Skip to content
  1. Sep 25, 2014
  2. Sep 24, 2014
  3. Sep 21, 2014
  4. Sep 10, 2014
  5. Sep 08, 2014
  6. Sep 05, 2014
    • Adam Langley's avatar
      psk_client_callback, 128-byte id bug. · 13ce52be
      Adam Langley authored
      
      
      Fix a bug in handling of 128 byte long PSK identity in
      psk_client_callback.
      
      OpenSSL supports PSK identities of up to (and including) 128 bytes in
      length. PSK identity is obtained via the psk_client_callback,
      implementors of which are expected to provide a NULL-terminated
      identity. However, the callback is invoked with only 128 bytes of
      storage thus making it impossible to return a 128 byte long identity and
      the required additional NULL byte.
      
      This CL fixes the issue by passing in a 129 byte long buffer into the
      psk_client_callback. As a safety precaution, this CL also zeroes out the
      buffer before passing it into the callback, uses strnlen for obtaining
      the length of the identity returned by the callback, and aborts the
      handshake if the identity (without the NULL terminator) is longer than
      128 bytes.
      
      (Original patch amended to achieve strnlen in a different way.)
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit be0d8517)
      13ce52be
  7. Sep 04, 2014
  8. Sep 03, 2014
  9. Sep 02, 2014
  10. Aug 30, 2014
  11. Aug 29, 2014
  12. Aug 28, 2014
  13. Aug 27, 2014
  14. Aug 26, 2014
  15. Aug 25, 2014
  16. Aug 24, 2014
  17. Aug 22, 2014
  18. Aug 21, 2014
  19. Aug 19, 2014
  20. Aug 15, 2014
  21. Aug 13, 2014
  22. Aug 12, 2014
  23. Aug 08, 2014
    • Dr. Stephen Henson's avatar
      Fix SRP authentication ciphersuites. · 30fbe92c
      Dr. Stephen Henson authored
      
      
      The addition of SRP authentication needs to be checked in various places
      to work properly. Specifically:
      
      A certificate is not sent.
      A certificate request must not be sent.
      Server key exchange message must not contain a signature.
      If appropriate SRP authentication ciphersuites should be chosen.
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      (cherry picked from commit 8f5a8805b82d1ae81168b11b7f1506db9e047dec)
      
      Conflicts:
      
      	ssl/s3_clnt.c
      	ssl/s3_lib.c
      30fbe92c