- Jun 05, 2014
-
-
Matt Caswell authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Jun 03, 2014
-
-
Dr. Stephen Henson authored
Check session_cert is not NULL before dereferencing it.
-
Dr. Stephen Henson authored
Unnecessary recursion when receiving a DTLS hello request can be used to crash a DTLS client. Fixed by handling DTLS hello request without recursion. Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
-
Dr. Stephen Henson authored
Return a fatal error if an attempt is made to use a zero length master secret.
-
Dr. Stephen Henson authored
Only accept change cipher spec when it is expected instead of at any time. This prevents premature setting of session keys before the master secret is determined which an attacker could use as a MITM attack. Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue and providing the initial fix this patch is based on.
-
Dr. Stephen Henson authored
A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Fixed by adding consistency check for DTLS fragments. Thanks to Jüri Aedla for reporting this issue.
-
- Jun 02, 2014
-
-
zhu qun-ying authored
PR#3286 (cherry picked from commit 71e95000afb2227fe5cac1c79ae884338bcd8d0b)
-
Andy Polyakov authored
PR: 2678 Submitted by: Annie Yousar (cherry picked from commit d572544a)
-
Sami Farin authored
PR#3302 (cherry picked from commit 9717f01951f976f76dd40a38d9fc7307057fa4c4)
-
- Jun 01, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit 3009244d)
-
David Ramos authored
Make sure there is an extra 4 bytes for server done message when NETSCAPE_HANG_BUG is defined. PR#3361 (cherry picked from commit 673c42b2)
-
- May 29, 2014
-
-
Ben Laurie authored
(cherry picked from commit 989d87cb)
-
Dr. Stephen Henson authored
PR#3249 (cherry picked from commit 8909bf20269035d295743fca559207ef2eb84eb3)
-
František Bořánek authored
PR#3278 (cherry picked from commit de56fe797081fc09ebd1add06d6e2df42a324fd5)
-
- May 27, 2014
-
-
Peter Mosmans authored
-
- May 25, 2014
-
-
Matt Caswell authored
-
- May 24, 2014
-
-
Matt Caswell authored
-
- May 21, 2014
-
-
Dr. Stephen Henson authored
Use triple DES for certificate encryption if no-rc2 is specified. PR#3357 (cherry picked from commit 03b5b78c)
-
Dr. Stephen Henson authored
PR#3357 (cherry picked from commit ca3ffd9670f2b589bf8cc04923f953e06d6fbc58) Conflicts: doc/apps/smime.pod
-
- May 15, 2014
-
-
Matt Caswell authored
-
- May 14, 2014
-
-
Jeffrey Walton authored
-
Jeffrey Walton authored
-
Michal Bozon authored
-
- May 12, 2014
-
-
Kurt Roeckx authored
-
- May 11, 2014
-
-
Günther Noack authored
PR: 3317
-
Viktor Dukhovni authored
-
Tim Hudson authored
-
- May 08, 2014
-
-
Dr. Stephen Henson authored
If the key type does not match any CMS recipient type return an error instead of using a random key (MMA mitigation). This does not leak any useful information to an attacker. PR#3348 (cherry picked from commit 83a3182e0560f76548f4378325393461f6275493)
-
- May 06, 2014
-
-
Geoff Thorpe authored
This patch resolves RT ticket #2608. Thanks to Robert Dugal for originally spotting this, and to David Ramos for noticing that the ball had been dropped. Signed-off-by: Geoff Thorpe <geoff@openssl.org>
-
Geoff Thorpe authored
The lazy-initialisation of BN_MONT_CTX was serialising all threads, as noted by Daniel Sands and co at Sandia. This was to handle the case that 2 or more threads race to lazy-init the same context, but stunted all scalability in the case where 2 or more threads are doing unrelated things! We favour the latter case by punishing the former. The init work gets done by each thread that finds the context to be uninitialised, and we then lock the "set" logic after that work is done - the winning thread's work gets used, the losing threads throw away what they've done. Signed-off-by: Geoff Thorpe <geoff@openssl.org>
-
Dr. Stephen Henson authored
PR#3289 PR#3345 (cherry picked from commit 3ba1e406)
-
Dr. Stephen Henson authored
(cherry picked from commit 9c5d953a)
-
- Apr 24, 2014
-
-
Steve Marquess authored
(cherry picked from commit 351f0a124bffaa94d2a8abdec2e7dde5ae9c457d)
-
- Apr 11, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit 3143a332)
-
- Apr 09, 2014
-
-
Dr. Stephen Henson authored
Keep copy of any host, path and port values allocated by OCSP_parse_url and free as necessary. (cherry picked from commit 5219d3dd)
-
- Apr 04, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit 6cc00684)
-
Dr. Stephen Henson authored
Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in the openssl utility. Thanks to Rob Mackinnon, Leviathan Security for reporting this issue. (cherry picked from commit 7ba08a4d)
-