- 25 Jun, 2015 1 commit
-
-
Dr. Stephen Henson authored
PR#3923 Reviewed-by:
Tim Hudson <tjh@openssl.org> (cherry picked from commit ffbf304d)
-
- 23 Jun, 2015 1 commit
-
-
Rich Salz authored
Typo in local variable name; introduced by previous fix. Reviewed-by:
Richard Levitte <levitte@openssl.org> (cherry picked from commit cc3f3fc2)
-
- 22 Jun, 2015 1 commit
-
-
Rich Salz authored
Reviewed-by:
-
- 21 Jun, 2015 10 commits
-
-
Richard Levitte authored
Reviewed-by:
Rich Salz <rsalz@openssl.org> (cherry picked from commit 8ca96efd)
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
More fprintf()s and printf()s to turn into BIO calls. Reviewed-by: -
Richard Levitte authored
Construct bio_err and bio_stdout from file handles instead of FILE pointers, since the latter might not be implemented (when OPENSSL_NO_STDIO is defined). Convert all output to use BIO_printf. Change lh_foo to lh_SSL_SESSION_foo. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Rich Salz authored
Backport to 1.0.1 and 1.0.2 to fix RT 3905 Reviewed-by:
-
- 16 Jun, 2015 2 commits
-
-
Richard Levitte authored
Reviewed-by:
Kurt Roeckx <kurt@openssl.org> (cherry picked from commit b4f0d1a4)
-
Richard Levitte authored
Reviewed-by:
-
- 12 Jun, 2015 5 commits
-
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Adam Langley authored
It is valid for an extension block to be present in a ClientHello, but to be of zero length. Reviewed-by:
Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Recent HMAC changes broke ABI compatibility due to a new field in HMAC_CTX. This backs that change out, and does it a different way. Thanks to Timo Teras for the concept. Conflicts: crypto/hmac/hmac.c Reviewed-by:
-
- 11 Jun, 2015 9 commits
-
-
Matt Caswell authored
Reviewed-by:Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: -
Andy Polyakov authored
CVE-2015-1788 Reviewed-by:
-
Matt Caswell authored
Updates to CHANGES and NEWS to take account of the latest security fixes. Reviewed-by: -
Emilia Kasper authored
CVE-2015-1790 Reviewed-by: -
Emilia Kasper authored
Also tighten X509_cmp_time to reject more than three fractional seconds in the time; and to reject trailing garbage after the offset. CVE-2015-1789 Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> Reviewed-by:
-
Dr. Stephen Henson authored
Fix loop in do_free_upto if cmsbio is NULL: this will happen when attempting to verify and a digest is not recognised. Reported by Johannes Bauer. CVE-2015-1792 Reviewed-by: -
Richard Levitte authored
$(PROGS) was mistakenly removed, adding it back. Reviewed-by:
-
Matt Caswell authored
Fix error handling in ssl_session_dup, as well as incorrect setting up of the session ticket. Follow on from CVE-2015-1791. Thanks to LibreSSL project for reporting these issues. Conflicts: ssl/ssl_sess.c Reviewed-by:
-
- 10 Jun, 2015 11 commits
-
-
Kurt Roeckx authored
Reviewed-by:
-
Kurt Roeckx authored
Reviewed-by:
-
Matt Caswell authored
It should not be possible for DTLS message fragments to span multiple packets. However previously if the message header fitted exactly into one packet, and the fragment body was in the next packet then this would work. Obviously this would fail if packets get re-ordered mid-flight. Reviewed-by: -
Matt Caswell authored
In the event of an error in the HMAC function, leaks can occur because the HMAC_CTX does not get cleaned up. Thanks to the BoringSSL project for reporting this issue. Reviewed-by:
-
Matt Caswell authored
The function EC_POINT_is_on_curve does not return a boolean value. It returns 1 if the point is on the curve, 0 if it is not, and -1 on error. Many usages within OpenSSL were incorrectly using this function and therefore not correctly handling error conditions. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by:
-
Matt Caswell authored
This adds additional checks to the processing of extensions in a ClientHello to ensure that either no extensions are present, or if they are then they take up the exact amount of space expected. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: -
Matt Caswell authored
This fixes a memory leak that can occur whilst duplicating a BIO chain if the call to CRYPTO_dup_ex_data() fails. It also fixes a second memory leak where if a failure occurs after successfully creating the first BIO in the chain, then the beginning of the new chain was not freed. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: -
Matt Caswell authored
BUF_MEM_free() attempts to cleanse memory using memset immediately prior to a free. This is at risk of being optimised away by the compiler, so replace with a call to OPENSSL_cleanse() instead. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: -
Matt Caswell authored
The fix for CVE-2015-1791 introduced an error in ssl_session_dup for Kerberos. Reviewed-by:
-
Richard Levitte authored
For librypto to be complete, the stuff in both crypto/ and engines/ have to be built. Doing 'make test' or 'make apps' from a clean source tree failed to do so. Corrected by using the new 'build_libcrypto' in the top Makefile. Reviewed-by:
-
Richard Levitte authored
There's a need for a target that will build all of libcrypto, so let's add 'build_libcrypto' that does this. For ortogonality, let's also add 'build_libssl'. Have both also depend on 'libcrypto.pc' and 'libssl.pc' so those get built together with the libraries. This makes 'all' depend on fewer things directly. Reviewed-by:
-
