Commits · a969ca5cc81ad49fe2457b3b951d367e7bc726b7 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

May 10, 2012
- Sanity check record length before skipping explicit IV in DTLS · a969ca5c
  Dr. Stephen Henson authored May 10, 2012
```
to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
```
  a969ca5c
- Reported by: Solar Designer of Openwall · 1e4406a8
  Dr. Stephen Henson authored May 10, 2012
```
Make sure tkeylen is initialised properly when encrypting CMS messages.
```
  1e4406a8
May 04, 2012
- Correct environment variable is OPENSSL_ALLOW_PROXY_CERTS. · 94fbee80
  Richard Levitte authored May 04, 2012
  
  94fbee80
Apr 27, 2012

ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance · c50847c2

Andy Polyakov authored Apr 27, 2012

of digest algorithms, mosty SHA, on Power7. Mystery of century, why SHA,
why slower algorithm are affected more... [from HEAD].
PR: 2794
Submitted by: Ashley Lai

c50847c2

Apr 22, 2012
- correct error code · b1ce2d24
  Dr. Stephen Henson authored Apr 22, 2012
  
  b1ce2d24
- correct old FAQ answers, sync with HEAD · 743fb51d
  Dr. Stephen Henson authored Apr 22, 2012
  
  743fb51d
Apr 19, 2012
- prepare for next version · 0ed78174
  Dr. Stephen Henson authored Apr 19, 2012
  
  0ed78174
- prepare for 1.0.0i release · d0e542fd
  Dr. Stephen Henson authored Apr 19, 2012
  
  OpenSSL_1_0_0i
  
  d0e542fd
- update NEWS · 457863ef
  Dr. Stephen Henson authored Apr 19, 2012
  
  457863ef
- Check for potentially exploitable overflows in asn1_d2i_read_bio · 5bd4fcc5
  Dr. Stephen Henson authored Apr 19, 2012
```
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
```
  5bd4fcc5
- Makefile.org: clear yet another environment variable [from HEAD]. · 3dd2eebf
  Andy Polyakov authored Apr 19, 2012
```
PR: 2793
```
  3dd2eebf
Apr 16, 2012
- OPENSSL_NO_SOCK fixes [from HEAD]. · d079b387
  Andy Polyakov authored Apr 16, 2012
```
PR: 2791
Submitted by: Ben Noordhuis
```
  d079b387
- Minor compatibility fixes [from HEAD]. · 8eeaeb4b
  Andy Polyakov authored Apr 16, 2012
```
PR: 2790
Submitted by: Alexei Khlebnikov
```
  8eeaeb4b
Apr 15, 2012
- s3_srvr.c: fix typo [from HEAD]. · 00419258
  Andy Polyakov authored Apr 15, 2012
```
PR: 2538
```
  00419258
Apr 10, 2012
- update rather ancient EVP digest documentation · 14fa016b
  Dr. Stephen Henson authored Apr 10, 2012
  
  14fa016b
Mar 31, 2012

PR: 2778(part) · 7fdccda3

Dr. Stephen Henson authored Mar 31, 2012

Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Time is always encoded as 4 bytes, not sizeof(Time).

7fdccda3

Mar 29, 2012
- ans1/tasn_prn.c: avoid bool in variable names [from HEAD]. · cdc575c4
  Andy Polyakov authored Mar 29, 2012
```
PR: 2776
```
  cdc575c4
Mar 22, 2012
- Submitted by: Markus Friedl <mfriedl@gmail.com> · 2f0aaf76
  Dr. Stephen Henson authored Mar 22, 2012
```
Fix memory leaks in 'goto err' cases.
```
  2f0aaf76
Mar 18, 2012
- Always use SSLv23_{client,server}_method in s_client.c and s_server.c, · 6b7887b0
  Dr. Stephen Henson authored Mar 18, 2012
```
the old code came from SSLeay days before TLS was even supported.
```
  6b7887b0
Mar 14, 2012
- cipher should only be set to PSK if JPAKE is used. · 9ad1b440
  Richard Levitte authored Mar 14, 2012
  
  9ad1b440
Mar 13, 2012
- config: compensate for bug in Solaris cc drivers, which can remove /dev/null · 9275ad32
  Andy Polyakov authored Mar 13, 2012
```
[from HEAD,1.0.1]
```
  9275ad32
- x86_64-xlate.pl: remove old kludge. · 216a2a5f
  Andy Polyakov authored Mar 13, 2012
```
PR: 2435,2440
```
  216a2a5f
Mar 12, 2012
- prepare for next version · c2c60449
  Dr. Stephen Henson authored Mar 12, 2012
  
  c2c60449
- corrected fix to PR#2711 and also cover mime_param_cmp · dc95c53c
  Dr. Stephen Henson authored Mar 12, 2012
  
  OpenSSL_1_0_0h
  
  dc95c53c
- correct NEWS · b24a53dd
  Dr. Stephen Henson authored Mar 12, 2012
  
  b24a53dd
- fix error code · ffbe7cd0
  Dr. Stephen Henson authored Mar 12, 2012
  
  ffbe7cd0
- prepare for release · 97183a31
  Dr. Stephen Henson authored Mar 12, 2012
  
  97183a31
- update NEWS · 46ed8aff
  Dr. Stephen Henson authored Mar 12, 2012
  
  46ed8aff
- Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and · 6a0a4843
  Dr. Stephen Henson authored Mar 12, 2012
```
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
```
  6a0a4843
Mar 09, 2012

PR: 2756 · ad3d9522

Dr. Stephen Henson authored Mar 09, 2012

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.

ad3d9522

Mar 08, 2012
- check return value of BIO_write in PKCS7_decrypt · 18ea747c
  Dr. Stephen Henson authored Mar 08, 2012
  
  18ea747c
Mar 06, 2012

PR: 2755 · f4f512a8

Dr. Stephen Henson authored Mar 06, 2012

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.

f4f512a8

PR: 2748 · 9c2bed0b

Dr. Stephen Henson authored Mar 06, 2012

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.

9c2bed0b

Mar 03, 2012
- Configure: make no-whirlpool work [from HEAD]. · ad83334e
  Andy Polyakov authored Mar 03, 2012
  
  ad83334e
Feb 29, 2012

PR: 2743 · 2cf4bc9e

Dr. Stephen Henson authored Feb 29, 2012

Reported by: Dmitry Belyavsky <beldmit@gmail.com>

Fix memory leak if invalid GOST MAC key given.

2cf4bc9e

PR: 2742 · c8ac945d

Dr. Stephen Henson authored Feb 29, 2012

Reported by: Dmitry Belyavsky <beldmit@gmail.com>

If resigning with detached content in CMS just copy data across.

c8ac945d

Feb 28, 2012
- Fix memory leak cause by race condition when creating public keys. · 92aa50bc
  Dr. Stephen Henson authored Feb 28, 2012
```
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
```
  92aa50bc
Feb 27, 2012

PR: 2736 · 2f31308b

Dr. Stephen Henson authored Feb 27, 2012

Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.

2f31308b

xn is never actually used, remove it · 468d58e7
Dr. Stephen Henson authored Feb 27, 2012

468d58e7

PR: 2737 · dd4b50ff

Dr. Stephen Henson authored Feb 27, 2012

Submitted by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Fix double free in PKCS12_parse if we run out of memory.

dd4b50ff