- 01 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Don't check for NULL before calling a free routine. This gets X509_.*free: x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free X509_STORE_free X509_STORE_CTX_free X509_PKEY_free X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 17 4月, 2015 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 26 3月, 2015 3 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The recent updates to libssl to enforce stricter return code checking, left a small number of instances behind where return codes were being swallowed (typically because the function they were being called from was declared as void). This commit fixes those instances to handle the return codes more appropriately. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 25 3月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Ensure RAND_bytes return value is checked correctly, and that we no longer use RAND_pseudo_bytes. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 23 3月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
Ensure that all functions have their return values checked where appropriate. This covers all functions defined and called from within libssl. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Don't check that the curve appears in the list of acceptable curves for the peer, if they didn't send us such a list (RFC 4492 does not require that the extension be sent). Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 19 3月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
If a client renegotiates using an invalid signature algorithms extension it will crash a server with a NULL pointer dereference. Thanks to David Ramos of Stanford University for reporting this bug. CVE-2015-0291 Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 12 3月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
If SSL_check_chain is called with a NULL X509 object or a NULL EVP_PKEY or the type of the public key is unrecognised then the local variable |cpk| in tls1_check_chain does not get initialised. Subsequently an attempt is made to deref it (after the "end" label), and a seg fault will result. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 11 3月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Suggested by John Foley <foleyj@cisco.com>. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 06 2月, 2015 1 次提交
-
-
由 Rich Salz 提交于
I left many "#if 0" lines, usually because I thought we would probably want to revisit them later, or because they provided some useful internal documentation tips. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 03 2月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add and retrieve extended master secret extension, setting the flag SSL_SESS_FLAG_EXTMS appropriately. Note: this just sets the flag and doesn't include the changes to master secret generation. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 29 1月, 2015 1 次提交
-
-
由 Rich Salz 提交于
An expired IETF Internet-Draft (seven years old) that nobody implements, and probably just as good as NSA DRBG work. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 28 1月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Remove support for SHA0 and DSS0 (they were broken), and remove the ability to attempt to build without SHA (it didn't work). For simplicity, remove the option of not building various SHA algorithms; you could argue that SHA_224/256/384/512 should be kept, since they're like crypto algorithms, but I decided to go the other way. So these options are gone: GENUINE_DSA OPENSSL_NO_SHA0 OPENSSL_NO_SHA OPENSSL_NO_SHA1 OPENSSL_NO_SHA224 OPENSSL_NO_SHA256 OPENSSL_NO_SHA384 OPENSSL_NO_SHA512 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 24 1月, 2015 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 22 1月, 2015 4 次提交
-
-
由 Matt Caswell 提交于
This should be a one off operation (subsequent invokation of the script should not move them) Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 05 1月, 2015 1 次提交
-
-
由 Piotr Sikora 提交于
RT3638 Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 03 1月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
When parsing ClientHello clear any existing extension state from SRP login and SRTP profile. Thanks to Karthikeyan Bhargavan for reporting this issue. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 31 12月, 2014 2 次提交
-
-
由 Cristian Rodríguez 提交于
None of this should live in writable memory Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NGeoff Thorpe <geoff@openssl.org>
-
由 Tim Hudson 提交于
indent will not alter them when reformatting comments Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 16 12月, 2014 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 11 12月, 2014 2 次提交
-
-
由 Jonas Maebe 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Jonas Maebe 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 08 12月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS capable. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 06 12月, 2014 1 次提交
-
-
由 Emilia Kasper 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 05 12月, 2014 2 次提交
-
-
由 Emilia Kasper 提交于
Odd-length lists should be rejected everywhere upon parsing. Nevertheless, be extra careful and add guards against off-by-one reads. Also, drive-by replace inexplicable double-negation with an explicit comparison. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Emilia Kasper 提交于
The Supported Elliptic Curves extension contains a vector of NamedCurves of 2 bytes each, so the total length must be even. Accepting odd-length lists was observed to lead to a non-exploitable one-byte out-of-bounds read in the latest development branches (1.0.2 and master). Released versions of OpenSSL are not affected. Thanks to Felix Groebert of the Google Security Team for reporting this issue. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 21 11月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 20 11月, 2014 2 次提交
-
-
由 Emilia Kasper 提交于
once the ChangeCipherSpec message is received. Previously, the server would set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED. This would allow a second CCS to arrive and would corrupt the server state. (Because the first CCS would latch the correct keys and subsequent CCS messages would have to be encrypted, a MitM attacker cannot exploit this, though.) Thanks to Joeri de Ruiter for reporting this issue. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Emilia Kasper 提交于
This ensures that it's zeroed even if the SSL object is reused (as in ssltest.c). It also ensures that it applies to DTLS, too. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 19 11月, 2014 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Don't send or parse any extensions other than RI (which is needed to handle secure renegotation) for SSLv3. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
The supported signature algorithms extension needs to be processed before the certificate to use is decided and before a cipher is selected (as the set of shared signature algorithms supported may impact the choice). Reviewed-by: NMatt Caswell <matt@openssl.org> (cherry picked from commit 56e8dc542bd693b2dccea8828b3d8e5fc6932d0c) Conflicts: ssl/ssl.h ssl/ssl_err.c
-
- 18 11月, 2014 3 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 24 10月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-