generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
11,281 Commits 16 Branches 258 Tags
Commit Graph

338 Commits

Author SHA1 Message Date
Matt Caswell
f16080718e Fix the no-comp option for Windows 
no-comp on Windows was not actually suppressing compilation of the code,
although it was suppressing its use.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit a6406c95984a1009f5676bbcf60cc0d6db107af4)
 2016-03-18 12:17:06 +00:00
Emilia Kasper
59a908f1e8 CVE-2016-0798: avoid memory leak in SRP 
The SRP user database lookup method SRP_VBASE_get_by_user had confusing
memory management semantics; the returned pointer was sometimes newly
allocated, and sometimes owned by the callee. The calling code has no
way of distinguishing these two cases.

Specifically, SRP servers that configure a secret seed to hide valid
login information are vulnerable to a memory leak: an attacker
connecting with an invalid username can cause a memory leak of around
300 bytes per connection.

Servers that do not configure SRP, or configure SRP but do not configure
a seed are not vulnerable.

In Apache, the seed directive is known as SSLSRPUnknownUserSeed.

To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user
is now disabled even if the user has configured a seed.

Applications are advised to migrate to SRP_VBASE_get1_by_user. However,
note that OpenSSL makes no strong guarantees about the
indistinguishability of valid and invalid logins. In particular,
computations are currently not carried out in constant time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-02-25 15:44:21 +01:00
Dr. Stephen Henson
ef6d3485ec update ordinals 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-03-09 16:58:16 +00:00
Dr. Stephen Henson
2175744952 update ordinals 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 31c65a7bc0de7ff1446645d41af388893362f579)
 2015-01-05 16:51:28 +00:00
Dr. Stephen Henson
40acdb192e Update ordinals. 
Use a previously unused value as we will be updating multiple released
branches.
(cherry picked from commit 0737acd2a8cc688902b5151cab5dc6737b82fb96)
 2014-03-12 14:41:37 +00:00
Dr. Stephen Henson
81ce0e14e7 Add ordinal for CRYPTO_memcmp: since this will affect multiple 
branches it needs to be in a "gap".
 2013-01-31 15:31:57 +00:00
Dr. Stephen Henson
e133ff7190 PR: 2840 
Reported by: David McCullough <david_mccullough@mcafee.com>

Restore fips configuration module from 0.9.8.
 2012-07-03 20:16:30 +00:00
Dr. Stephen Henson
7dd6407a4c update ordinals 2011-12-25 14:48:44 +00:00
Dr. Stephen Henson
2a6e3ef37e update ordinals 2011-11-22 14:45:27 +00:00
Bodo Möller
67f8de9ab8 "make update" 2011-10-19 15:24:44 +00:00
Dr. Stephen Henson
6b00cd746a Update ordinals. 2011-10-09 23:14:20 +00:00
Dr. Stephen Henson
38e408076e Update ordinals. 2011-10-09 15:28:52 +00:00
Dr. Stephen Henson
064a6176ac Update ordinals. 2011-08-26 10:45:17 +00:00
Dr. Stephen Henson
7ca035db88 Update ordinals. 2011-07-08 12:12:30 +00:00
Dr. Stephen Henson
907cd7217e update ordinals 2011-06-10 17:17:55 +00:00
Dr. Stephen Henson
b8d78a5520 add cmac to Windows build, update ordinals 2011-06-10 14:12:55 +00:00
Dr. Stephen Henson
e24b01cc6f Have EC_NISTP224_64_GCC_128 treated like any algorithm, and have disabled by 
default. If we don't do it this way, it screws up libeay.num.
(update from HEAD, original from levitte).
 2011-05-12 13:10:27 +00:00
Richard Levitte
9f427a52cb make update (1.0.1-stable) 
This meant a slight renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable.  However, since there's been no release on
this branch yet, it should be harmless.
 2011-03-23 00:06:04 +00:00
Richard Levitte
01d2e27a2b Apply all the changes submitted by Steven M. Schweda <sms@antinode.info> 2011-03-19 09:47:47 +00:00
Ben Laurie
a149b2466e Add SRP. 2011-03-16 11:26:40 +00:00
Dr. Stephen Henson
528ff4b451 Add modes.h to mkdef.pl, update ordinals. 2010-07-25 17:48:35 +00:00
Dr. Stephen Henson
8c00014d7e make update 2010-04-13 17:08:50 +00:00
Dr. Stephen Henson
5b0a79a27a PR: 2220 
Fixes to make OpenSSL compile with no-rc4
 2010-04-06 11:18:32 +00:00
Dr. Stephen Henson
9caf25d144 PR: 1904 
Submitted by: David Woodhouse <dwmw2@infradead.org>

