1. 06 5月, 2014 1 次提交
  2. 05 5月, 2014 1 次提交
  3. 04 5月, 2014 6 次提交
  4. 02 5月, 2014 1 次提交
  5. 01 5月, 2014 2 次提交
  6. 30 4月, 2014 2 次提交
    • G
      bignum: fix boundary condition in montgomery logic · a5292618
      Geoff Thorpe 提交于
      It's not clear whether this inconsistency could lead to an actual
      computation error, but it involved a BIGNUM being passed around the
      montgomery logic in an inconsistent state. This was found using flags
      -DBN_DEBUG -DBN_DEBUG_RAND, and working backwards from this assertion
      in 'ectest';
      
      ectest: bn_mul.c:960: BN_mul: Assertion `(_bnum2->top == 0) ||
      (_bnum2->d[_bnum2->top - 1] != 0)' failed
      Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
      a5292618
    • B
      More warnings. · 9cabf6bb
      Ben Laurie 提交于
      9cabf6bb
  7. 28 4月, 2014 1 次提交
  8. 27 4月, 2014 3 次提交
  9. 26 4月, 2014 5 次提交
  10. 25 4月, 2014 2 次提交
  11. 24 4月, 2014 3 次提交
  12. 23 4月, 2014 1 次提交
  13. 22 4月, 2014 1 次提交
  14. 21 4月, 2014 1 次提交
  15. 16 4月, 2014 3 次提交
  16. 11 4月, 2014 1 次提交
  17. 09 4月, 2014 3 次提交
  18. 08 4月, 2014 2 次提交
    • D
      Return if ssleay_rand_add called with zero num. · f74fa33b
      Dr. Stephen Henson 提交于
      Treat a zero length passed to ssleay_rand_add a no op: the existing logic
      zeroes the md value which is very bad. OpenSSL itself never does this
      internally and the actual call doesn't make sense as it would be passing
      zero bytes of entropy.
      
      Thanks to Marcus Meissner <meissner@suse.de> for reporting this bug.
      (cherry picked from commit 5be1ae28ef3c4bdec95b94f14e0e939157be550a)
      f74fa33b
    • D
      Add heartbeat extension bounds check. · 731f4314
      Dr. Stephen Henson 提交于
      A missing bounds check in the handling of the TLS heartbeat extension
      can be used to reveal up to 64k of memory to a connected client or
      server.
      
      Thanks for Neel Mehta of Google Security for discovering this bug and to
      Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
      preparing the fix (CVE-2014-0160)
      (cherry picked from commit 96db9023b881d7cd9f379b0c154650d6c108e9a3)
      731f4314
  19. 07 4月, 2014 1 次提交