Skip to content
  1. Aug 11, 2015
    • Matt Caswell's avatar
      Add OSSLTest Engine · 2d5d70b1
      Matt Caswell authored
      
      
      This engine is for testing purposes only. It provides crippled crypto
      implementations and therefore must not be used in any instance where
      security is required.
      
      This will be used by the forthcoming libssl test harness which will operate
      as a man-in-the-middle proxy. The test harness will be able to modify
      TLS packets and read their contents. By using this test engine packets are
      not encrypted and MAC codes always verify.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      2d5d70b1
    • Matt Caswell's avatar
      Check for 0 modulus in BN_MONT_CTX_set · 6a009812
      Matt Caswell authored
      
      
      The function BN_MONT_CTX_set was assuming that the modulus was non-zero
      and therefore that |mod->top| > 0. In an error situation that may not be
      the case and could cause a seg fault.
      
      This is a follow on from CVE-2015-1794.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      6a009812
    • Guy Leaver (guleaver)'s avatar
      Fix seg fault with 0 p val in SKE · 61e72d76
      Guy Leaver (guleaver) authored
      
      
      If a client receives a ServerKeyExchange for an anon DH ciphersuite with the
      value of p set to 0 then a seg fault can occur. This commits adds a test to
      reject p, g and pub key parameters that have a 0 value (in accordance with
      RFC 5246)
      
      The security vulnerability only affects master and 1.0.2, but the fix is
      additionally applied to 1.0.1 for additional confidence.
      
      CVE-2015-1794
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      61e72d76
    • Matt Caswell's avatar
      Normalise make errors output · 870063c8
      Matt Caswell authored
      
      
      make errors wants things in a different order to the way things are
      currently defined in the header files. The easiest fix is to just let it
      reorder it.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      870063c8
  2. Aug 10, 2015
  3. Aug 08, 2015
  4. Aug 06, 2015
  5. Aug 04, 2015
  6. Aug 03, 2015
  7. Aug 02, 2015
  8. Aug 01, 2015
  9. Jul 31, 2015