- 24 1月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx Remove MS_STATIC; it's a relic from platforms <32 bits. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 23 1月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Use setbuf(fp, NULL) instead of setvbuf(). This removes some ifdef complexity because all of our platforms support setbuf. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 15 1月, 2015 1 次提交
-
-
由 Rich Salz 提交于
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO Two typo's on #endif comments fixed: OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 13 1月, 2015 1 次提交
-
-
由 Rich Salz 提交于
This last one for this ticket. Removes WIN16. So long, MS_CALLBACK and MS_FAR. We won't miss you. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 12 1月, 2015 1 次提交
-
-
由 Rich Salz 提交于
This commit removes NCR, Tandem, Cray. Regenerates TABLE. Removes another missing BEOS fluff. The last platform remaining on this ticket is WIN16. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 07 1月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 06 1月, 2015 6 次提交
-
-
由 Andy Polyakov 提交于
This is re-commit without unrelated modification. Reviewed-by: NMatt Caswell <matt@openssl.org> -
由 Andy Polyakov 提交于
This reverts commit 4fec9150. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> -
由 Dr. Stephen Henson 提交于
OpenSSL clients would tolerate temporary RSA keys in non-export ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which enabled this server side. Remove both options as they are a protocol violation. Thanks to Karthikeyan Bhargavan for reporting this issue. (CVE-2015-0204) Reviewed-by: NMatt Caswell <matt@openssl.org> -
由 Dr. Stephen Henson 提交于
Fix bug where an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2014-3572 Reviewed-by: NMatt Caswell <matt@openssl.org> -
由 Adam Langley 提交于
when its SSL_CTX is updated. From BoringSSL commit https://boringssl.googlesource.com/boringssl/+/a5dc545bbcffd9c24cebe65e9ab5ce72d4535e3aReviewed-by: NRich Salz <rsalz@openssl.org>
-
- 05 1月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). CVE-2014-8275 Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 28 12月, 2014 1 次提交
-
-
由 Rich Salz 提交于
This commit removes DG-UX. It also flushes out some left-behinds in config. And regenerates TABLE from Configure (hadn't been done in awhile). Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 26 12月, 2014 1 次提交
-
-
由 Rich Salz 提交于
This commit removes Sinix/ReliantUNIX RM400 (And a missed piece of BEOS fluff) Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 23 12月, 2014 1 次提交
-
-
由 Rich Salz 提交于
This commit removes MPE/iX Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 22 12月, 2014 1 次提交
-
-
由 Rich Salz 提交于
This commit removes SunOS (a sentimental favorite of mine). Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 20 12月, 2014 1 次提交
-
-
由 Rich Salz 提交于
This commit removes all mention of NeXT and NextStep. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 19 12月, 2014 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> -
由 Rich Salz 提交于
This commit removes Sony NEWS4 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 18 12月, 2014 1 次提交
-
-
由 Rich Salz 提交于
This commit removes BEOS. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 08 12月, 2014 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 04 12月, 2014 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 21 11月, 2014 1 次提交
-
-
由 Annie Yousar 提交于
In keygen, return KEY_SIZE_TOO_SMALL not INVALID_KEYBITS. ** I also increased the minimum from 256 to 512, which is now documented in CHANGES file. ** Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 20 11月, 2014 4 次提交
-
-
由 David Benjamin 提交于
the session's version (server). See also BoringSSL's commit bdf5e72f50e25f0e45e825c156168766d8442dde. Reviewed-by: NDr. Stephen Henson <steve@openssl.org> -
由 Emilia Kasper 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> -
由 Emilia Kasper 提交于
once the ChangeCipherSpec message is received. Previously, the server would set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED. This would allow a second CCS to arrive and would corrupt the server state. (Because the first CCS would latch the correct keys and subsequent CCS messages would have to be encrypted, a MitM attacker cannot exploit this, though.) Thanks to Joeri de Ruiter for reporting this issue. Reviewed-by: NMatt Caswell <matt@openssl.org> -
由 Emilia Kasper 提交于
The server must send a NewSessionTicket message if it advertised one in the ServerHello, so make a missing ticket message an alert in the client. An equivalent change was independently made in BoringSSL, see commit 6444287806d801b9a45baf1f6f02a0e3a16e144c. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 29 10月, 2014 1 次提交
-
-
由 Emilia Kasper 提交于
Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends the extension anew in the ServerHello. Previously, a TLS client would reuse the old extension state and thus accept a session ticket if one was announced in the initial ServerHello. Reviewed-by: NBodo Moeller <bodo@openssl.org>
-
- 28 10月, 2014 2 次提交
-
-
由 Emilia Kasper 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> -
由 Emilia Kasper 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 22 10月, 2014 1 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 15 10月, 2014 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NBodo Möller <bodo@openssl.org> -
由 Bodo Moeller 提交于
Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 02 10月, 2014 1 次提交
-
-
由 Bodo Moeller 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 29 9月, 2014 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> -
由 Dr. Stephen Henson 提交于
Reencode DigestInto in DER and check against the original: this will reject any improperly encoded DigestInfo structures. Note: this is a precautionary measure, there is no known attack which can exploit this. Thanks to Brian Smith for reporting this issue. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 24 9月, 2014 1 次提交
-
-
由 Emilia Kasper 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (cherry picked from commit e9128d9401ad617e17c5eb3772512c24b038b967)
-
- 23 9月, 2014 1 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NBodo Moeller <bodo@openssl.org>
-
- 05 9月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-