Skip to content
  1. Apr 24, 2015
  2. Apr 22, 2015
    • Loganaden Velvindron's avatar
      Fix CRYPTO_strdup · 8031d26b
      Loganaden Velvindron authored
      
      
      The function CRYPTO_strdup (aka OPENSSL_strdup) fails to check the return
      value from CRYPTO_malloc to see if it is NULL before attempting to use it.
      This patch adds a NULL check.
      
      RT3786
      
      Signed-off-by: default avatarMatt Caswell <matt@openssl.org>
      (cherry picked from commit 37b0cf936744d9edb99b5dd82cae78a7eac6ad60)
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit 20d21389c8b6f5b754573ffb6a4dc4f3986f2ca4)
      8031d26b
    • Dr. Stephen Henson's avatar
      SSL_CIPHER lookup functions. · 98c9ce2f
      Dr. Stephen Henson authored
      
      
      Add tables to convert between SSL_CIPHER fields and indices for ciphers
      and MACs.
      
      Reorganise ssl_ciph.c to use tables to lookup values and load them.
      
      New functions SSL_CIPHER_get_cipher_nid and SSL_CIPHER_get_digest_nid.
      
      Add documentation.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      98c9ce2f
  3. Apr 21, 2015
  4. Apr 20, 2015
  5. Apr 18, 2015
  6. Apr 17, 2015
  7. Apr 16, 2015
  8. Apr 15, 2015
  9. Apr 14, 2015
    • Matt Caswell's avatar
      Fix ssl_get_prev_session overrun · 5e0a80c1
      Matt Caswell authored
      
      
      If OpenSSL is configured with no-tlsext then ssl_get_prev_session can read
      past the end of the ClientHello message if the session_id length in the
      ClientHello is invalid. This should not cause any security issues since the
      underlying buffer is 16k in size. It should never be possible to overrun by
      that many bytes.
      
      This is probably made redundant by the previous commit - but you can never be
      too careful.
      
      With thanks to Qinghao Tang for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      5e0a80c1
    • Matt Caswell's avatar
      Check for ClientHello message overruns · 5e9f0eeb
      Matt Caswell authored
      
      
      The ClientHello processing is insufficiently rigorous in its checks to make
      sure that we don't read past the end of the message. This does not have
      security implications due to the size of the underlying buffer - but still
      needs to be fixed.
      
      With thanks to Qinghao Tang for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      5e9f0eeb
  10. Apr 11, 2015