summaryrefslogtreecommitdiffstats
path: root/crypto
AgeCommit message (Collapse)Author
2014-03-27Fix alert handling.mancha
Fix OpenSSL 0.9.8 alert handling. PR#3038
2014-02-15Remove duplicate statement.Dr. Stephen Henson
(cherry picked from commit 5a7652c3e585e970e5b778074c92e617e48fde38)
2013-11-21Fixes for no-static-engine and Windows builds.Dr. Stephen Henson
2013-09-17 Fix overly lenient comparisons:Bodo Moeller
- EC_GROUP_cmp shouldn't consider curves equal just because the curve name is the same. (They really *should* be the same in this case, but there's an EC_GROUP_set_curve_name API, which could be misused.) - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates equality (not an error). Reported by: king cope (cherry picked from commit ca567a03ad4595589b6062465a8404764da4e3fa) Conflicts: Configure
2013-04-07Print out DSA key if parameters absent.Dr. Stephen Henson
In DSA_print DSA parameters can be absent (e.g inherited) it is not a fatal error.
2013-03-18x86cpuid.pl: make it work with older CPU.Andy Polyakov
PR: 3005, from master
2013-03-18Encode INTEGER correctly.Dr. Stephen Henson
If an ASN1_INTEGER structure is allocated but not explicitly set encode it as zero: don't generate an invalid zero length INTEGER.
2013-02-10Set next version.Dr. Stephen Henson
Note: it was decided that after 0.9.8y it should be 0.9.8za then 0.9.8zb etc.
2013-02-05prepare for releaseOpenSSL_0_9_8yDr. Stephen Henson
2013-02-05bn_word.c: fix overflow bug in BN_add_word.Andy Polyakov
(cherry picked from commit 134c00659a1bc67ad35a1e4620e16bc4315e6e37)
2013-02-05Move CRYPTO_memcmp to o_init.c when compiling with fips: cryptlib.oDr. Stephen Henson
is in the fips module for fips capable builds.
2013-02-05Fixups.Ben Laurie
2013-02-05Make CBC decoding constant time.Ben Laurie
This patch makes the decoding of SSLv3 and TLS CBC records constant time. Without this, a timing side-channel can be used to build a padding oracle and mount Vaudenay's attack. This patch also disables the stitched AESNI+SHA mode pending a similar fix to that code. In order to be easy to backport, this change is implemented in ssl/, rather than as a generic AEAD mode. In the future this should be changed around so that HMAC isn't in ssl/, but crypto/ as FIPS expects. (cherry picked from commit e130841bccfc0bb9da254dc84e23bc6a1c78a64e) Conflicts: crypto/evp/c_allc.c ssl/ssl_algs.c ssl/ssl_locl.h ssl/t1_enc.c (cherry picked from commit 3622239826698a0e534dcf0473204c724bb9b4b4) Conflicts: ssl/d1_enc.c ssl/s3_enc.c ssl/s3_pkt.c ssl/ssl3.h ssl/ssl_algs.c ssl/t1_enc.c
2013-02-05Add and use a constant-time memcmp.Ben Laurie
This change adds CRYPTO_memcmp, which compares two vectors of bytes in an amount of time that's independent of their contents. It also changes several MAC compares in the code to use this over the standard memcmp, which may leak information about the size of a matching prefix. (cherry picked from commit 2ee798880a246d648ecddadc5b91367bee4a5d98) Conflicts: crypto/crypto.h ssl/t1_lib.c (cherry picked from commit dc406b59f3169fe191e58906df08dce97edb727c) Conflicts: crypto/crypto.h ssl/d1_pkt.c ssl/s3_pkt.c
2013-02-05Don't try and verify signatures if key is NULL (CVE-2013-0166)Dr. Stephen Henson
Add additional check to catch this in ASN1_item_verify too.
2013-01-23Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP setDr. Stephen Henson
2013-01-20Don't include comp.h if no-comp set.Dr. Stephen Henson
2012-11-29PR: 2803Dr. Stephen Henson
Submitted by: jean-etienne.schwartz@bull.net In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
2012-10-05Fix EC_KEY initialization race.Bodo Möller
Submitted by: Adam Langley
2012-09-24Fix Valgrind warning.Bodo Möller
Submitted by: Adam Langley
2012-07-05Remove duplicate symbol in crypto/symhacks.hRichard Levitte
Have the new names start in column 48, that makes it easy to see when the 31 character limit is reached (on a 80 column display, do the math)
2012-05-11PR: 2813Dr. Stephen Henson
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com> Fix possible deadlock when decoding public keys.
2012-05-10prepare for next versionDr. Stephen Henson
2012-05-10prepare for 0.9.8x releaseDr. Stephen Henson
2012-05-10Reported by: Solar Designer of OpenwallDr. Stephen Henson
Make sure tkeylen is initialised properly when encrypting CMS messages.
2012-04-23prepare for next versionDr. Stephen Henson
2012-04-23prepare form 0.9.8w releaseDr. Stephen Henson
2012-04-23The fix for CVE-2012-2110 did not take into account that theDr. Stephen Henson
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an int in OpenSSL 0.9.8, making it still vulnerable. Fix by rejecting negative len parameter. Thanks to the many people who reported this bug and to Tomas Hoger <thoger@redhat.com> for supplying the fix.
2012-04-22correct error codeDr. Stephen Henson
2012-04-19prepare for next versionDr. Stephen Henson
2012-04-19prepare for 0.9.8v releaseDr. Stephen Henson
2012-04-19Check for potentially exploitable overflows in asn1_d2i_read_bioDr. Stephen Henson
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
2012-03-12prepare for next versionDr. Stephen Henson
2012-03-12corrected fix to PR#2711 and also cover mime_param_cmpOpenSSL_0_9_8uDr. Stephen Henson
2012-03-12prepare for releaseDr. Stephen Henson
2012-03-12Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key andDr. Stephen Henson
continue with symmetric decryption process to avoid leaking timing information to an attacker. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this issue. (CVE-2012-0884)
2012-03-08check return value of BIO_write in PKCS7_decryptDr. Stephen Henson
2012-03-07PR: 2755Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reduce MTU after failed transmissions. [0.9.8 version of patch]
2012-03-06return failure code if I/O errorDr. Stephen Henson
2012-03-06revert PR#2755: it breaks compilationDr. Stephen Henson
2012-03-06PR: 2755Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reduce MTU after failed transmissions.
2012-03-06PR: 2696 Submitted by: Rob Austein <sra@hactrn.net>Dr. Stephen Henson
Fix inverted range problem in RFC3779 code. Thanks to Andrew Chi for generating test cases for this bug. [from HEAD]
2012-03-06oops, revert unrelated patchesDr. Stephen Henson
2012-03-06PR: 2748Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix possible DTLS timer deadlock.
2012-02-28Fix memory leak cause by race condition when creating public keys.Dr. Stephen Henson
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-27free headers after use in error messageDr. Stephen Henson
2012-02-27Detect symmetric crypto errors in PKCS7_decrypt.Dr. Stephen Henson
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-23PR: 2711Dr. Stephen Henson
Submitted by: Tomas Mraz <tmraz@redhat.com> Tolerate bad MIME headers in parser.
2012-01-18prepare for next versionDr. Stephen Henson
2012-01-18prepare for releaseDr. Stephen Henson
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-25 04:18:59 +0000