_0_9_8x
Dr. Stephen Henson [Thu, 10 May 2012 14:38:52 +0000 (14:38 +0000)]
update FAQ

12 years agoprepare for 0.9.8x release
Dr. Stephen Henson [Thu, 10 May 2012 14:36:07 +0000 (14:36 +0000)]
prepare for 0.9.8x release

12 years agoupdate NEWS
Dr. Stephen Henson [Thu, 10 May 2012 14:35:13 +0000 (14:35 +0000)]
update NEWS

12 years agoSanity check record length before skipping explicit IV in DTLS
Dr. Stephen Henson [Thu, 10 May 2012 14:33:11 +0000 (14:33 +0000)]
Sanity check record length before skipping explicit IV in DTLS
to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)

12 years agoReported by: Solar Designer of Openwall
Dr. Stephen Henson [Thu, 10 May 2012 13:27:57 +0000 (13:27 +0000)]
Reported by: Solar Designer of Openwall

Make sure tkeylen is initialised properly when encrypting CMS messages.

12 years agoCorrect environment variable is OPENSSL_ALLOW_PROXY_CERTS.
Richard Levitte [Fri, 4 May 2012 10:43:17 +0000 (10:43 +0000)]
Correct environment variable is OPENSSL_ALLOW_PROXY_CERTS.

12 years agoprepare for next version
Dr. Stephen Henson [Mon, 23 Apr 2012 21:15:22 +0000 (21:15 +0000)]
prepare for next version

12 years agoupdate STATUS OpenSSL_0_9_8w
Dr. Stephen Henson [Mon, 23 Apr 2012 21:03:04 +0000 (21:03 +0000)]
update STATUS

12 years agocorrect STATUS
Dr. Stephen Henson [Mon, 23 Apr 2012 20:51:18 +0000 (20:51 +0000)]
correct STATUS

12 years agocorrect NEWS
Dr. Stephen Henson [Mon, 23 Apr 2012 20:49:21 +0000 (20:49 +0000)]
correct NEWS

12 years agoprepare form 0.9.8w release
Dr. Stephen Henson [Mon, 23 Apr 2012 20:45:29 +0000 (20:45 +0000)]
prepare form 0.9.8w release

12 years agoupdate NEWS
Dr. Stephen Henson [Mon, 23 Apr 2012 20:43:35 +0000 (20:43 +0000)]
update NEWS

12 years agoThe fix for CVE-2012-2110 did not take into account that the
Dr. Stephen Henson [Mon, 23 Apr 2012 20:35:55 +0000 (20:35 +0000)]
The fix for CVE-2012-2110 did not take into account that the
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
int in OpenSSL 0.9.8, making it still vulnerable. Fix by
rejecting negative len parameter.

Thanks to the many people who reported this bug and to Tomas Hoger
<thoger@redhat.com> for supplying the fix.

12 years agocorrect error code
Dr. Stephen Henson [Sun, 22 Apr 2012 13:31:46 +0000 (13:31 +0000)]
correct error code

12 years agocorrect old FAQ answers, sync with HEAD
Dr. Stephen Henson [Sun, 22 Apr 2012 13:22:38 +0000 (13:22 +0000)]
correct old FAQ answers, sync with HEAD

12 years agoprepare for next version
Dr. Stephen Henson [Thu, 19 Apr 2012 17:03:28 +0000 (17:03 +0000)]
prepare for next version

12 years agoupdate FAQ OpenSSL_0_9_8v
Dr. Stephen Henson [Thu, 19 Apr 2012 12:05:18 +0000 (12:05 +0000)]
update FAQ

12 years agoprepare for 0.9.8v release
Dr. Stephen Henson [Thu, 19 Apr 2012 11:39:03 +0000 (11:39 +0000)]
prepare for 0.9.8v release

12 years agoupdate NEWS
Dr. Stephen Henson [Thu, 19 Apr 2012 11:37:17 +0000 (11:37 +0000)]
update NEWS

12 years agoCheck for potentially exploitable overflows in asn1_d2i_read_bio
Dr. Stephen Henson [Thu, 19 Apr 2012 11:36:09 +0000 (11:36 +0000)]
Check for potentially exploitable overflows in asn1_d2i_read_bio
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)

12 years agouse /fixed argument when linking FIPS targets to disable address space layout randomi...
Dr. Stephen Henson [Sun, 15 Apr 2012 16:48:34 +0000 (16:48 +0000)]
use /fixed argument when linking FIPS targets to disable address space layout randomization

12 years agoPR: 2778(part)
Dr. Stephen Henson [Sat, 31 Mar 2012 18:02:23 +0000 (18:02 +0000)]
PR: 2778(part)
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Time is always encoded as 4 bytes, not sizeof(Time).

