- 09 8月, 2014 3 次提交
-
-
由 Viktor Szakats 提交于
The "unsigned char *d" should be const. Reviewed-by: NKurt Roeckx <kurt@roeckx.be>
-
由 Matthieu Crapet 提交于
Use SSL3_AL_FATAL instead of the literal constant "2" Every bit of cleanup helps. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
DJGPP is no longer a supported platform. Remove all #ifdef, etc., cases that refer to it. DJGPP also #define'd WATT32, so that is now removed as well.
-
- 07 8月, 2014 14 次提交
-
-
由 Dr. Stephen Henson 提交于
Check SRP parameters when they are received so we can send back an appropriate alert. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Invalid parameters passed to the SRP code can be overrun an internal buffer. Add sanity check that g, A, B < N to SRP code. Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC Group for reporting this issue.
-
由 Dr. Stephen Henson 提交于
If a client attempted to use an SRP ciphersuite and it had not been set up correctly it would crash with a null pointer read. A malicious server could exploit this in a DoS attack. Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon for reporting this issue. CVE-2014-2970 Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Gabor Tyukasz 提交于
CVE-2014-3509 Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Emilia Kasper 提交于
- Upon parsing, reject OIDs with invalid base-128 encoding. - Always NUL-terminate the destination buffer in OBJ_obj2txt printing function. CVE-2014-3508 Reviewed-by: NDr. Stephen Henson <steve@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Emilia Käsper 提交于
CVE-2014-3510 Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 David Benjamin 提交于
CVE-2014-3511 Reviewed-by: NEmilia Käsper <emilia@openssl.org> Reviewed-by: NBodo Möller <bodo@openssl.org>
-
由 Adam Langley 提交于
In a couple of functions, a sequence number would be calculated twice. Additionally, in |dtls1_process_out_of_seq_message|, we know that |frag_len| <= |msg_hdr->msg_len| so the later tests for |frag_len < msg_hdr->msg_len| can be more clearly written as |frag_len != msg_hdr->msg_len|, since that's the only remaining case. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS fragment would cause *ok to be clear, but the return value would still be the number of bytes read. Problem identified by Emilia Käsper, based on previous issue/patch by Adam Langley. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Adam Langley 提交于
Previously, a truncated DTLS fragment in |dtls1_process_out_of_seq_message| would cause *ok to be cleared, but the return value would still be the number of bytes read. This would cause |dtls1_get_message| not to consider it an error and it would continue processing as normal until the calling function noticed that *ok was zero. I can't see an exploit here because |dtls1_get_message| uses |s->init_num| as the length, which will always be zero from what I can see. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Adam Langley 提交于
The |pqueue_insert| function can fail if one attempts to insert a duplicate sequence number. When handling a fragment of an out of sequence message, |dtls1_process_out_of_seq_message| would not call |dtls1_reassemble_fragment| if the fragment's length was zero. It would then allocate a fresh fragment and attempt to insert it, but ignore the return value, leaking the fragment. This allows an attacker to exhaust the memory of a DTLS peer. Fixes CVE-2014-3507 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
In |dtls1_reassemble_fragment|, the value of |msg_hdr->frag_off+frag_len| was being checked against the maximum handshake message size, but then |msg_len| bytes were allocated for the fragment buffer. This means that so long as the fragment was within the allowed size, the pending handshake message could consume 16MB + 2MB (for the reassembly bitmap). Approx 10 outstanding handshake messages are allowed, meaning that an attacker could consume ~180MB per DTLS connection. In the non-fragmented path (in |dtls1_process_out_of_seq_message|), no check was applied. Fixes CVE-2014-3506 Wholly based on patch by Adam Langley with one minor amendment. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Adam Langley 提交于
The |item| variable, in both of these cases, may contain a pointer to a |pitem| structure within |s->d1->buffered_messages|. It was being freed in the error case while still being in |buffered_messages|. When the error later caused the |SSL*| to be destroyed, the item would be double freed. Thanks to Wah-Teh Chang for spotting that the fix in 1632ef74 was inconsistent with the other error paths (but correct). Fixes CVE-2014-3505 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 02 8月, 2014 3 次提交
-
-
由 Bodo Moeller 提交于
-
由 Bodo Moeller 提交于
(If a change is already present in 1.0.1f or 1.0.1h, don't list it again under changes between 1.0.1h and 1.0.2.)
-
由 Bodo Moeller 提交于
-
- 01 8月, 2014 1 次提交
-
-
由 Bodo Moeller 提交于
(which didn't always handle value 0 correctly). Reviewed-by: emilia@openssl.org
-
- 25 7月, 2014 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Don't call internal functions directly call them through SSL_test_functions(). This also makes unit testing work on Windows and platforms that don't export internal functions from shared libraries. By default unit testing is not enabled: it requires the compile time option "enable-unit-test". Reviewed-by: NGeoff Thorpe <geoff@openssl.org>
-
由 Dr. Stephen Henson 提交于
The call to setenv in gost2814789t.c is not portable and may not reflect the location of the GOST ENGINE on all platforms anyway. Instead set OPENSSL_ENGINES in test/Makefile Reviewed-by: NGeoff Thorpe <geoff@openssl.org>
-
- 23 7月, 2014 2 次提交
-
-
由 Geoff Thorpe 提交于
This has been unmaintained for a long time. If it's still of interest to anyone, it can be obtained easily enough by reverting this commit. (It could join other demo code in some other repository, perhaps.) In any case we don't want it taking up space in the baseline source package, so <snip>. Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 22 7月, 2014 2 次提交
-
-
由 Billy Brumley 提交于
PR#2569 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Tim Hudson 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 21 7月, 2014 3 次提交
-
-
由 Andy Polyakov 提交于
and improve performance by 10% on POWER[78]. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Tim Hudson 提交于
statement of opinion rather than a fact. Reviewed-by: NDr. Stephen Henson <steve@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 20 7月, 2014 8 次提交
-
-
由 Andy Polyakov 提交于
[and split ppccap.c to ppccap.c and ppc_arch.h] Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Add cmac.h to mkdef.pl Remove ENGINE_load_rsax from engine.h: no longer built. Update ordinals Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
PR#1675 Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Mike Bland 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Mike Bland 提交于
ssl/ssl_locl.h now comes first to ensure that it will compile standalone. test/testutil.h is considered to be in the same directory as the test file, since the test file will be linked into test/ and built there. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Mike Bland 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Mike Bland 提交于
These help standardize the structure of main() and result reporting. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 19 7月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add support for RFC5649 key wrapping with padding. Add RFC5649 tests to evptests.txt Based on PR#3434 contribution by Petr Spacek <pspacek@redhat.com>. EVP support and minor changes added by Stephen Henson. Doxygen comment block updates by Tim Hudson. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 18 7月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-