1. 11 5月, 2015 1 次提交
  2. 06 5月, 2015 3 次提交
  3. 04 5月, 2015 1 次提交
  4. 02 5月, 2015 2 次提交
  5. 01 5月, 2015 2 次提交
  6. 18 4月, 2015 1 次提交
  7. 17 4月, 2015 1 次提交
  8. 14 4月, 2015 1 次提交
    • M
      Check for ClientHello message overruns · 5e9f0eeb
      Matt Caswell 提交于
      The ClientHello processing is insufficiently rigorous in its checks to make
      sure that we don't read past the end of the message. This does not have
      security implications due to the size of the underlying buffer - but still
      needs to be fixed.
      
      With thanks to Qinghao Tang for reporting this issue.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      5e9f0eeb
  9. 28 3月, 2015 1 次提交
    • R
      free NULL cleanup · c5ba2d99
      Rich Salz 提交于
      EVP_.*free; this gets:
              EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free
              EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it
              EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup
      Reviewed-by: NKurt Roeckx <kurt@openssl.org>
      c5ba2d99
  10. 26 3月, 2015 1 次提交
  11. 25 3月, 2015 2 次提交
    • M
      RAND_bytes updates · 266483d2
      Matt Caswell 提交于
      Ensure RAND_bytes return value is checked correctly, and that we no longer
      use RAND_pseudo_bytes.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      266483d2
    • M
      Add ticket length before buffering DTLS message · 4f9fab6b
      Matt Caswell 提交于
      In ssl3_send_new_session_ticket the message to be sent is constructed. We
      skip adding the length of the session ticket initially, then call
      ssl_set_handshake_header, and finally go back and add in the length of the
      ticket. Unfortunately, in DTLS, ssl_set_handshake_header also has the side
      effect of buffering the message for subsequent retransmission if required.
      By adding the ticket length after the call to ssl_set_handshake_header the
      message that is buffered is incomplete, causing an invalid message to be
      sent on retransmission.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      4f9fab6b
  12. 24 3月, 2015 1 次提交
  13. 23 3月, 2015 2 次提交
  14. 19 3月, 2015 1 次提交
  15. 16 3月, 2015 1 次提交
  16. 11 3月, 2015 1 次提交
  17. 27 2月, 2015 3 次提交
  18. 06 2月, 2015 1 次提交
  19. 03 2月, 2015 1 次提交
    • D
      Add extms support to master key generation. · 0cfb0e75
      Dr. Stephen Henson 提交于
      Update master secret calculation to support extended master secret.
      TLS 1.2 client authentication adds a complication because we need to
      cache the handshake messages. This is simpllified however because
      the point at which the handshake hashes are calculated for extended
      master secret is identical to that required for TLS 1.2 client
      authentication (immediately after client key exchange which is also
      immediately before certificate verify).
      Reviewed-by: NTim Hudson <tjh@openssl.org>
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      0cfb0e75
  20. 28 1月, 2015 1 次提交
    • R
      OPENSSL_NO_xxx cleanup: SHA · 474e469b
      Rich Salz 提交于
      Remove support for SHA0 and DSS0 (they were broken), and remove
      the ability to attempt to build without SHA (it didn't work).
      For simplicity, remove the option of not building various SHA algorithms;
      you could argue that SHA_224/256/384/512 should be kept, since they're
      like crypto algorithms, but I decided to go the other way.
      So these options are gone:
      	GENUINE_DSA         OPENSSL_NO_SHA0
      	OPENSSL_NO_SHA      OPENSSL_NO_SHA1
      	OPENSSL_NO_SHA224   OPENSSL_NO_SHA256
      	OPENSSL_NO_SHA384   OPENSSL_NO_SHA512
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      474e469b
  21. 22 1月, 2015 5 次提交
  22. 08 1月, 2015 1 次提交
    • D
      Unauthenticated DH client certificate fix. · 1421e0c5
      Dr. Stephen Henson 提交于
      Fix to prevent use of DH client certificates without sending
      certificate verify message.
      
      If we've used a client certificate to generate the premaster secret
      ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is
      never called.
      
      We can only skip the certificate verify message in
      ssl3_get_cert_verify if the client didn't send a certificate.
      
      Thanks to Karthikeyan Bhargavan for reporting this issue.
      CVE-2015-0205
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      1421e0c5
  23. 06 1月, 2015 2 次提交
  24. 03 1月, 2015 1 次提交
  25. 31 12月, 2014 1 次提交
  26. 17 12月, 2014 2 次提交