Skip to content
  1. Mar 11, 2015
    • Matt Caswell's avatar
    • Richard Levitte's avatar
      Move Configurations* out of the way and rename them. · 97a0cc52
      Richard Levitte authored
      
      
      Configure would load the glob "Configurations*".  The problem with
      this is that it also loads all kinds of backups of those
      configurations that some editors do, like emacs' classic
      'Configurations~'.  The solution is to give them an extension, such as
      '.conf', and make sure to end the glob with that.
      
      Also, because 'Configurations.conf' makes for a silly name, and
      because a possibly large number of configurations will become clutter,
      move them to a subdirectory 'Configurations/', and rename them to
      something more expressive, as well as something that sets up some form
      of sorting order.  Thus:
      
          Configurations	->	Configurations/10-main.conf
          Configurations.team	->	Configurations/90-team.conf
      
      Finally, make sure that Configure sorts the list of files that 'glob'
      produces, and adapt Makefile.org.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      97a0cc52
    • Matt Caswell's avatar
      Cleanse buffers · c9dd49a7
      Matt Caswell authored
      
      
      Cleanse various intermediate buffers used by the PRF.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      c9dd49a7
  2. Mar 10, 2015
    • Emilia Kasper's avatar
      Harmonize return values in dtls1_buffer_record · 06c6a2b4
      Emilia Kasper authored
      
      
      Ensure all malloc failures return -1.
      
      Reported by Adam Langley (Google).
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      06c6a2b4
    • Richard Godbee's avatar
      BIO_debug_callback: Fix output on 64-bit machines · 460e920d
      Richard Godbee authored
      
      
      BIO_debug_callback() no longer assumes the hexadecimal representation of
      a pointer fits in 8 characters.
      
      Signed-off-by: default avatarRichard Levitte <levitte@openssl.org>
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      460e920d
    • Matt Caswell's avatar
      Prevent handshake with unseeded PRNG · e1b568dd
      Matt Caswell authored
      
      
      Fix security issue where under certain conditions a client can complete a
      handshake with an unseeded PRNG. The conditions are:
      - Client is on a platform where the PRNG has not been seeded, and the
      user has not seeded manually
      - A protocol specific client method version has been used (i.e. not
      SSL_client_methodv23)
      - A ciphersuite is used that does not require additional random data
      from the PRNG beyond the initial ClientHello client random
      (e.g. PSK-RC4-SHA)
      
      If the handshake succeeds then the client random that has been used will
      have been generated from a PRNG with insufficient entropy and therefore
      the output may be predictable.
      
      For example using the following command with an unseeded openssl will
      succeed on an unpatched platform:
      
      openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA
      
      CVE-2015-0285
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      e1b568dd
  3. Mar 09, 2015
  4. Mar 08, 2015
  5. Mar 06, 2015
  6. Mar 05, 2015
  7. Mar 04, 2015
  8. Mar 02, 2015
  9. Mar 01, 2015
    • Rich Salz's avatar
      Remove experimental 56bit export ciphers · a258afaf
      Rich Salz authored
      
      
      These ciphers are removed:
          TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5
          TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5
          TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA
          TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
          TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA
          TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
          TLS1_CK_DHE_DSS_WITH_RC4_128_SHA
      They were defined in a long-expired IETF internet-draft:
      draft-ietf-tls-56-bit-ciphersuites-01.txt
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      a258afaf
  10. Feb 27, 2015
  11. Feb 26, 2015