1. 20 4月, 2015 10 次提交
  2. 18 4月, 2015 3 次提交
  3. 17 4月, 2015 2 次提交
  4. 16 4月, 2015 3 次提交
  5. 15 4月, 2015 3 次提交
  6. 14 4月, 2015 2 次提交
    • M
      Fix ssl_get_prev_session overrun · 5e0a80c1
      Matt Caswell 提交于
      If OpenSSL is configured with no-tlsext then ssl_get_prev_session can read
      past the end of the ClientHello message if the session_id length in the
      ClientHello is invalid. This should not cause any security issues since the
      underlying buffer is 16k in size. It should never be possible to overrun by
      that many bytes.
      
      This is probably made redundant by the previous commit - but you can never be
      too careful.
      
      With thanks to Qinghao Tang for reporting this issue.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      5e0a80c1
    • M
      Check for ClientHello message overruns · 5e9f0eeb
      Matt Caswell 提交于
      The ClientHello processing is insufficiently rigorous in its checks to make
      sure that we don't read past the end of the message. This does not have
      security implications due to the size of the underlying buffer - but still
      needs to be fixed.
      
      With thanks to Qinghao Tang for reporting this issue.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      5e9f0eeb
  7. 12 4月, 2015 4 次提交
  8. 11 4月, 2015 6 次提交
  9. 10 4月, 2015 3 次提交
  10. 09 4月, 2015 3 次提交
    • R
      Have mkerr.pl treat already existing multiline string defs properly · 2cfdfe09
      Richard Levitte 提交于
      Since source reformat, we ended up with some error reason string
      definitions that spanned two lines.  That in itself is fine, but we
      sometimes edited them to provide better strings than what could be
      automatically determined from the reason macro, for example:
      
          {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
           "Peer haven't sent GOST certificate, required for selected ciphersuite"},
      
      However, mkerr.pl didn't treat those two-line definitions right, and
      they ended up being retranslated to whatever the macro name would
      indicate, for example:
      
          {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
           "No gost certificate sent by peer"},
      
      Clearly not what we wanted.  This change fixes this problem.
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      2cfdfe09
    • R
      Drop CA.sh for CA.pl · be739b0c
      Rich Salz 提交于
      Remove CA.sh script and use CA.pl for testing, etc.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      be739b0c
    • R
      consistent test-start logging · 5adac91e
      Rich Salz 提交于
      Output a consistent "start" marker for each test.
      Remove "2>/dev/null" from Makefile command lines.
      Add OPENSSL_CONFIG=/dev/null for places where it's needed, in
      order to suppress a warning message from the openssl CLI.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      5adac91e
  11. 08 4月, 2015 1 次提交