openssl

History

Dr. Stephen Henson 966fe81f9b Fix SRP buffer overrun vulnerability.

Invalid parameters passed to the SRP code can be overrun an internal
buffer. Add sanity check that g, A, B < N to SRP code.

Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
Group for reporting this issue.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>

2014-08-06 20:27:51 +01:00

.cvsignore

Ignorance.

2011-11-14 02:42:26 +00:00

Makefile

make update

2014-01-06 13:33:27 +00:00

srp_grps.h

srp/srp_grps.h: make it Compaq C-friendly.

2013-11-12 22:20:45 +01:00

srp_lcl.h

Add SRP.

2011-03-16 11:26:40 +00:00

srp_lib.c

Fix SRP buffer overrun vulnerability.

2014-08-06 20:27:51 +01:00

srp_vfy.c

- fix coverity issues 966593-966596

2014-05-06 00:07:34 +01:00

srp.h

Add SRP.

2011-03-16 11:26:40 +00:00

srptest.c

Add SRP.

2011-03-16 11:26:40 +00:00