- 08 6月, 2015 1 次提交
-
-
由 Emilia Kasper 提交于
Pointed out by Victor Vasiliev (vasilvv@mit.edu) via Adam Langley (Google). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 07 6月, 2015 1 次提交
-
-
由 Rodger Combs 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 06 6月, 2015 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Add extension and ciphersuites to trace code. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Check return value when calling ASN1_INTEGER_get to retrieve a certificate serial number. If an error occurs (which will be caused by the value being out of range) revert to hex dump of serial number. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 05 6月, 2015 3 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Github User 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Kurt Roeckx 提交于
At least in the case of SSLv3 we can't send an extention. Reviewed-by: NMatt Caswell <matt@openssl.org> MR #811
-
- 04 6月, 2015 5 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Remove a comment that suggested further clean up was required. DH_free() performs the necessary cleanup. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
A BIGNUM can have the value of -0. The function BN_bn2hex fails to account for this and can allocate a buffer one byte too short in the event of -0 being used, leading to a one byte buffer overrun. All usage within the OpenSSL library is considered safe. Any security risk is considered negligible. With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
The session object on the client side is initially created during construction of the ClientHello. If the client is DTLS1.2 capable then it will store 1.2 as the version for the session. However if the server is only DTLS1.0 capable then when the ServerHello comes back the client switches to using DTLS1.0 from then on. However the session version does not get updated. Therefore when the client attempts to resume that session the server throws an alert because of an incorrect protocol version. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 03 6月, 2015 6 次提交
-
-
由 Dr. Stephen Henson 提交于
Make update with manual edit so EVP_PKEY_asn1_set_item uses the same ordinal as 1.0.2. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Sergey Agievich 提交于
PR#3872 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org> (cherry picked from commit ad0fb7f4988c8a717fe6bcb035304385fbdaef41) Conflicts: crypto/asn1/ameth_lib.c
-
由 Matt Caswell 提交于
Some tool chains (e.g. android) do not define IP_PMTUDISC_PROBE, and so this build breaks. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Annie Yousar 提交于
objects.pl only looked for a space to see if the name could be used as a C identifier. Improve the test to match the real C rules. Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Here are the "rules" for handling flags that depend on #ifdef: - Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd entries appear at the end; by convention "engine" is last. This ensures that at run-time, the flag will never be recognized/allowed. The next two bullets entries are for silencing compiler warnings: - In the while/switch parsing statement, use #ifdef for the body to disable it; leave the "case OPT_xxx:" and "break" statements outside the ifdef/ifndef. See ciphers.c for example. - If there are multiple options controlled by a single guard, OPT_FOO, OPT_BAR, etc., put a an #ifdef around the set, and then do "#else" and a series of case labels and a break. See OPENSSL_NO_AES in cms.c for example. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
I also re-ordered some of #ifdef's. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 02 6月, 2015 6 次提交
-
-
由 Jeffrey Walton 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
This is for consistency. Additionally, have its presence define OPENSSL_SYS_WINDOWS as well. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Gunnar Kudrjavets 提交于
Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Olaf Johansson 提交于
Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Per Allansson 提交于
The code in bss_dgram.c checks if IP_MTUDISCOVER is defined, where it should test for IP_MTU_DISCOVER RT#3888 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. CVE-2015-1791 This also fixes RT#3808 where a session ID is changed for a session already in the client session cache. Since the session ID is the key to the cache this breaks the cache access. Parts of this patch were inspired by this Akamai change: https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 01 6月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
dtls1_get_message has an |mt| variable which is the type of the message that is being requested. If it is negative then any message type is allowed. However the value of |mt| is not checked in one of the main code paths, so a peer can send a message of a completely different type and it will be processed as if it was the message type that we were expecting. This has very little practical consequences because the current behaviour will still fail when the format of the message isn't as expected. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 31 5月, 2015 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Where we called openssl_cleanse, make sure we do it on all error paths. Be consistent in use of sizeof(foo) when possible. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 29 5月, 2015 10 次提交
-
-
由 Matt Caswell 提交于
struct ccs_header_st is not used so it should be removed. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Almost two months ago, the warning about non-existing config file was supressed by setting the environment variable OPENSSL_CONF to /dev/null everywhere. Now that this warning is gone, that practice is no longer needed. Reviewed-by: NStephen Henson <steve@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
The module loading feature got broken a while ago, so restore it, but have it a bit more explicit this time around. Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Peter Dettman 提交于
RT 3871 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Create app_load_config(), a routine to load config file. Remove the "always load config" from the main app. Change the places that used to load config to call the new common routine. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Using an enum with -Wswitch means all lookup routines handle all cases. Remove X509_LU_PKEY which was never used. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 28 5月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
The new accessors SSL_get_client_random, SSL_get_server_random and SSL_SESSION_get_master_key should return a size_t to match the type of the |outlen| parameter. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Change the new SSL_get_client_random(), SSL_get_server_random() and SSL_SESSION_get_master_key() functions to use size_t for |outlen| instead of int. Reviewed-by: NTim Hudson <tjh@openssl.org>
-