Age | Commit message (Collapse) | Author |
|
- RLE decompression boundary case
- SSL 2.0 key arg length check
Submitted by: Google (Neel Mehta, Bodo Moeller)
|
|
|
|
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_ctrl error handling in s2_srvr.c
|
|
(CVE-2008-5077).
Submitted by: Ben Laurie, Bodo Moeller, Google Security Team
|
|
Fix various "computed value not used" warnings too.
|
|
Include server name and RFC4507bis support.
This is not compiled in by default and must be explicitly enabled with
the Configure option enable-tlsext
|
|
|
|
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
|
|
with the SSL_OP_NO_SSLv2 option.
|
|
|
|
functions and macros.
This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const. Those will be removed when this change has been
properly reviewed.
|
|
Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
|
|
|
|
Submitted by: "Patrick McCormick" <patrick@tellme.com>
PR: 262
PR: 291
|
|
PR: 262
|
|
|
|
|
|
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
|
|
|
|
values really are unsigned
|
|
|
|
call ssl2_part_read again to parse error message
|
|
Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).
|
|
never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions.
|
|
with existing code.
Modify library to use digest *_ex() functions.
|
|
|
|
(The attack against SSL 3.1 and TLS 1.0 is impractical anyway,
otherwise this would be a security relevant patch.)
|
|
missed any.
This compiles and runs on Linux, and external applications have no
problems with it. The definite test will be to build this on VMS.
|
|
the clients choice; in SSLv2 the client uses the server's preferences.
|
|
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages. That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.
This change includes all the name changes needed throughout all C files.
|
|
|
|
|
|
|
|
as a shared library without RSA. Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.
Submitted by: Kris Kennaway <kris@hub.freebsd.org>
Modified by Ulf Möller
|
|
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.
|
|
|
|
|
|
Pointed out by: Janez Jere <jj@void.si>
|
|
While modifying the sources, I found some inconsistencies on the use of
s->cert vs. s->session->sess_cert; I don't know if those could
really have caused problems, but possibly this is a proper bug-fix
and not just a clean-up.
|
|
called sess_cert instead of just cert. This is in preparation of further
changes: Probably often when s->session->sess_cert is used, we should
use s->cert instead; s->session->sess_cert should be a new structure
containing only the stuff that is for just one connection (e.g.
the peer's certificate, which the SSL client implementations currently
store in s->session->[sess_]cert, which is a very confusing thing to do).
Submitted by:
Reviewed by:
PR:
|
|
|
|
|
|
Submitted by:
Reviewed by:
PR:
|
|
Submitted by:
Reviewed by:
PR:
|
|
|
|
|
|
|
|
|
|
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
Fix so that the version number in the master secret, when passed
via RSA, checks that if TLS was proposed, but we roll back to SSLv3
(because the server will not accept higher), that the version number
is 0x03,0x01, not 0x03,0x00
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
Submitted by:
Reviewed by:
PR:
|
|
|