- 22 Jan, 2015 18 commits
-
-
Matt Caswell authored
Reviewed-by:Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
Reviewed-by: -
Andy Polyakov authored
Conflicts: crypto/cryptlib.c Reviewed-by: -
Andy Polyakov authored
Conflicts: crypto/bn/bntest.c Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Conflicts: apps/speed.c Conflicts: apps/speed.c Conflicts: apps/speed.c Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Dr. Stephen Henson authored
Don't use double newline for headers. Don't interpret ASN1_PCTX as start of an ASN.1 module. Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Tim Hudson authored
available. Script written by Tim Hudson, with amendments by Steve Henson, Rich Salz and Matt Caswell Reviewed-by:Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Conflicts: apps/ciphers.c ssl/s3_pkt.c Conflicts: crypto/ec/ec_curve.c Conflicts: crypto/ec/ec_curve.c ssl/s3_clnt.c ssl/s3_srvr.c ssl/ssl_sess.c Conflicts: apps/ciphers.c crypto/bn/bn.h crypto/ec/ec_curve.c ssl/t1_enc.c ssl/t1_lib.c Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5) Conflicts: crypto/x509v3/pcy_tree.c Conflicts: apps/apps.c ssl/ssltest.c Conflicts: apps/apps.c crypto/ec/ec2_oct.c crypto/ec/ecp_nistp224.c crypto/ec/ecp_nistp256.c crypto/ec/ecp_nistp521.c ssl/s3_cbc.c ssl/ssl_sess.c ssl/t1_lib.c Conflicts: crypto/bio/b_sock.c crypto/pem/pem.h crypto/x509/x509_vfy.c crypto/x509v3/pcy_tree.c ssl/s3_both.c Reviewed-by: -
Tim Hudson authored
indent will not alter them when reformatting comments (cherry picked from commit 1d97c843 ) Conflicts: crypto/bn/bn_lcl.h crypto/bn/bn_prime.c crypto/engine/eng_all.c crypto/rc4/rc4_utl.c crypto/sha/sha.h ssl/kssl.c ssl/t1_lib.c Conflicts: crypto/rc4/rc4_enc.c crypto/x509v3/v3_scts.c crypto/x509v3/v3nametest.c ssl/d1_both.c ssl/s3_srvr.c ssl/ssl.h ssl/ssl_locl.h ssl/ssltest.c ssl/t1_lib.c Conflicts: crypto/asn1/a_sign.c crypto/bn/bn_div.c crypto/dsa/dsa_asn1.c crypto/ec/ecp_nistp224.c crypto/ec/ecp_nistp256.c crypto/ec/ecp_nistp521.c crypto/ec/ecp_nistputil.c crypto/modes/gcm128.c crypto/opensslv.h ssl/d1_both.c ssl/heartbeat_test.c ssl/s3_clnt.c ssl/s3_srvr.c ssl/ssl_sess.c ssl/t1_lib.c test/testutil.h Conflicts: apps/openssl.c apps/ts.c apps/vms_decc_init.c crypto/aes/aes_core.c crypto/aes/aes_x86core.c crypto/dsa/dsa_ameth.c crypto/ec/ec2_mult.c crypto/evp/evp.h crypto/objects/objects.h crypto/rsa/rsa_pss.c crypto/stack/safestack.h crypto/ts/ts.h crypto/ts/ts_rsp_verify.c crypto/whrlpool/wp_dgst.c crypto/x509v3/v3_ncons.c e_os2.h engines/ccgost/gost89.c engines/ccgost/gost_ctl.c engines/ccgost/gost_keywrap.c engines/ccgost/gost_keywrap.h engines/ccgost/gost_sign.c ssl/kssl.c ssl/s3_srvr.c Reviewed-by:
-
- 15 Jan, 2015 4 commits
-
-
Matt Caswell authored
Reviewed-by:Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by:
-
- 13 Jan, 2015 3 commits
-
-
Matt Caswell authored
This warning breaks the build in 1.0.0 and 0.9.8 Reviewed-by:
Andy Polyakov <appro@openssl.org> (cherry picked from commit b1ffc6ca)
-
Matt Caswell authored
Reviewed-by:
-
Dr. Stephen Henson authored
Windows 8 SDKs complain that GetVersion() is deprecated. We only use GetVersion like this: (GetVersion() < 0x80000000) which checks if the Windows version is NT based. Use a macro check_winnt() which uses GetVersion() on older SDK versions and true otherwise. (cherry picked from commit a4cc3c80 ) Conflicts: apps/apps.c crypto/bio/bss_log.c Backported by Matt Caswell <matt@openssl.org> Reviewed-by:
Tim Hudson <tjh@openss.org>
-
- 09 Jan, 2015 2 commits
-
-
Matt Caswell authored
Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
- 08 Jan, 2015 8 commits
-
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by:
-
Dr. Stephen Henson authored
Fix typo in ssl3_get_cert_verify: we can only skip certificate verify message if certificate is absent. NB: OpenSSL 0.9.8 is NOT vulnerable to CVE-2015-0205 as it doesn't support DH certificates and this typo prohibits skipping of certificate verify message for sign only certificates anyway. Reviewed-by: -
Matt Caswell authored
of the crash due to p being NULL. Steve's fix prevents this situation from occuring - however this is by no means obvious by looking at the code for dtls1_get_record. This fix just makes things look a bit more sane. Conflicts: ssl/d1_pkt.c Reviewed-by: -
Dr. Stephen Henson authored
separate reads performed - one for the header and one for the body of the handshake record. CVE-2014-3571 Reviewed-by: -
Andy Polyakov authored
Reviewed-by:Emilia Kasper <emilia@openssl.org> (cherry picked from commit e793809ba50c1e90ab592fb640a856168e50f3de)
-
- 07 Jan, 2015 1 commit
-
-
Dr. Stephen Henson authored
Reviewed-by:
-
- 06 Jan, 2015 3 commits
-
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
OpenSSL clients would tolerate temporary RSA keys in non-export ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which enabled this server side. Remove both options as they are a protocol violation. Thanks to Karthikeyan Bhargavan for reporting this issue. (CVE-2015-0204) Reviewed-by:
-
- 05 Jan, 2015 1 commit
-
-
Dr. Stephen Henson authored
Fix bug where an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2014-3572 Reviewed-by:
-
