- Aug 06, 2014
-
-
Adam Langley authored
The |item| variable, in both of these cases, may contain a pointer to a |pitem| structure within |s->d1->buffered_messages|. It was being freed in the error case while still being in |buffered_messages|. When the error later caused the |SSL*| to be destroyed, the item would be double freed. Thanks to Wah-Teh Chang for spotting that the fix in 1632ef74 was inconsistent with the other error paths (but correct). Fixes CVE-2014-3505 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Aug 01, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
We can't rename ssleay_rand_bytes to md_rand_bytes_lock as this will cause an error code discrepancy. Instead keep ssleay_rand_bytes and add an extra parameter: since ssleay_rand_bytes is not part of the public API this wont cause any binary compatibility issues. Reviewed-by: Kurt Roeckx <kurt@openssl.org >
-
Bodo Moeller authored
-
Bodo Moeller authored
don't list it again under changes between 1.0.1h and 1.0.2.
-
Bodo Moeller authored
(which didn't always handle value 0 correctly). Reviewed-by: <emilia@openssl.org>
-
- Jul 30, 2014
-
-
Dr. Stephen Henson authored
Don't use multiple locks when SP800-90 DRBG is used outside FIPS mode. PR#3176 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jul 24, 2014
-
-
Dr. Stephen Henson authored
Don't call internal functions directly call them through SSL_test_functions(). This also makes unit testing work on Windows and platforms that don't export internal functions from shared libraries. By default unit testing is not enabled: it requires the compile time option "enable-unit-test". Reviewed-by: Geoff Thorpe <geoff@openssl.org> (cherry picked from commit e0fc7961) Conflicts: ssl/heartbeat_test.c ssl/ssl.h util/mkdef.pl
-
- Jul 22, 2014
-
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Jul 21, 2014
-
-
Billy Brumley authored
PR#2569 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit cba11f57)
-
Tim Hudson authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 62352b81)
-
Andy Polyakov authored
and improve performance by 10% on POWER[78]. Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 5c359830)
-
Tim Hudson authored
statement of opinion rather than a fact. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit c8d133e4)
-
- Jul 20, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Jul 19, 2014
-
-
Dr. Stephen Henson authored
PR#1675 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 197400c3f0d617d71ad8167b52fb73046d334320)
-
- Jul 17, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 58f4698f)
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit d12eef15)
-
Jeffrey Walton authored
PR#3456 Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit d48e78f0)
-
- Jul 16, 2014
-
-
Matt Caswell authored
PR#3442 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 2097a17c)
-
- Jul 15, 2014
-
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 3bd54819)
-
Dr. Stephen Henson authored
PR#3452 (cherry picked from commit ca2015a6)
-
Dr. Stephen Henson authored
Use same logic when determining when to expect a client certificate for both TLS and DTLS. PR#3452 (cherry picked from commit c8d710dc)
-
Dr. Stephen Henson authored
The options which emulate a web server don't make sense when doing DTLS. Exit with an error if an attempt is made to use them. PR#3453 (cherry picked from commit 58a2aaeade8bdecd0f9f0df41927f7cff3012547)
-
- Jul 14, 2014
-
-
Dr. Stephen Henson authored
PR#3445 (cherry picked from commit 1c3e9a7c)
-
Hubert Kario authored
Add description of the option to advertise support of Next Protocol Negotiation extension (-nextprotoneg) to man pages of s_client and s_server. PR#3444 (cherry picked from commit 7efd0e77)
-
Dr. Stephen Henson authored
(cherry picked from commit 7aabd9c92fe6f0ea2a82869e5171dcc4518cee85)
-
- Jul 13, 2014
-
-
Matt Caswell authored
This is actually ok for this function, but initialised to zero anyway if PURIFY defined. This does have the impact of masking any *real* unitialised data reads in bn though. Patch based on approach suggested by Rich Salz. PR#3415 (cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)
-
Peter Mosmans authored
PR#3440 (cherry picked from commit 924e5eda)
-
Richard Levitte authored
Detected by dcruette@qualitesys.com (cherry picked from commit 8b5dd340)
-
- Jul 10, 2014
-
-
Ben Laurie authored
(cherry picked from commit c1d1b011)
-
- Jul 09, 2014
-
-
Matt Caswell authored
Based on an original patch by Neitrino Photonov <neitrinoph@gmail.com> PR#3439 (cherry picked from commit 66816c53)
-
Andy Polyakov authored
(cherry picked from commit 1b0fe79f)
-
Andy Polyakov authored
(cherry picked from commit d11c70b2)
-
Andy Polyakov authored
PR: #3424,#3423,#3422 (cherry picked from commit 021e5043)
-
- Jul 07, 2014
-
-
Andy Polyakov authored
(cherry picked from commit c4f8efab)
-