Skip to content
  1. Jul 26, 2016
  2. Jul 22, 2016
  3. Jul 20, 2016
  4. Jul 19, 2016
  5. Jul 18, 2016
  6. Jul 16, 2016
  7. Jul 15, 2016
  8. Jul 08, 2016
  9. Jul 06, 2016
  10. Jul 05, 2016
  11. Jul 01, 2016
    • Matt Caswell's avatar
      Avoid an overflow in constructing the ServerKeyExchange message · 77857ddc
      Matt Caswell authored
      
      
      We calculate the size required for the ServerKeyExchange message and then
      call BUF_MEM_grow_clean() on the buffer. However we fail to take account of
      2 bytes required for the signature algorithm and 2 bytes for the signature
      length, i.e. we could overflow by 4 bytes. In reality this won't happen
      because the buffer is pre-allocated to a large size that means it should be
      big enough anyway.
      
      Addresses an OCAP Audit issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      77857ddc
    • Andy Polyakov's avatar
      SPARC assembly pack: enforce V8+ ABI constraints. · cbffd2d9
      Andy Polyakov authored
      
      
      Even though it's hard to imagine, it turned out that upper half of
      arguments passed to V8+ subroutine can be non-zero.
      
      ["n" pseudo-instructions, such as srln being srl in 32-bit case and
      srlx in 64-bit one, were implemented in binutils 2.10. It's assumed
      that Solaris assembler implemented it around same time, i.e. 2000.]
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      (cherry picked from commit f198cc43)
      cbffd2d9
  12. Jun 30, 2016
  13. Jun 29, 2016
  14. Jun 27, 2016
  15. Jun 26, 2016
  16. Jun 25, 2016
  17. Jun 24, 2016
  18. Jun 23, 2016
  19. Jun 22, 2016
  20. Jun 21, 2016
  21. Jun 20, 2016
  22. Jun 16, 2016