提交 · 5111672b8e216f7522de794d80c782df5c78c653 · OpenHarmony / Third Party Openssl

05 6月, 2014 6 次提交

D

Update value to use a free bit. · 5111672b
由 Dr. Stephen Henson 提交于 6月 05, 2014

5111672b

Fix for CVE-2014-0195 · 410e444b

由 Dr. Stephen Henson 提交于 5月 13, 2014

A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Fixed by adding consistency check for DTLS fragments.

Thanks to Jüri Aedla for reporting this issue.
(cherry picked from commit 1632ef744872edc2aa2a53d487d3e79c965a4ad3)

410e444b

Fix for CVE-2014-0224 · a91be108

由 Dr. Stephen Henson 提交于 5月 16, 2014

Only accept change cipher spec when it is expected instead of at any
time. This prevents premature setting of session keys before the master
secret is determined which an attacker could use as a MITM attack.

Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
and providing the initial fix this patch is based on.
(cherry picked from commit bc8923b1ec9c467755cd86f7848c50ee8812e441)

a91be108

Additional CVE-2014-0224 protection. · a7c682fb

由 Dr. Stephen Henson 提交于 5月 16, 2014

Return a fatal error if an attempt is made to use a zero length
master secret.
(cherry picked from commit 006cd7083f76ed5cb0d9a914857e9231ef1bc317)

a7c682fb

Fix CVE-2014-0221 · b4322e1d

由 Dr. Stephen Henson 提交于 5月 16, 2014

Unnecessary recursion when receiving a DTLS hello request can be used to
crash a DTLS client. Fixed by handling DTLS hello request without recursion.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
(cherry picked from commit d3152655d5319ce883c8e3ac4b99f8de4c59d846)

b4322e1d

Fix CVE-2014-3470 · a5362db4

由 Dr. Stephen Henson 提交于 5月 29, 2014

Check session_cert is not NULL before dereferencing it.
(cherry picked from commit 8011cd56e39a433b1837465259a9bd24a38727fb)

a5362db4

04 6月, 2014 3 次提交
- A
  
  aesp8-ppc.pl: fix typos. · d86689e1
  由 Andy Polyakov 提交于 6月 04, 2014
  
  d86689e1
- A
  
  evp/e_aes.c: add erroneously omitted break; · 53a224bb
  由 Andy Polyakov 提交于 6月 04, 2014
  
  53a224bb
- L
  
  Corrected OPENSSL_NO_EC_NISTP_64_GCC_128 usage in ec_lcl.h. PR#3370 · 8e323164
  由 Libor Krystek 提交于 6月 03, 2014
  
  8e323164
03 6月, 2014 3 次提交
- D
  
  Check there is enough room for extension. · c7f26739
  由 David Benjamin 提交于 6月 02, 2014
  
  c7f26739
- Z
  Free up s->d1->buffered_app_data.q properly. · 470990fe
  由 zhu qun-ying 提交于 6月 02, 2014
```
PR#3286
```
  470990fe
- A
  evp/e_aes.c: populate HWAES_* to remaning modes. · 030a3f95
  由 Andy Polyakov 提交于 6月 02, 2014
```
Submitted by: Ard Biesheuvel.
```
  030a3f95
02 6月, 2014 12 次提交
- D
  Allow reordering of certificates when signing. · 14f47acf
  由 Dr. Stephen Henson 提交于 6月 02, 2014
```
Add certificates if -nocerts and -certfile specified when signing
in smime application. This can be used this to specify the
order certificates appear in the PKCS#7 structure: some broken
applications require a certain ordering.

PR#3316
```
  14f47acf
- S
  Typo: set i to -1 before goto. · 13b78960
  由 Sami Farin 提交于 6月 02, 2014
```
PR#3302
```
  13b78960
- A
  
  Engage POWER8 AES support. · de51e830
  由 Andy Polyakov 提交于 6月 01, 2014
  
  de51e830
- M
  
  Added SSLErr call for internal error in dtls1_buffer_record · a5510df3
  由 Matt Caswell 提交于 6月 01, 2014
  
  a5510df3
- D
  Delays the queue insertion until after the ssl3_setup_buffers() call due to... · d1e1aeef
  由 David Ramos 提交于 6月 01, 2014
```
Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after-free bug. PR#3362
```
  d1e1aeef
- A
  
  armv4cpuid.S: switch to CNTVCT tick counter. · 72346328
  由 Andy Polyakov 提交于 6月 01, 2014
  
