Skip to content
  1. May 29, 2015
  2. May 28, 2015
  3. May 27, 2015
  4. May 26, 2015
  5. May 25, 2015
  6. May 24, 2015
  7. May 23, 2015
  8. May 22, 2015
    • Matt Caswell's avatar
      Fix typo setting up certificate masks · fdfe8b06
      Matt Caswell authored
      
      
      The certificate masks are used to select which ciphersuite we are going to
      use. The variables |emask_k| and |emask_a| relate to export grade key
      exchange and authentication respecitively. The variables |mask_k| and
      |mask_a| are the equivalent versions for non-export grade. This fixes an
      instance where the two usages of export/non-export were mixed up. In
      practice it makes little difference since it still works!
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      fdfe8b06
    • Matt Caswell's avatar
      Remove export static DH ciphersuites · 13f8eb47
      Matt Caswell authored
      
      
      Remove support for the two export grade static DH ciphersuites. These two
      ciphersuites were newly added (along with a number of other static DH
      ciphersuites) to 1.0.2. However the two export ones have *never* worked
      since they were introduced. It seems strange in any case to be adding new
      export ciphersuites, and given "logjam" it also does not seem correct to
      fix them.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      13f8eb47
    • Matt Caswell's avatar
      Fix off-by-one in BN_rand · efee575a
      Matt Caswell authored
      
      
      If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
      buffer overflow can occur. There are no such instances within the OpenSSL at
      the moment.
      
      Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
      discovering and reporting this issue.
      
      Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
      efee575a
    • Matt Caswell's avatar
      Reject negative shifts for BN_rshift and BN_lshift · 7cc18d81
      Matt Caswell authored
      
      
      The functions BN_rshift and BN_lshift shift their arguments to the right or
      left by a specified number of bits. Unpredicatable results (including
      crashes) can occur if a negative number is supplied for the shift value.
      
      Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian
      for discovering and reporting this issue.
      
      Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
      7cc18d81