- 12 3月, 2015 8 次提交
-
-
由 Matt Caswell 提交于
Fixed assorted missing return value checks in c3_cpols.c Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The return value from ASN1_STRING_new() was not being checked which could lead to a NULL deref in the event of a malloc failure. Also fixed a mem leak in the error path. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The return value from ASN1_STRING_new() was not being checked which could lead to a NULL deref in the event of a malloc failure. Also fixed a mem leak in the error path. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The call to asn1_do_adb can return NULL on error, so we should check the return value before attempting to use it. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
ASN1_primitive_new takes an ASN1_ITEM * param |it|. There are a couple of conditional code paths that check whether |it| is NULL or not - but later |it| is deref'd unconditionally. If |it| was ever really NULL then this would seg fault. In practice ASN1_primitive_new is marked as an internal function in the public header file. The only places it is ever used internally always pass a non NULL parameter for |it|. Therefore, change the code to sanity check that |it| is not NULL, and remove the conditional checking. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Matt Caswell 提交于
Calling EVP_DigestInit_ex which has already had the digest set up for it should be possible. You are supposed to be able to pass NULL for the type. However currently this seg faults. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Matt Caswell 提交于
In the event of an error |rr| could be NULL. Therefore don't assume you can use |rr| in the error handling code. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Andy Polyakov 提交于
[and respect error return value in ssltest.c] Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 11 3月, 2015 5 次提交
-
-
由 Rich Salz 提交于
Suggested by John Foley <foleyj@cisco.com>. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Richard Levitte 提交于
Configure would load the glob "Configurations*". The problem with this is that it also loads all kinds of backups of those configurations that some editors do, like emacs' classic 'Configurations~'. The solution is to give them an extension, such as '.conf', and make sure to end the glob with that. Also, because 'Configurations.conf' makes for a silly name, and because a possibly large number of configurations will become clutter, move them to a subdirectory 'Configurations/', and rename them to something more expressive, as well as something that sets up some form of sorting order. Thus: Configurations -> Configurations/10-main.conf Configurations.team -> Configurations/90-team.conf Finally, make sure that Configure sorts the list of files that 'glob' produces, and adapt Makefile.org. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Cleanse various intermediate buffers used by the PRF. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Emilia Kasper 提交于
Ensure all malloc failures return -1. Reported by Adam Langley (Google). Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 10 3月, 2015 4 次提交
-
-
由 Richard Godbee 提交于
BIO_debug_callback() no longer assumes the hexadecimal representation of a pointer fits in 8 characters. Signed-off-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
Fix security issue where under certain conditions a client can complete a handshake with an unseeded PRNG. The conditions are: - Client is on a platform where the PRNG has not been seeded, and the user has not seeded manually - A protocol specific client method version has been used (i.e. not SSL_client_methodv23) - A ciphersuite is used that does not require additional random data from the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA) If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable. For example using the following command with an unseeded openssl will succeed on an unpatched platform: openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA CVE-2015-0285 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dmitry-Me 提交于
Signed-off-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 09 3月, 2015 4 次提交
-
-
由 David Woodhouse 提交于
Since commit 741c9959 ("DTLS revision."), we put the wrong protocol version into our ClientHello for DTLS1_BAD_VER. The old DTLS code which used ssl->version was replaced by the more generic SSL3 code which uses ssl->client_version. The Cisco ASA no longer likes our ClientHello. RT#3711 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Commit 9cf0f187 in HEAD, and 68039af3 in 1.0.2, removed a version check from dtls1_buffer_message() which was needed to distinguish between DTLS 1.x and Cisco's pre-standard version of DTLS (DTLS1_BAD_VER). Based on an original patch by David Woodhouse <dwmw2@infradead.org> RT#3703 Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
New function ASN1_STRING_clear_free which cleanses an ASN1_STRING structure before freeing it. Call ASN1_STRING_clear_free on PKCS#8 private key components. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 08 3月, 2015 2 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Viktor Szakats 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 06 3月, 2015 5 次提交
-
-
由 Matt Caswell 提交于
Run make errors on master Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Make the output from mkerr.pl consistent with the newly reformatted code. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
crypto/crypto-lib.com - catch up with the OCSP changes test/maketest.com and test/tests.com - catch up with the addition of test_evp_extra Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 05 3月, 2015 5 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Kurt Cancemi 提交于
This patch uses warning/fatal constants instead of numbers with comments for warning/alerts in d1_pkt.c and s3_pkt.c RT#3725 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error paths as I spotted them along the way. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 04 3月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add RIPEMD160 and whirlpool test data. Add Count keyword to repeatedly call EVP_DigestUpate. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 02 3月, 2015 4 次提交
-
-
由 Dr. Stephen Henson 提交于
CVE-2015-0288 PR#3708 Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
The format script didn't correctly recognise some ASN.1 macros and didn't reformat some files as a result. Fix script and reformat affected files. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Rich Salz 提交于
ACKNOWLEDGEMENTS is now spelled correctly :) README.ASN1 talked about 0.9.6, so it's deleted. I turned doc/standards.txt into a set of one-line summaries of RFCs, and also updated the pointers to original sources (to be web links) Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
These ciphers are removed: TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA TLS1_CK_DHE_DSS_WITH_RC4_128_SHA They were defined in a long-expired IETF internet-draft: draft-ietf-tls-56-bit-ciphersuites-01.txt Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 28 2月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Some Cisco appliances use a pre-standard version number for DTLS. We support this as DTLS1_BAD_VER within the code. This change fixes d2i_SSL_SESSION for that DTLS version. Based on an original patch by David Woodhouse <dwmw2@infradead.org> RT#3704 Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 27 2月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Added various missing return value checks in tls1_change_cipher_state. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-