- 03 1月, 2015 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
MS Server gated cryptography is obsolete and dates from the time of export restrictions on strong encryption and is only used by ancient versions of MSIE. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
When parsing ClientHello clear any existing extension state from SRP login and SRTP profile. Thanks to Karthikeyan Bhargavan for reporting this issue. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 31 12月, 2014 3 次提交
-
-
由 Martin Nowak 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NGeoff Thorpe <geoff@openssl.org>
-
由 Cristian Rodríguez 提交于
None of this should live in writable memory Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NGeoff Thorpe <geoff@openssl.org>
-
由 Tim Hudson 提交于
indent will not alter them when reformatting comments Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 20 12月, 2014 1 次提交
-
-
由 Rich Salz 提交于
This commit removes all mention of NeXT and NextStep. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 19 12月, 2014 1 次提交
-
-
由 Matt Caswell 提交于
Introduce use of DECLARE_DEPRECATED Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 17 12月, 2014 5 次提交
-
-
由 Adam Langley 提交于
From BoringSSL - Send an alert when the client key exchange isn't correctly formatted. - Reject overly short RSA ciphertexts to avoid a (benign) out-of-bounds memory access. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 16 12月, 2014 7 次提交
-
-
由 Matt Caswell 提交于
ssl_locl.h Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Adam Langley 提交于
The client_version needs to be preserved for the RSA key exchange. This change also means that renegotiation will, like TLS, repeat the old client_version rather than advertise only the final version. (Either way, version change on renego is not allowed.) This is necessary in TLS to work around an SChannel bug, but it's not strictly necessary in DTLS. (From BoringSSL) Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Kurt Roeckx 提交于
RT#3625 Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 13 12月, 2014 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 12 12月, 2014 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 11 12月, 2014 7 次提交
-
-
由 Jonas Maebe 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Jonas Maebe 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Jonas Maebe 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Jonas Maebe 提交于
serverinfo_process_buffer: check result of realloc(ctx->cert->key->serverinfo) and don't leak memory if it fails Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Jonas Maebe 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Jonas Maebe 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Jonas Maebe 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 09 12月, 2014 3 次提交
-
-
由 Geoff Thorpe 提交于
Exported headers shouldn't be included as "foo.h" by code from the same module, it should only do so for module-internal headers. This is because the symlinking of exported headers (from include/openssl/foo.h to crypto/foo/foo.h) is being removed, and the exported headers are being moved to the include/openssl/ directory instead. Change-Id: I4c1d80849544713308ddc6999a549848afc25f94 Signed-off-by: NGeoff Thorpe <geoff@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 08 12月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS capable. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 06 12月, 2014 1 次提交
-
-
由 Emilia Kasper 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 05 12月, 2014 6 次提交
-
-
由 Emilia Kasper 提交于
Odd-length lists should be rejected everywhere upon parsing. Nevertheless, be extra careful and add guards against off-by-one reads. Also, drive-by replace inexplicable double-negation with an explicit comparison. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Emilia Kasper 提交于
The Supported Elliptic Curves extension contains a vector of NamedCurves of 2 bytes each, so the total length must be even. Accepting odd-length lists was observed to lead to a non-exploitable one-byte out-of-bounds read in the latest development branches (1.0.2 and master). Released versions of OpenSSL are not affected. Thanks to Felix Groebert of the Google Security Team for reporting this issue. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Jonas Maebe 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Jonas Maebe 提交于
Always use goto err on failure and call ssl_cert_free() on the error path so all fields and "ret" itself are freed Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Kurt Roeckx 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Jonas Maebe 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-