Commits · f856173c43c1d98d2dc6f996d5bfb5db3923c147 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

May 10, 2012
- prepare for 0.9.8x release · f856173c
  Dr. Stephen Henson authored May 10, 2012
  
  f856173c
- update NEWS · d742f9eb
  Dr. Stephen Henson authored May 10, 2012
  
  d742f9eb
- Sanity check record length before skipping explicit IV in DTLS · 36dd4cba
  Dr. Stephen Henson authored May 10, 2012
```
to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
```
  36dd4cba
- Reported by: Solar Designer of Openwall · 3978429a
  Dr. Stephen Henson authored May 10, 2012
```
Make sure tkeylen is initialised properly when encrypting CMS messages.
```
  3978429a
May 04, 2012
- Correct environment variable is OPENSSL_ALLOW_PROXY_CERTS. · 885945d6
  Richard Levitte authored May 04, 2012
  
  885945d6
Apr 23, 2012
- prepare for next version · e22e7701
  Dr. Stephen Henson authored Apr 23, 2012
  
  e22e7701
- update STATUS · e0c02033
  Dr. Stephen Henson authored Apr 23, 2012
  
  OpenSSL_0_9_8w
  
  e0c02033
- correct STATUS · e1eec61e
  Dr. Stephen Henson authored Apr 23, 2012
  
  e1eec61e
- correct NEWS · 296fa128
  Dr. Stephen Henson authored Apr 23, 2012
  
  296fa128
- prepare form 0.9.8w release · 6dde222a
  Dr. Stephen Henson authored Apr 23, 2012
  
  6dde222a
- update NEWS · 391ac370
  Dr. Stephen Henson authored Apr 23, 2012
  
  391ac370
- The fix for CVE-2012-2110 did not take into account that the · 8d038a08
  Dr. Stephen Henson authored Apr 23, 2012
```
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
int in OpenSSL 0.9.8, making it still vulnerable. Fix by
rejecting negative len parameter.

Thanks to the many people who reported this bug and to Tomas Hoger
<thoger@redhat.com> for supplying the fix.
```
  8d038a08
Apr 22, 2012
- correct error code · 747c6ffd
  Dr. Stephen Henson authored Apr 22, 2012
  
  747c6ffd
- correct old FAQ answers, sync with HEAD · d4cddc54
  Dr. Stephen Henson authored Apr 22, 2012
  
  d4cddc54
Apr 19, 2012
- prepare for next version · eb7112c1
  Dr. Stephen Henson authored Apr 19, 2012
  
  eb7112c1
- update FAQ · fef9e079
  Dr. Stephen Henson authored Apr 19, 2012
  
  OpenSSL_0_9_8v
  
  fef9e079
- prepare for 0.9.8v release · 8ab27e6e
  Dr. Stephen Henson authored Apr 19, 2012
  
  8ab27e6e
- update NEWS · 64150555
  Dr. Stephen Henson authored Apr 19, 2012
  
  64150555
- Check for potentially exploitable overflows in asn1_d2i_read_bio · 556e27b1
  Dr. Stephen Henson authored Apr 19, 2012
```
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
```
  556e27b1
Apr 15, 2012
- use /fixed argument when linking FIPS targets to disable address space layout randomization · af0c009d
  Dr. Stephen Henson authored Apr 15, 2012
  
  af0c009d
Mar 31, 2012

Dr. Stephen Henson authored Mar 31, 2012

Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Time is always encoded as 4 bytes, not sizeof(Time).

0b1cf4a1

Mar 18, 2012
- Always use SSLv23_{client,server}_method in s_client.c and s_server.c, · a9101cdc
  Dr. Stephen Henson authored Mar 18, 2012
```
the old code came from SSLeay days before TLS was even supported.
```
  a9101cdc
Mar 12, 2012
- prepare for next version · e351e2a7
  Dr. Stephen Henson authored Mar 12, 2012
  
  e351e2a7
- corrected fix to PR#2711 and also cover mime_param_cmp · 21527624
  Dr. Stephen Henson authored Mar 12, 2012
  
  OpenSSL_0_9_8u
  
  21527624
- correct FAQ · ddb78328
  Dr. Stephen Henson authored Mar 12, 2012
  
  ddb78328
- prepare for release · 2fad41d1
  Dr. Stephen Henson authored Mar 12, 2012
  
  2fad41d1
- update NEWS · b9c3d916
  Dr. Stephen Henson authored Mar 12, 2012
  
  b9c3d916
- Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and · 4f2fc3c2
  Dr. Stephen Henson authored Mar 12, 2012
```
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
```
  4f2fc3c2
- fix error code · 48819f4d
  Dr. Stephen Henson authored Mar 12, 2012
  
  48819f4d
- manually patch missing part of PR#2756 · b0cbdd3e
  Dr. Stephen Henson authored Mar 12, 2012
  
  b0cbdd3e
Mar 09, 2012

PR: 2756 · 50161075

Dr. Stephen Henson authored Mar 09, 2012

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.

50161075

Mar 08, 2012
- check return value of BIO_write in PKCS7_decrypt · 25d5d15f
  Dr. Stephen Henson authored Mar 08, 2012
  
  25d5d15f
Mar 07, 2012

PR: 2755 · 725713f7

Dr. Stephen Henson authored Mar 07, 2012

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions. [0.9.8 version of patch]

725713f7

Mar 06, 2012
- return failure code if I/O error · 73eb0972
  Dr. Stephen Henson authored Mar 06, 2012
  
  73eb0972
- revert PR#2755: it breaks compilation · 6720779c
  Dr. Stephen Henson authored Mar 06, 2012
  
  6720779c
- PR: 2755 · b2a2c6af
  Dr. Stephen Henson authored Mar 06, 2012
```
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
```
  b2a2c6af
- PR: 2696 Submitted by: Rob Austein <sra@hactrn.net> · 272993ba
  Dr. Stephen Henson authored Mar 06, 2012
```
Fix inverted range problem in RFC3779 code.

Thanks to Andrew Chi for generating test cases for this bug.

[from HEAD]
```
  272993ba
- oops, revert unrelated patches · 58532ae0
  Dr. Stephen Henson authored Mar 06, 2012
  
  58532ae0
- PR: 2748 · 4e7f6d38
  Dr. Stephen Henson authored Mar 06, 2012
```
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.
```
  4e7f6d38
Feb 28, 2012
- Fix memory leak cause by race condition when creating public keys. · f0be325f
  Dr. Stephen Henson authored Feb 28, 2012
```
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
```
  f0be325f