- Jul 06, 2015
-
-
Dr. Stephen Henson authored
In CCM mode don't require a tag before initialising decrypt: this allows the tag length to be set without requiring the tag. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 9cca7be1)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 5727582c)
-
- Jul 02, 2015
-
-
Dr. Stephen Henson authored
The PSK identity hint should be stored in the SSL_SESSION structure and not in the parent context (which will overwrite values used by other SSL structures with the same SSL_CTX). Use BUF_strndup when copying identity as it may not be null terminated. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Jun 29, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 5fced239)
-
- Jun 25, 2015
-
-
Dr. Stephen Henson authored
PR#3923 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit ffbf304d)
-
- Jun 24, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 77672802)
-
- Jun 23, 2015
-
-
Vitezslav Cizek authored
Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rich Salz authored
Found by Kurt Cancemi (Manual cherry-pick of f8e427154bbc0c33f29fa7aad001b1b655e5995b) Reviewed-by: Matt Caswell <matt@openssl.org>
-
Russell Webb authored
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 2d540402)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
A small rearrangement so the inclusion of rsaz_exp.h would be unconditional, but what that header defines becomes conditional. This solves the weirdness where rsaz_exp.h gets in and out of the dependency list for bn_exp.c, depending on the present architecture. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Typo in local variable name; introduced by previous fix. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit cc3f3fc2)
-
- Jun 22, 2015
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 75ba5c58)
-
- Jun 21, 2015
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 7fba8407)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 8ca96efd)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit d62c98c8)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 96462695)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 7a1789d2)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit f4c73bfe) Conflicts: crypto/threads/mttest.c
-
Richard Levitte authored
More fprintf()s and printf()s to turn into BIO calls. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Construct bio_err and bio_stdout from file handles instead of FILE pointers, since the latter might not be implemented (when OPENSSL_NO_STDIO is defined). Convert all output to use BIO_printf. Change lh_foo to lh_SSL_SESSION_foo. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit bb8abd67) Conflicts: crypto/threads/mttest.c
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 5c78e183) Conflicts: crypto/threads/mttest.c
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit a3f92865)
-
Rich Salz authored
Backport to 1.0.1 and 1.0.2 to fix RT 3905 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jun 20, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit bc9567cd)
-
- Jun 16, 2015
-
-
Richard Levitte authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit b4f0d1a4)
-
Richard Levitte authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 30cf9178)
-
- Jun 12, 2015
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Adam Langley authored
It is valid for an extension block to be present in a ClientHello, but to be of zero length. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Recent HMAC changes broke ABI compatibility due to a new field in HMAC_CTX. This backs that change out, and does it a different way. Thanks to Timo Teras for the concept. Conflicts: crypto/hmac/hmac.c Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jun 11, 2015
-
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Andy Polyakov authored
CVE-2015-1788 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 4924b37e)
-
Matt Caswell authored
Updates to CHANGES and NEWS to take account of the latest security fixes. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
CVE-2015-1790 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
Also tighten X509_cmp_time to reject more than three fractional seconds in the time; and to reject trailing garbage after the offset. CVE-2015-1789 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Fix loop in do_free_upto if cmsbio is NULL: this will happen when attempting to verify and a digest is not recognised. Reported by Johannes Bauer. CVE-2015-1792 Reviewed-by: Matt Caswell <matt@openssl.org>
-