Limit the number of empty records that will be processed consecutively
in order to prevent ssl3_get_record from never returning.
Reported by oftc_must_be_destroyed and George Kadianakis.
0004-empty_record_limit.patch
Description: Binary data
Don't SEGFAULT when trying to export a public DSA key as a private key.
0005-dsa_crash.patch
Description: Binary data
Add volatile qualifications to two blocks of inline asm to stop GCC from
eliminating them as dead code.
Both volatile and memory are used because of some concern that the compiler
may still cache values across the asm block without it, and because this was
such a painful debugging session that I
Ensure that x**0 mod 1 = 0.
0007-exp_zero_mod_one.patch
Description: Binary data
Ensure that, when generating small primes, the result is actually of the
requested size. Fixes OpenSSL #2701.
This change does not address the cases of generating safe primes, or
where the |add| parameter is non-NULL.
0008-small_prime_generation.patch
Description: Binary data
This change saves several EC routines from crashing when an EC_KEY is
missing a public key. The public key is optional in the EC private key
format and, without this patch, running the following through `openssl
ec` causes a crash:
-BEGIN EC PRIVATE KEY-
This patch tweaks the OAEP padding check to be slightly more constant
time and rewrites the PKCS#1 v1.5 padding check to the same end.
0010-constant_time_rsa_padding.patch
Description: Binary data
This change alters the processing of invalid, RSA pre-master secrets so
that bad encryptions are treated like random session keys in constant
time.
0011-premaster_constant_time.patch
Description: Binary data
The Safari browser on OSX versions 10.8 to 10.8.3 advertises support for
several ECDHE-ECDSA ciphers but fails to negotiate them.
When a Safari client connects to an OpenSSL-based server that has the
attached patch (against the master branch) applied, the server will
prefer other mutually
On Wed Feb 01 14:02:51 2012, dominik.oe...@informatik.hu-berlin.de wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
BN_generate_prime_ex can generate prime numbers larger than the
specified bitsize. The problem can be reproduced using the following
commands:
[do@trinity tmp]$
On 4 June 2013 13:49, Adam Langley via RT r...@openssl.org wrote:
This change saves several EC routines from crashing when an EC_KEY is
missing a public key. The public key is optional in the EC private key
format and, without this patch, running the following through `openssl
ec` causes a
On 4 June 2013 13:49, Adam Langley via RT r...@openssl.org wrote:
This change saves several EC routines from crashing when an EC_KEY is
missing a public key. The public key is optional in the EC private key
format and, without this patch, running the following through `openssl
ec` causes a
A tweak to generate keys in a way that will enable the efficient point
compression, described in
http://tools.ietf.org/html/draft-jivsov-ecc-compact.
This request doesn't change any format/API, doesn't introduce
compression, and doesn't lower security.
However, because the method to generate
13 matches
Mail list logo