Pass passphrase minimum length down to UI.
 2010-03-27 19:27:51 +00:00
Dr. Stephen Henson
724cca4178 make update 2010-03-09 17:23:51 +00:00
Dr. Stephen Henson
961f1dea06 make update 2010-02-07 13:47:08 +00:00
Dr. Stephen Henson
704d33b347 Add flags functions which were added to 0.9.8 for fips but not 1.0.0 and 
later.
 2010-01-26 14:33:52 +00:00
Dr. Stephen Henson
b2a7515ee8 OPENSSL_isservice is now defined on all platforms not just WIN32 2010-01-26 13:58:49 +00:00
Dr. Stephen Henson
c7d5edbf5e export OPENSSL_isservice and make update 2010-01-26 13:55:33 +00:00
Dr. Stephen Henson
58f4b3511e update ordinals 2010-01-12 17:33:59 +00:00
Dr. Stephen Henson
23c3bee970 make update 2010-01-12 01:59:11 +00:00
Dr. Stephen Henson
41746da8c2 Update ordinals. 2009-11-04 13:29:58 +00:00
Dr. Stephen Henson
c90a1ae0c9 make update 2009-10-18 14:44:51 +00:00
Dr. Stephen Henson
b381e9b952 Update ordinals. 2009-10-15 18:04:43 +00:00
Dr. Stephen Henson
c0688f1aef Make update, deleting bogus DTLS error code 2009-09-06 15:55:54 +00:00
Dr. Stephen Henson
6178da0142 Update from HEAD. 2009-06-17 12:05:51 +00:00
Dr. Stephen Henson
2d0b6c72b8 Update ordinals and sync with 0.9.8 2009-05-28 20:49:29 +00:00
Dr. Stephen Henson
30baeaaeab CryptoAPI engine only exists on WIN32. 2009-04-22 17:36:45 +00:00
Dr. Stephen Henson
0416482605 Make update. 2009-04-13 11:40:00 +00:00
Dr. Stephen Henson
463f448595 Win32 build fixes. 2009-03-31 22:04:25 +00:00
Andy Polyakov
0f76640fba Windows-specific addenum to "engage crypto/modes" commit #17716. 2008-12-23 15:15:44 +00:00
Dr. Stephen Henson
fd252de312 Update libeay.num 2008-11-24 17:46:29 +00:00
Dr. Stephen Henson
ed551cddf7 Update from stable branch. 2008-11-12 17:28:18 +00:00
Dr. Stephen Henson
869eb9e767 Update ordinals. 2008-06-22 01:09:14 +00:00
Dr. Stephen Henson
ce04f91951 Sync ordinals. 2008-06-06 15:57:16 +00:00
Dr. Stephen Henson
9ab89286a2 Sync ordinals with stable branch. 2008-06-05 11:10:49 +00:00
Dr. Stephen Henson
09a6e19431 Update ordinals. 2008-06-04 11:52:36 +00:00
Dr. Stephen Henson
65fd877515 Update ordinals. 2008-05-20 12:23:38 +00:00
Dr. Stephen Henson
6819050722 Delete nonexistant function from pkcs7.h header file. WIN32 build fix from 
stable branch. Sync and update ordinals.
 2008-04-04 00:06:43 +00:00
Dr. Stephen Henson
13baedc55b Update ordinals 2007-12-16 13:16:58 +00:00