- 10 May, 2012 6 commits
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333)
-
Dr. Stephen Henson authored
Make sure tkeylen is initialised properly when encrypting CMS messages.
-
- 04 May, 2012 1 commit
-
-
Richard Levitte authored
-
- 23 Apr, 2012 7 commits
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an int in OpenSSL 0.9.8, making it still vulnerable. Fix by rejecting negative len parameter. Thanks to the many people who reported this bug and to Tomas Hoger <thoger@redhat.com> for supplying the fix.
-
- 22 Apr, 2012 2 commits
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- 19 Apr, 2012 5 commits
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
-
- 15 Apr, 2012 1 commit
-
-
Dr. Stephen Henson authored
-
- 31 Mar, 2012 1 commit
-
-
Dr. Stephen Henson authored
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com> Time is always encoded as 4 bytes, not sizeof(Time).
-
- 18 Mar, 2012 1 commit
-
-
Dr. Stephen Henson authored
the old code came from SSLeay days before TLS was even supported.
-
- 12 Mar, 2012 8 commits
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
continue with symmetric decryption process to avoid leaking timing information to an attacker. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this issue. (CVE-2012-0884)
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- 09 Mar, 2012 1 commit
-
-
Dr. Stephen Henson authored
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix DTLS timeout handling.
-
- 08 Mar, 2012 1 commit
-
-
Dr. Stephen Henson authored
-
- 07 Mar, 2012 1 commit
-
-
Dr. Stephen Henson authored
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reduce MTU after failed transmissions. [0.9.8 version of patch]
-
- 06 Mar, 2012 5 commits
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reduce MTU after failed transmissions.
-
Dr. Stephen Henson authored
Fix inverted range problem in RFC3779 code. Thanks to Andrew Chi for generating test cases for this bug. [from HEAD]
-
Dr. Stephen Henson authored
-