  72346328
- A
  
  sha[1|256]-armv4: harmonize with arm_arch.h. · 797d24be
  由 Andy Polyakov 提交于 6月 01, 2014
  
  797d24be
- A
  
  Engage ARMv8 AES support. · ddacb8f2
  由 Andy Polyakov 提交于 6月 01, 2014
  
  ddacb8f2
- D
  
  Recognise padding extension. · a09220d8
  由 Dr. Stephen Henson 提交于 6月 01, 2014
  
  a09220d8
- D
  Option to disable padding extension. · 01f2f18f
  由 Dr. Stephen Henson 提交于 6月 01, 2014
```
Add TLS padding extension to SSL_OP_ALL so it is used with other
"bugs" options and can be turned off.

This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient
option referring to SSLv2 and SSLREF.

PR#3336
```
  01f2f18f
- A
  
  linux-aarch64: engage SHA modules. · f8aab617
  由 Andy Polyakov 提交于 6月 01, 2014
  
  f8aab617
- A
  
  Add SHA for ARMv8. · ddb6b965
  由 Andy Polyakov 提交于 6月 01, 2014
  
  ddb6b965
01 6月, 2014 16 次提交
- A
  Add linux-aarch64 taget. · e8d93e34
  由 Andy Polyakov 提交于 6月 01, 2014
```
armcap.c is shared between 32- and 64-bit builds and features link-time
detection of getauxval.

Submitted by: Ard Biesheuvel.
```
  e8d93e34
- B
  
  Merge branch 'erbridge-probable_primes' · 992bba11
  由 Ben Laurie 提交于 6月 01, 2014
  
  992bba11
- B
  Credit to Felix. · 5fc3a5fe
  由 Ben Laurie 提交于 6月 01, 2014
```
Closes #116.
```
  5fc3a5fe
- B
  
  Tidy up, don't exceed the number of requested bits. · c93233db
  由 Ben Laurie 提交于 6月 01, 2014
  
  c93233db
- B
  
  Constify and reduce coprime random bits to allow for multiplier. · 46838817
  由 Ben Laurie 提交于 5月 31, 2014
  
  46838817
- B
  
  Zero prime doits. · 0382950c
  由 Ben Laurie 提交于 5月 31, 2014
  
  0382950c
- B
  
  Add option to run all prime tests. · 5efa13ca
  由 Ben Laurie 提交于 5月 31, 2014
  
  5efa13ca
- F
  
  Add a test to check we're really generating probable primes. · 8927c278
  由 Felix Laurie von Massenbach 提交于 5月 27, 2014
  
  8927c278
- F
  
  Remove unused BIGNUMs. · 9a3a9974
  由 Felix Laurie von Massenbach 提交于 5月 27, 2014
  
  9a3a9974
- F
  
  Only count successful generations. · a77889f5
  由 Felix Laurie von Massenbach 提交于 5月 27, 2014
  
  a77889f5
- F
  
  Refactor the first prime index. · c74e1487
  由 Felix Laurie von Massenbach 提交于 5月 27, 2014
  
  c74e1487
- F
  Try skipping over the adding and just picking a new random number. · 982c42cb
  由 Felix Laurie von Massenbach 提交于 5月 27, 2014
```
Generates a number coprime to 2, 3, 5, 7, 11.

Speed:
Trial div (add) : trial div (retry) : coprime
1 : 0.42 : 0.84
```
  982c42cb
- F
  
  Remove editor barf on updating copyright. · 7e965dcc
  由 Felix Laurie von Massenbach 提交于 5月 27, 2014
  
  7e965dcc
- F
  
  Add python script to generate the bits needed for the prime generator. · 8a120852
  由 Felix Laurie von Massenbach 提交于 5月 27, 2014
  
  8a120852
- F
  Generate safe primes not divisible by 3, 5 or 7. · c09ec5d2
  由 Felix Laurie von Massenbach 提交于 5月 27, 2014
```
~2% speed improvement on trial division.
```
  c09ec5d2
- F
  Add a method to generate a prime that is guaranteed not to be divisible by 3 or 5. · b0513819
  由 Felix Laurie von Massenbach 提交于 5月 27, 2014
```
Possibly some reduction in bias, but no speed gains.
```
  b0513819

OpenHarmony / Third Party Openssl 1 年多 前同步成功

OpenHarmony / Third Party Openssl
1 年多前同步成功