- Sep 29, 2014
-
-
Dr. Stephen Henson authored
Reencode DigestInto in DER and check against the original: this will reject any improperly encoded DigestInfo structures. Note: this is a precautionary measure, there is no known attack which can exploit this. Thanks to Brian Smith for reporting this issue. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Sep 25, 2014
-
-
Rich Salz authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Rich Salz authored
Also add comment to Configure reminding people to do that. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Emilia Kasper authored
Accidentally omitted from commit 455b65df Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
- Sep 24, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
RT: 3541 Reviewed-by: Emilia Kasper <emilia@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rich Salz authored
The following #ifdef tests were all removed: __MWERKS__ MAC_OS_pre_X MAC_OS_GUSI_SOURCE MAC_OS_pre_X OPENSSL_SYS_MACINTOSH_CLASSIC OPENSSL_SYS_MACOSX_RHAPSODY Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Emilia Kasper authored
Do the final padding check in EVP_DecryptFinal_ex in constant time to avoid a timing leak from padding failure. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
(Original commit adb46dbc ) Use the new constant-time methods consistently in s3_srvr.c Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Emilia Kasper authored
Also tweak s3_cbc.c to use new constant-time methods. Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1 This patch is based on the original RT submission by Adam Langley <agl@chromium.org>, as well as code from BoringSSL and OpenSSL. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
- Sep 23, 2014
-
-
Emilia Kasper authored
Sync libeay.num from 1.0.2 Reviewed-by: Dr Stephen Henson <steve@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit e9128d94)
-
Andy Polyakov authored
Reviewed-by: Bodo Moeller <bodo@openssl.org>
-
- Sep 21, 2014
-
-
Andy Polyakov authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Tim Hudson authored
that fixed PR#3450 where an existing cast masked an issue when i was changed from int to long in that commit Picked up on z/linux (s390) where sizeof(int)!=sizeof(long) Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Sep 20, 2014
-
-
Andy Polyakov authored
RT: 3333,3165 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Sep 19, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Rich Salz authored
Document the new features Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Sep 18, 2014
-
-
Jake Goulding authored
GetDIBits has been around since Windows2000 and BitBitmapBits is an old Win16 compatibility function that is much slower. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Sep 11, 2014
-
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
RT: 3149 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
RT: 3149 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Submitted by Shay Gueron, Intel Corp. RT: 3149 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Move the readdir() lines out of the if statement, so that flist is available globally. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Sep 10, 2014
-
-
Rich Salz authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Rich Salz authored
If we don't find a signer in the internal list, then fall through and look at the internal list; don't just return NULL. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Sep 09, 2014
-
-
Rich Salz authored
Say where to email bug reports. Mention general RT tracker info in a separate paragraph. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
This is funny; Ben commented in the source, Matt opend a ticket, and Rich is doing the submit. Need more code-review? :) Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Rich Salz authored
Previous commit was reviewed by Geoff, not Stephen: Reviewed-by: Geoff Thorpe <geoff@openssl.org>
-
Rich Salz authored
For portability don't use "if ! expr" Reviewed-by: Geoff Thorpe <geoff@openssl.org>
-
Rich Salz authored
For portability don't use "if ! expr" Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Geoff Keating authored
When calling X509_set_version to set v1 certificate, that should mean that the version number field is omitted. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Kurt Cancemi authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Sep 08, 2014
-
-
Paul Suhler authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Kurt Roeckx authored
This is a more comprehensive fix. It changes all keygen apps to use 2K keys. It also changes the default to use SHA256 not SHA1. This is from Kurt's upstream Debian changes. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Rich Salz authored
For consistency. Reviewed-by: Bodo Moeller <bodo@openssl.org>
-
Matthias Andree authored
In addition to Matthias's change, I also added -n to not remove links. And updated the manpage. Reviewed-by: Tim Hudson <tjh@openssl.org>
-