- 10 6月, 2015 14 次提交
-
-
由 Matt Caswell 提交于
It should not be possible for DTLS message fragments to span multiple packets. However previously if the message header fitted exactly into one packet, and the fragment body was in the next packet then this would work. Obviously this would fail if packets get re-ordered mid-flight. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
The underlying field returned by RECORD_LAYER_get_rrec_length() is an unsigned int. The return type of the function should match that. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
In the event of an error in the HMAC function, leaks can occur because the HMAC_CTX does not get cleaned up. Thanks to the BoringSSL project for reporting this issue. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The function EC_POINT_is_on_curve does not return a boolean value. It returns 1 if the point is on the curve, 0 if it is not, and -1 on error. Many usages within OpenSSL were incorrectly using this function and therefore not correctly handling error conditions. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Matt Caswell 提交于
The return type of BIO_number_read() and BIO_number_written() as well as the corresponding num_read and num_write members in the BIO structure has been changed from unsigned long to uint64_t. On platforms where an unsigned long is 32 bits (e.g. Windows) these counters could overflow if >4Gb is transferred. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
This adds additional checks to the processing of extensions in a ClientHello to ensure that either no extensions are present, or if they are then they take up the exact amount of space expected. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
This fixes a memory leak that can occur whilst duplicating a BIO chain if the call to CRYPTO_dup_ex_data() fails. It also fixes a second memory leak where if a failure occurs after successfully creating the first BIO in the chain, then the beginning of the new chain was not freed. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
BUF_MEM_free() attempts to cleanse memory using memset immediately prior to a free. This is at risk of being optimised away by the compiler, so replace with a call to OPENSSL_clear_free() instead. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Richard Levitte 提交于
test/gost2814789test.c needs to include openssl/e_os2.h or it wouldn't see the defined OPENSSL_NO_* macros. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
For librypto to be complete, the stuff in both crypto/ and engines/ have to be built. Doing 'make test' or 'make apps' from a clean source tree failed to do so. Corrected by using the new 'build_libcrypto' in the top Makefile. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
There's a need for a target that will build all of libcrypto, so let's add 'build_libcrypto' that does this. For ortogonality, let's also add 'build_libssl'. Have both also depend on 'libcrypto.pc' and 'libssl.pc' so those get built together with the libraries. This makes 'all' depend on fewer things directly. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Except for VMS startup code. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Also removed a source file that isn't built, and moved another one to test for eventual fixing. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 09 6月, 2015 4 次提交
-
-
由 Jeffrey Walton 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Kurt Roeckx 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> MR #588
-
由 Kurt Roeckx 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> MR #588
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 08 6月, 2015 2 次提交
-
-
由 Emilia Kasper 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Emilia Kasper 提交于
Pointed out by Victor Vasiliev (vasilvv@mit.edu) via Adam Langley (Google). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 07 6月, 2015 1 次提交
-
-
由 Rodger Combs 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 06 6月, 2015 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Add extension and ciphersuites to trace code. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Check return value when calling ASN1_INTEGER_get to retrieve a certificate serial number. If an error occurs (which will be caused by the value being out of range) revert to hex dump of serial number. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 05 6月, 2015 3 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Github User 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Kurt Roeckx 提交于
At least in the case of SSLv3 we can't send an extention. Reviewed-by: NMatt Caswell <matt@openssl.org> MR #811
-
- 04 6月, 2015 5 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Remove a comment that suggested further clean up was required. DH_free() performs the necessary cleanup. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
A BIGNUM can have the value of -0. The function BN_bn2hex fails to account for this and can allocate a buffer one byte too short in the event of -0 being used, leading to a one byte buffer overrun. All usage within the OpenSSL library is considered safe. Any security risk is considered negligible. With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
The session object on the client side is initially created during construction of the ClientHello. If the client is DTLS1.2 capable then it will store 1.2 as the version for the session. However if the server is only DTLS1.0 capable then when the ServerHello comes back the client switches to using DTLS1.0 from then on. However the session version does not get updated. Therefore when the client attempts to resume that session the server throws an alert because of an incorrect protocol version. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 03 6月, 2015 6 次提交
-
-
由 Dr. Stephen Henson 提交于
Make update with manual edit so EVP_PKEY_asn1_set_item uses the same ordinal as 1.0.2. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Sergey Agievich 提交于
PR#3872 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org> (cherry picked from commit ad0fb7f4988c8a717fe6bcb035304385fbdaef41) Conflicts: crypto/asn1/ameth_lib.c
-
由 Matt Caswell 提交于
Some tool chains (e.g. android) do not define IP_PMTUDISC_PROBE, and so this build breaks. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Annie Yousar 提交于
objects.pl only looked for a space to see if the name could be used as a C identifier. Improve the test to match the real C rules. Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Here are the "rules" for handling flags that depend on #ifdef: - Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd entries appear at the end; by convention "engine" is last. This ensures that at run-time, the flag will never be recognized/allowed. The next two bullets entries are for silencing compiler warnings: - In the while/switch parsing statement, use #ifdef for the body to disable it; leave the "case OPT_xxx:" and "break" statements outside the ifdef/ifndef. See ciphers.c for example. - If there are multiple options controlled by a single guard, OPT_FOO, OPT_BAR, etc., put a an #ifdef around the set, and then do "#else" and a series of case labels and a break. See OPENSSL_NO_AES in cms.c for example. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
I also re-ordered some of #ifdef's. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 02 6月, 2015 3 次提交
-
-
由 Jeffrey Walton 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
This is for consistency. Additionally, have its presence define OPENSSL_SYS_WINDOWS as well. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Gunnar Kudrjavets 提交于
Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NMatt Caswell <matt@openssl.org>
-