Skip to content
  1. Jul 01, 2016
    • Matt Caswell's avatar
      Avoid an overflow in constructing the ServerKeyExchange message · 77857ddc
      Matt Caswell authored
      
      
      We calculate the size required for the ServerKeyExchange message and then
      call BUF_MEM_grow_clean() on the buffer. However we fail to take account of
      2 bytes required for the signature algorithm and 2 bytes for the signature
      length, i.e. we could overflow by 4 bytes. In reality this won't happen
      because the buffer is pre-allocated to a large size that means it should be
      big enough anyway.
      
      Addresses an OCAP Audit issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      77857ddc
    • Andy Polyakov's avatar
      SPARC assembly pack: enforce V8+ ABI constraints. · cbffd2d9
      Andy Polyakov authored
      
      
      Even though it's hard to imagine, it turned out that upper half of
      arguments passed to V8+ subroutine can be non-zero.
      
      ["n" pseudo-instructions, such as srln being srl in 32-bit case and
      srlx in 64-bit one, were implemented in binutils 2.10. It's assumed
      that Solaris assembler implemented it around same time, i.e. 2000.]
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      (cherry picked from commit f198cc43)
      cbffd2d9
  2. Jun 30, 2016
  3. Jun 29, 2016
  4. Jun 27, 2016
  5. Jun 26, 2016
  6. Jun 25, 2016
  7. Jun 24, 2016
  8. Jun 23, 2016
  9. Jun 22, 2016
  10. Jun 21, 2016
  11. Jun 20, 2016
  12. Jun 16, 2016
  13. Jun 15, 2016
  14. Jun 14, 2016
  15. Jun 13, 2016
  16. Jun 12, 2016
  17. Jun 10, 2016
  18. Jun 07, 2016