Skip to content
  1. Sep 22, 2015
  2. Sep 17, 2015
    • Matt Caswell's avatar
      Make sure OPENSSL_cleanse checks for NULL · 9203e92c
      Matt Caswell authored
      
      
      In master we have the function OPENSSL_clear_free(x,y), which immediately
      returns if x == NULL. In <=1.0.2 this function does not exist so we have to
      do:
      OPENSSL_cleanse(x, y);
      OPENSSL_free(x);
      
      However, previously, OPENSSL_cleanse did not check that if x == NULL, so
      the real equivalent check would have to be:
      if (x != NULL)
          OPENSSL_cleanse(x, y);
      OPENSSL_free(x);
      
      It would be easy to get this wrong during cherry-picking to other branches
      and therefore, for safety, it is best to just ensure OPENSSL_cleanse also
      checks for NULL.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit 020d8fc8)
      9203e92c
  3. Sep 16, 2015
  4. Sep 11, 2015
  5. Sep 01, 2015
    • Matt Caswell's avatar
      Fix building with OPENSSL_NO_TLSEXT. · 6ee4fc48
      Matt Caswell authored
      
      
      Builds using no-tlsext in 1.0.0 and 0.9.8 are broken. This commit fixes the
      issue. The same commit is applied to 1.0.1 and 1.0.2 branches for code
      consistency. However this commit will not fix no-tlsext in those branches
      which have always been broken for other reasons. The commit is not applied
      to master at all, because no-tlsext has been completely removed from that
      branch.
      
      Based on a patch by Marc Branchaud <marcnarc@xiplink.com>
      
      Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      (cherry picked from commit 9a931208)
      
      Conflicts:
      	ssl/ssl_sess.c
      6ee4fc48
  6. Aug 31, 2015
  7. Aug 16, 2015
  8. Aug 01, 2015
  9. Jul 31, 2015
  10. Jul 30, 2015
  11. Jul 29, 2015
  12. Jul 13, 2015
  13. Jul 10, 2015
  14. Jul 09, 2015
  15. Jul 06, 2015
  16. Jul 02, 2015
    • Dr. Stephen Henson's avatar
      Fix PSK handling. · 1392c238
      Dr. Stephen Henson authored
      
      
      The PSK identity hint should be stored in the SSL_SESSION structure
      and not in the parent context (which will overwrite values used
      by other SSL structures with the same SSL_CTX).
      
      Use BUF_strndup when copying identity as it may not be null terminated.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      (cherry picked from commit 3c66a669)
      1392c238
  17. Jun 25, 2015
  18. Jun 16, 2015
  19. Jun 11, 2015
  20. Jun 10, 2015
  21. Jun 08, 2015
  22. Jun 04, 2015
    • Matt Caswell's avatar
      Remove misleading comment · bb82db1c
      Matt Caswell authored
      
      
      Remove a comment that suggested further clean up was required.
      DH_free() performs the necessary cleanup.
      
      With thanks to the Open Crypto Audit Project for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit f3d88952)
      bb82db1c
    • Matt Caswell's avatar
      Clean premaster_secret for GOST · 470446db
      Matt Caswell authored
      
      
      Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST.
      
      With thanks to the Open Crypto Audit Project for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit b7ee4815)
      
      Conflicts:
      	ssl/s3_srvr.c
      470446db
    • Matt Caswell's avatar
      Clean Kerberos pre-master secret · 91e64e14
      Matt Caswell authored
      
      
      Ensure the Kerberos pre-master secret has OPENSSL_cleanse called on it.
      
      With thanks to the Open Crypto Audit Project for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit 4e3dbe37)
      91e64e14
    • Matt Caswell's avatar
      Fix off-by-one error in BN_bn2hex · 0d3a7e7c
      Matt Caswell authored
      
      
      A BIGNUM can have the value of -0. The function BN_bn2hex fails to account
      for this and can allocate a buffer one byte too short in the event of -0
      being used, leading to a one byte buffer overrun. All usage within the
      OpenSSL library is considered safe. Any security risk is considered
      negligible.
      
      With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and
      Filip Palian for discovering and reporting this issue.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      (cherry picked from commit c5635307)
      
      Conflicts:
      	crypto/bn/bn_print.c
      0d3a7e7c
  23. Jun 02, 2015