12 years agoAlways use SSLv23_{client,server}_method in s_client.c and s_server.c,
Dr. Stephen Henson [Sun, 18 Mar 2012 18:18:30 +0000 (18:18 +0000)]
Always use SSLv23_{client,server}_method in s_client.c and s_server.c,
the old code came from SSLeay days before TLS was even supported.

12 years agoprepare for next version
Dr. Stephen Henson [Mon, 12 Mar 2012 16:35:13 +0000 (16:35 +0000)]
prepare for next version

12 years agocorrected fix to PR#2711 and also cover mime_param_cmp OpenSSL_0_9_8u
Dr. Stephen Henson [Mon, 12 Mar 2012 15:25:53 +0000 (15:25 +0000)]
corrected fix to PR#2711 and also cover mime_param_cmp

12 years agocorrect FAQ
Dr. Stephen Henson [Mon, 12 Mar 2012 15:01:44 +0000 (15:01 +0000)]
correct FAQ

12 years agoprepare for release
Dr. Stephen Henson [Mon, 12 Mar 2012 14:53:14 +0000 (14:53 +0000)]
prepare for release

12 years agoupdate NEWS
Dr. Stephen Henson [Mon, 12 Mar 2012 14:52:14 +0000 (14:52 +0000)]
update NEWS

12 years agoFix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
Dr. Stephen Henson [Mon, 12 Mar 2012 14:51:45 +0000 (14:51 +0000)]
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)

12 years agofix error code
Dr. Stephen Henson [Mon, 12 Mar 2012 14:50:55 +0000 (14:50 +0000)]
fix error code

12 years agomanually patch missing part of PR#2756
Dr. Stephen Henson [Mon, 12 Mar 2012 12:46:52 +0000 (12:46 +0000)]
manually patch missing part of PR#2756

12 years agoPR: 2756
Dr. Stephen Henson [Fri, 9 Mar 2012 15:51:56 +0000 (15:51 +0000)]
PR: 2756
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.

12 years agocheck return value of BIO_write in PKCS7_decrypt
Dr. Stephen Henson [Thu, 8 Mar 2012 14:01:44 +0000 (14:01 +0000)]
check return value of BIO_write in PKCS7_decrypt

12 years agoPR: 2755
Dr. Stephen Henson [Wed, 7 Mar 2012 15:14:16 +0000 (15:14 +0000)]
PR: 2755
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions. [0.9.8 version of patch]

12 years agoreturn failure code if I/O error
Dr. Stephen Henson [Tue, 6 Mar 2012 19:08:30 +0000 (19:08 +0000)]
return failure code if I/O error

12 years agorevert PR#2755: it breaks compilation
Dr. Stephen Henson [Tue, 6 Mar 2012 18:25:33 +0000 (18:25 +0000)]
revert PR#2755: it breaks compilation

12 years agoPR: 2755
Dr. Stephen Henson [Tue, 6 Mar 2012 13:45:47 +0000 (13:45 +0000)]
PR: 2755
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.

12 years agoPR: 2696 Submitted by: Rob Austein <sra@hactrn.net>
Dr. Stephen Henson [Tue, 6 Mar 2012 13:37:52 +0000 (13:37 +0000)]
PR: 2696 Submitted by: Rob Austein <sra@hactrn.net>

Fix inverted range problem in RFC3779 code.

Thanks to Andrew Chi for generating test cases for this bug.

[from HEAD]

12 years agooops, revert unrelated patches
Dr. Stephen Henson [Tue, 6 Mar 2012 13:22:32 +0000 (13:22 +0000)]
oops, revert unrelated patches

12 years agoPR: 2748
Dr. Stephen Henson [Tue, 6 Mar 2012 13:20:20 +0000 (13:20 +0000)]
PR: 2748
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.

12 years agoFix memory leak cause by race condition when creating public keys.
Dr. Stephen Henson [Tue, 28 Feb 2012 14:47:36 +0000 (14:47 +0000)]
Fix memory leak cause by race condition when creating public keys.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.

12 years agofree headers after use in error message
Dr. Stephen Henson [Mon, 27 Feb 2012 16:26:32 +0000 (16:26 +0000)]
free headers after use in error message

12 years agoDetect symmetric crypto errors in PKCS7_decrypt.
Dr. Stephen Henson [Mon, 27 Feb 2012 15:23:20 +0000 (15:23 +0000)]
Detect symmetric crypto errors in PKCS7_decrypt.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.

