- Nov 20, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
There are lots of calls to EVP functions from within libssl There were various places where we should probably check the return value but don't. This adds these checks. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Use SHA256 for TSA and setted permitted digests to a sensible value. Based on PR#4141 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Based on PR#2145 Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 19, 2015
-
-
Dr. Stephen Henson authored
PR#4141 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- Nov 18, 2015
-
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Nov 17, 2015
-
-
Rich Salz authored
Final part of flushing out SSLEay API's. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
We use the sysconf function to provide details about the page size in the secure memory code. This function can return -1 on error so we should check for this before proceeding. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Matt Caswell authored
A call to X509_verify_cert() is used to build a chain of certs for the server to send back to the client. It isn't *actually* used for verifying the cert at all - just building the chain. Therefore the return value is ignored. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Matt Caswell authored
The |passwd| variable in the code can be NULL if it goes to the err label. Therefore we cannot call strlen on it without first checking that it is non NULL. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
- Nov 16, 2015
-
-
Andy Polyakov authored
The problem remained unnoticed so far, because it's never called by default. You have to craft OPENSSL_ppccap environment variable to trigger the problem. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Andy Polyakov authored
bn/asm/s390x.S: improve performance on z196 and z13 by up to 26%. [even z10 is couple percent faster]. Triggered by RT#4128, but solves the problem by real modulo-scheduling. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
It was also found that stich performs suboptimally on AMD Jaguar, hence execution is limited to XOP-capable and Intel processors. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
- Nov 15, 2015
-
-
Viktor Dukhovni authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Nov 14, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Print certificate details using accessor functions. Since X509_CERT_AUX_print is only used in one place and can't be used by applications (it uses an internal X509_CERT_AUX structure) this has been removed and replaced by a function X509_aux_print which takes an X509 pointer instead. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
This adds a TLSv1.0 cipher alias for ciphersuites requiring at least TLSv1.0: currently only PSK ciphersuites using SHA256 or SHA384 MAC (SSLv3 only supports SHA1 and MD5 MAC). Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
This disables some ciphersuites which aren't supported in SSL v3: specifically PSK ciphersuites which use SHA256 or SHA384 for the MAC. Thanks to the Open Crypto Audit Project for identifying this issue. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 13, 2015
-
-
Nathan Phillip Brink authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Graeme Perrow authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Signed-off-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 11, 2015
-
-
Andy Polyakov authored
Triggered by RT#3989. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 10, 2015
-
-
Matt Caswell authored
The new function SSL_use_certificate_chain_file was always crashing in the internal function use_certificate_chain_file because it would pass a NULL value for SSL_CTX *, but use_certificate_chain_file would unconditionally try to dereference it. Reviewed-by: Stephen Henson <steve@openssl.org>
-
- Nov 09, 2015
-
-
Matt Caswell authored
The function tls1_get_curvelist() has an explicit check to see if s->cert is NULL or not. However the check appears *after* calling the tls1_suiteb macro which derefs s->cert. In reality s->cert can never be NULL because it is created in SSL_new(). If the malloc fails then the SSL_new call fails and no SSL object is created. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
Continuing from previous work standardise use of malloc in the engine code. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Matt Caswell authored
continue on from previous commits but in the apps directory Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Matt Caswell authored
Continuing from previous commit ensure our style is consistent for malloc return checks. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Matt Caswell authored
if we have a malloc |x = OPENSSL_malloc(...)| sometimes we check |x| for NULL and sometimes we treat it as a boolean |if(!x) ...|. Standardise the approach in libssl. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Matt Caswell authored
The SSL object was being deref'd and then there was a later redundant check to see if it is NULL. We assume all SSL_foo functions pass a non NULL SSL object and do not check it. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
./Configure [target] --strict-warnings -Wno-pedantic-ms-format would not add '-pedantic' because it matches '-Wno-pedantic-ms-format', which was added first. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 08, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-