- 26 1月, 2017 7 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Richard Levitte 提交于
When the client reads DH parameters from the TLS stream, we only checked that they all are non-zero. This change updates the check to use DH_check_params() DH_check_params() is a new function for light weight checking of the p and g parameters: check that p is odd check that 1 < g < p - 1 Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Andy Polyakov 提交于
Originally a crash in 32-bit build was reported CHACHA20-POLY1305 cipher. The crash is triggered by truncated packet and is result of excessive hashing to the edge of accessible memory. Since hash operation is read-only it is not considered to be exploitable beyond a DoS condition. Other ciphers were hardened. Thanks to Robert Święcki for report. CVE-2017-3731 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Originally a crash in 32-bit build was reported CHACHA20-POLY1305 cipher. The crash is triggered by truncated packet and is result of excessive hashing to the edge of accessible memory (or bogus MAC value is produced if x86 MD5 assembly module is involved). Since hash operation is read-only it is not considered to be exploitable beyond a DoS condition. Thanks to Robert Święcki for report. CVE-2017-3731 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Cory Benfield 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2288)
-
由 Richard Levitte 提交于
In test/ssl_test, parsing ExpectedClientSignHash ended up in the expected_server_sign_hash field. Reviewed-by: NStephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2289)
-
- 25 1月, 2017 19 次提交
-
-
由 Matt Caswell 提交于
Clashing function code values in evp.h Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2285)
-
由 Matt Caswell 提交于
This function is used to validate application supplied parameters. An assert should be used to check for an error that is internal to OpenSSL. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2275)
-
由 Matt Caswell 提交于
Don't use the temp variable donelen in the non-aad fragmented code path. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2275)
-
由 Matt Caswell 提交于
When doing in place encryption the overlapping buffer check can fail incorrectly where we have done a partial block "Update" operation. This fixes things to take account of any pending partial blocks. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2275)
-
由 Matt Caswell 提交于
The previous commit fixed a bug where a partial block had been passed to an "Update" function and it wasn't properly handled. We should catch this type of error in evp_test. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2275)
-
由 Matt Caswell 提交于
If we have previously been passed a partial block in an "Update" call then make sure we properly increment the output buffer when we use it. Fixes #2273 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2275)
-
由 Matt Caswell 提交于
Lots of references to 16 replaced by AES_BLOCK_SIZE. Also a few other style tweaks in that function Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2275)
-
由 Matt Caswell 提交于
After collecting extensions we must free them again. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2284)
-
由 FdaSilvaYY 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1618)
-
由 FdaSilvaYY 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1618)
-
由 FdaSilvaYY 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1618)
-
由 FdaSilvaYY 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1618)
-
由 FdaSilvaYY 提交于
simplify some code. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1618)
-
由 FdaSilvaYY 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1618)
-
由 FdaSilvaYY 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1618)
-
由 Richard Levitte 提交于
Instead of looking for "200" and "established" (and failing all other 2xx responses or "Established"), let's look for a line that's not a header (i.e. doesn't contain a ':') and where the first space is followed by a '2'. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1664)
-
由 Todd Short 提交于
Remove duplicate defines from EVP source files. Most of them were in evp.h, which is always included. Add new ones evp_int.h EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK is now always defined in evp.h, so remove conditionals on it Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2201)
-
由 Bernd Edlinger 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2132)
-
由 Benjamin Kaduk 提交于
Well, not as much, at least. Commit 07afdf3c changed things so that for SSLv2 format ClientHellos we store the cipher list in the TLS format, i.e., with two bytes per cipher, to be consistent with historical behavior. However, the space allocated for the array still performed the computation with three bytes per cipher, a needless over-allocation (though a relatively small one, all things considered). Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2281)
-
- 24 1月, 2017 12 次提交
-
-
由 Todd Short 提交于
Add Poly1305 as a "signed" digest. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2128)
-
由 Matt Caswell 提交于
SSL_get0_raw_cipherlist() was a little too "raw" in the case of an SSLv2 compat ClientHello. In 1.0.2 and below, during version negotiation, if we received an SSLv2 compat ClientHello but actually wanted to do SSLv3+ then we would construct a "fake" SSLv3+ ClientHello. This "fake" ClientHello would have its ciphersuite list converted to the SSLv3+ format. It was this "fake" raw list that got saved away to later be returned by a call to SSL_get0_raw_cipherlist(). In 1.1.0+ version negotiation works differently and we process an SSLv2 compat ClientHello directly without the need for an intermediary "fake" ClientHello. This meant that the raw ciphersuite list being saved was in the SSLv2 format. Any caller of this function would not expect that and potentially overread the returned buffer by one byte. Fixes #2189 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2280)
-
由 Kazuki Yamaguchi 提交于
ChaCha20 code uses its own custom cipher_data. Add EVP_CIPH_CUSTOM_IV and EVP_CIPH_ALWAYS_CALL_INIT so that the key and the iv can be set by different calls of EVP_CipherInit_ex(). Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2156)
-
由 Bernd Edlinger 提交于
- s == NULL can mean c is a new session *or* lh_insert was unable to create a hash entry. - use lh_SSL_SESSION_retrieve to check for this error condition. - If it happens simply remove the extra reference again. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2138)
-
由 ganesh 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1886)
-
由 ganesh 提交于
According to the documentation, the return code should be -1 when RAND_status does not return 1. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1886)
-
由 ganesh 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1886)
-
由 Andy Polyakov 提交于
This comes from a comment in GH issue #1027. Andy wrote the code, Rich made the PR. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2253)
-
由 Cory Benfield 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1646)
-
由 Cory Benfield 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1646)
-
由 Cory Benfield 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1646)
-
由 Richard Levitte 提交于
It seems that the ssl test 20-cert-select.conf dislikes the lack of TLSv1.2 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2268)
-
- 23 1月, 2017 2 次提交
-
-
由 FdaSilvaYY 提交于
it was getting the SerialNumber of a previous cert. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2272)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1982)
-