12 years agoPR: 2711
Dr. Stephen Henson [Thu, 23 Feb 2012 21:50:13 +0000 (21:50 +0000)]
PR: 2711
Submitted by: Tomas Mraz <tmraz@redhat.com>

Tolerate bad MIME headers in parser.

12 years agoFix bug in CVE-2011-4619: check we have really received a client hello
Dr. Stephen Henson [Thu, 16 Feb 2012 15:21:17 +0000 (15:21 +0000)]
Fix bug in CVE-2011-4619: check we have really received a client hello
before rejecting multiple SGC restarts.

12 years agoPR: 2703
Dr. Stephen Henson [Sat, 11 Feb 2012 23:12:34 +0000 (23:12 +0000)]
PR: 2703
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Fix some memory and resource leaks in CAPI ENGINE.

12 years agoPR: 2705
Dr. Stephen Henson [Sat, 11 Feb 2012 23:07:32 +0000 (23:07 +0000)]
PR: 2705
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Only create ex_data indices once for CAPI engine.

12 years agofix Visual Studio 2010 warning [from HEAD] (original by appro)
Dr. Stephen Henson [Fri, 20 Jan 2012 23:24:17 +0000 (23:24 +0000)]
fix Visual Studio 2010 warning [from HEAD] (original by appro)

12 years agoprepare for next version
Dr. Stephen Henson [Wed, 18 Jan 2012 14:27:13 +0000 (14:27 +0000)]
prepare for next version

12 years agoupdate FAQ OpenSSL_0_9_8t
Dr. Stephen Henson [Wed, 18 Jan 2012 13:15:37 +0000 (13:15 +0000)]
update FAQ

12 years agoprepare for release
Dr. Stephen Henson [Wed, 18 Jan 2012 13:14:49 +0000 (13:14 +0000)]
prepare for release

12 years agoupdate NEWS
Dr. Stephen Henson [Wed, 18 Jan 2012 13:13:31 +0000 (13:13 +0000)]
update NEWS

12 years agoFix for DTLS DoS issue introduced by fix for CVE-2011-4109.
Dr. Stephen Henson [Wed, 18 Jan 2012 13:12:08 +0000 (13:12 +0000)]
Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)

12 years agofix CHANGES entry
Dr. Stephen Henson [Tue, 17 Jan 2012 14:18:26 +0000 (14:18 +0000)]
fix CHANGES entry

12 years agofix warning
Dr. Stephen Henson [Tue, 10 Jan 2012 14:37:00 +0000 (14:37 +0000)]
fix warning

12 years agoFix usage indentation
Bodo Möller [Thu, 5 Jan 2012 13:15:29 +0000 (13:15 +0000)]
Fix usage indentation

12 years agoFix for builds without DTLS support.
Bodo Möller [Thu, 5 Jan 2012 10:21:49 +0000 (10:21 +0000)]
Fix for builds without DTLS support.

Submitted by: Brian Carlstrom

12 years agoupdate for next version
Dr. Stephen Henson [Wed, 4 Jan 2012 23:56:13 +0000 (23:56 +0000)]
update for next version

12 years agoupdate FAQ OpenSSL_0_9_8s
Dr. Stephen Henson [Wed, 4 Jan 2012 19:23:07 +0000 (19:23 +0000)]
update FAQ

12 years agoprepare for 0.9.8s release
Dr. Stephen Henson [Wed, 4 Jan 2012 19:20:49 +0000 (19:20 +0000)]
prepare for 0.9.8s release

12 years agoupdate NEWS
Dr. Stephen Henson [Wed, 4 Jan 2012 19:16:11 +0000 (19:16 +0000)]
update NEWS

12 years agomake update
Dr. Stephen Henson [Wed, 4 Jan 2012 19:12:39 +0000 (19:12 +0000)]
make update

12 years agoSubmitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen...
Dr. Stephen Henson [Wed, 4 Jan 2012 19:10:16 +0000 (19:10 +0000)]
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
Reviewed by: steve

Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.

12 years agoFix double free in policy check code (CVE-2011-4109)
Dr. Stephen Henson [Wed, 4 Jan 2012 19:00:28 +0000 (19:00 +0000)]
Fix double free in policy check code (CVE-2011-4109)

12 years agoClear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
Dr. Stephen Henson [Wed, 4 Jan 2012 18:54:17 +0000 (18:54 +0000)]
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)

12 years agoOnly allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
Dr. Stephen Henson [Wed, 4 Jan 2012 18:52:18 +0000 (18:52 +0000)]
Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)

12 years agostop warning
Dr. Stephen Henson [Wed, 4 Jan 2012 18:45:18 +0000 (18:45 +0000)]
stop warning

12 years agoPrevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)
Dr. Stephen Henson [Wed, 4 Jan 2012 18:44:20 +0000 (18:44 +0000)]
Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)

12 years agoSubmitted by: Adam Langley <agl@chromium.org>
Dr. Stephen Henson [Wed, 4 Jan 2012 14:25:10 +0000 (14:25 +0000)]
Submitted by: Adam Langley <agl@chromium.org>
Reviewed by: steve

Fix memory leaks.

