- 22 6月, 2015 6 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Construct bio_err and bio_stdout from file handles instead of FILE pointers, since the latter might not be implemented (when OPENSSL_NO_STDIO is defined). Convert all output to use BIO_printf. Change lh_foo to lh_SSL_SESSION_foo. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
This reverts commit d480e182. Commit broke TLS handshakes due to fragility of digest caching: that will be fixed separately. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 21 6月, 2015 2 次提交
-
-
由 Dr. Stephen Henson 提交于
We always free the handshake buffer when digests are freed so move it into ssl_free_digest_list() Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 20 6月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 16 6月, 2015 3 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Rich Salz 提交于
When generating a private key, try to make the output file be readable only by the owner. Put it in CHANGES file since it might be noticeable. Add "int private" flag to apps that write private keys, and check that it's set whenever we do write a private key. Checked via assert so that this bug (security-related) gets fixed. Thanks to Viktor for help in tracing the code-paths where private keys are written. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 15 6月, 2015 3 次提交
-
-
由 Rich Salz 提交于
While closing RT3588 (Remove obsolete comment) Kurt and I saw that a few lines to completely clear the SSL cipher state could be moved into a common function. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Tim Hudson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Tim Hudson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 13 6月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
PR#3904 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 12 6月, 2015 2 次提交
-
-
由 Adam Langley 提交于
It is valid for an extension block to be present in a ClientHello, but to be of zero length. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
Recent HMAC changes broke ABI compatibility due to a new field in HMAC_CTX. This backs that change out, and does it a different way. Thanks to Timo Teras for the concept. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 11 6月, 2015 9 次提交
-
-
由 Matt Caswell 提交于
Updates to CHANGES and NEWS to take account of the latest security fixes. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
CVE-2015-1788 Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Emilia Kasper 提交于
CVE-2015-1790 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Emilia Kasper 提交于
Also tighten X509_cmp_time to reject more than three fractional seconds in the time; and to reject trailing garbage after the offset. CVE-2015-1789 Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Fix error handling in ssl_session_dup, as well as incorrect setting up of the session ticket. Follow on from CVE-2015-1791. Thanks to LibreSSL project for reporting these issues. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Determine disabled algorithm masks when algorithms are loaded instead of recalculating them each time. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Restore GOST mac setup which was accidentally removed during cipher refactor. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 10 6月, 2015 13 次提交
-
-
由 Emilia Kasper 提交于
This is a workaround so old that nobody remembers what buggy clients it was for. It's also been broken in stable branches for two years and nobody noticed (see https://boringssl-review.googlesource.com/#/c/1694/). Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
It should not be possible for DTLS message fragments to span multiple packets. However previously if the message header fitted exactly into one packet, and the fragment body was in the next packet then this would work. Obviously this would fail if packets get re-ordered mid-flight. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
The underlying field returned by RECORD_LAYER_get_rrec_length() is an unsigned int. The return type of the function should match that. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
In the event of an error in the HMAC function, leaks can occur because the HMAC_CTX does not get cleaned up. Thanks to the BoringSSL project for reporting this issue. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The function EC_POINT_is_on_curve does not return a boolean value. It returns 1 if the point is on the curve, 0 if it is not, and -1 on error. Many usages within OpenSSL were incorrectly using this function and therefore not correctly handling error conditions. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Matt Caswell 提交于
The return type of BIO_number_read() and BIO_number_written() as well as the corresponding num_read and num_write members in the BIO structure has been changed from unsigned long to uint64_t. On platforms where an unsigned long is 32 bits (e.g. Windows) these counters could overflow if >4Gb is transferred. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
This adds additional checks to the processing of extensions in a ClientHello to ensure that either no extensions are present, or if they are then they take up the exact amount of space expected. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
This fixes a memory leak that can occur whilst duplicating a BIO chain if the call to CRYPTO_dup_ex_data() fails. It also fixes a second memory leak where if a failure occurs after successfully creating the first BIO in the chain, then the beginning of the new chain was not freed. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
BUF_MEM_free() attempts to cleanse memory using memset immediately prior to a free. This is at risk of being optimised away by the compiler, so replace with a call to OPENSSL_clear_free() instead. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Richard Levitte 提交于
test/gost2814789test.c needs to include openssl/e_os2.h or it wouldn't see the defined OPENSSL_NO_* macros. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
For librypto to be complete, the stuff in both crypto/ and engines/ have to be built. Doing 'make test' or 'make apps' from a clean source tree failed to do so. Corrected by using the new 'build_libcrypto' in the top Makefile. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
There's a need for a target that will build all of libcrypto, so let's add 'build_libcrypto' that does this. For ortogonality, let's also add 'build_libssl'. Have both also depend on 'libcrypto.pc' and 'libssl.pc' so those get built together with the libraries. This makes 'all' depend on fewer things directly. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-