12 years agoPR: 2326
Dr. Stephen Henson [Mon, 26 Dec 2011 19:38:28 +0000 (19:38 +0000)]
PR: 2326
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve

Fix incorrect comma expressions and goto f_err as alert has been set.

12 years agox86-mont.pl: fix bug in integer-only squaring path [from HEAD].
Andy Polyakov [Fri, 9 Dec 2011 14:28:48 +0000 (14:28 +0000)]
x86-mont.pl: fix bug in integer-only squaring path [from HEAD].
PR: 2648

12 years agoThe default CN prompt message can be confusing when often the CN needs to
Dr. Stephen Henson [Tue, 6 Dec 2011 00:01:09 +0000 (00:01 +0000)]
The default CN prompt message can be confusing when often the CN needs to
 be the server FQDN: change it.
[Reported by PSW Group]

12 years agoResolve a stack set-up race condition (if the list of compression
Bodo Möller [Fri, 2 Dec 2011 12:50:44 +0000 (12:50 +0000)]
Resolve a stack set-up race condition (if the list of compression
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley

12 years agoFix ecdsatest.c.
Bodo Möller [Fri, 2 Dec 2011 12:40:25 +0000 (12:40 +0000)]
Fix ecdsatest.c.

Submitted by: Emilia Kasper

12 years agoFix BIO_f_buffer().
Bodo Möller [Fri, 2 Dec 2011 12:23:57 +0000 (12:23 +0000)]
Fix BIO_f_buffer().

Submitted by: Adam Langley
Reviewed by: Bodo Moeller

13 years agoppc.pl: fix bug in bn_mul_comba4 [from HEAD].
Andy Polyakov [Sat, 5 Nov 2011 10:17:06 +0000 (10:17 +0000)]
ppc.pl: fix bug in bn_mul_comba4 [from HEAD].
PR: 2636
Submitted by: Charles Bryant

13 years agoPR: 2628
Dr. Stephen Henson [Thu, 27 Oct 2011 13:06:26 +0000 (13:06 +0000)]
PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.

13 years agoPR: 2632
Dr. Stephen Henson [Wed, 26 Oct 2011 16:42:48 +0000 (16:42 +0000)]
PR: 2632
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.

13 years agoBN_BLINDING multi-threading fix.
Bodo Möller [Wed, 19 Oct 2011 14:57:59 +0000 (14:57 +0000)]
BN_BLINDING multi-threading fix.

Submitted by: Emilia Kasper (Google)

13 years agoOops: this change (http://cvs.openssl.org/chngview?cn=21503)
Bodo Möller [Wed, 19 Oct 2011 13:53:41 +0000 (13:53 +0000)]
Oops: this change (cvs.openssl.org/chngview?cn=21503)
wasn't right for 0.9.8-stable (it's actually a fix for
http://cvs.openssl.org/chngview?cn=14494, which introduced
SSL_CTRL_SET_MAX_SEND_FRAGMENT).

13 years agoClarify warning
Bodo Möller [Thu, 13 Oct 2011 13:24:13 +0000 (13:24 +0000)]
Clarify warning

13 years agoIn ssl3_clear, preserve s3->init_extra along with s3->rbuf.
Bodo Möller [Thu, 13 Oct 2011 13:04:40 +0000 (13:04 +0000)]
In ssl3_clear, preserve s3->init_extra along with s3->rbuf.

Submitted by: Bob Buckholz <bbuckholz@google.com>

13 years agoPR: 2482
Dr. Stephen Henson [Sun, 9 Oct 2011 00:56:18 +0000 (00:56 +0000)]
PR: 2482
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.

13 years agofix signed/unsigned warning
Dr. Stephen Henson [Mon, 26 Sep 2011 17:05:00 +0000 (17:05 +0000)]
fix signed/unsigned warning

13 years agouse keyformat for -x509toreq, don't hard code PEM
Dr. Stephen Henson [Fri, 23 Sep 2011 21:49:08 +0000 (21:49 +0000)]
use keyformat for -x509toreq, don't hard code PEM