- Apr 20, 2015
-
-
Andy Polyakov authored
Reviewed-by:Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by:Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by:Andy Polyakov <appro@openssl.org>
-
Rich Salz authored
Reviewed-by:
-
- Apr 18, 2015
-
-
Dr. Stephen Henson authored
Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as negative. Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and Hanno Böck <hanno@hboeck.de> for reporting this issue. Reviewed-by:
-
- Apr 17, 2015
-
-
Emilia Kasper authored
A 0-length ciphers list is never permitted. The old code only used to reject an empty ciphers list for connections with a session ID. It would later error out on a NULL structure, so this change just moves the alert closer to the problem source. Reviewed-by: -
Emilia Kasper authored
The disabled set of -Weverything is hard to maintain across versions. Use -Wall -Wextra but also document other useful warnings that currently trigger. Reviewed-by: -
Viktor Dukhovni authored
Reviewed-by:
-
- Apr 16, 2015
-
-
Viktor Dukhovni authored
Reviewed-by:Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
ssl_cert_inst was removed in 2c382349 Reviewed-by:
Dr. Stephen Henson <steve@openssl.org>
-
Dr. Stephen Henson authored
Reported by Hanno Böck <hanno@hboeck.de> Reviewed-by: -
Dr. Stephen Henson authored
Reported by Hanno Böck <hanno@hboeck.de> PR#3800 Reviewed-by:
-
- Apr 15, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: -
Dr. Stephen Henson authored
Reviewed-by: -
Emilia Kasper authored
newsig may be used (freed) uninitialized on a malloc error. Reviewed-by:
-
- Apr 14, 2015
-
-
Matt Caswell authored
If OpenSSL is configured with no-tlsext then ssl_get_prev_session can read past the end of the ClientHello message if the session_id length in the ClientHello is invalid. This should not cause any security issues since the underlying buffer is 16k in size. It should never be possible to overrun by that many bytes. This is probably made redundant by the previous commit - but you can never be too careful. With thanks to Qinghao Tang for reporting this issue. Reviewed-by: -
Matt Caswell authored
The ClientHello processing is insufficiently rigorous in its checks to make sure that we don't read past the end of the message. This does not have security implications due to the size of the underlying buffer - but still needs to be fixed. With thanks to Qinghao Tang for reporting this issue. Reviewed-by:
-
- Apr 11, 2015
-
-
Rich Salz authored
Ongoing work to skip NULL check before calling free routine. This gets: ecp_nistz256_pre_comp_free nistp224_pre_comp_free nistp256_pre_comp_free nistp521_pre_comp_free PKCS7_free PKCS7_RECIP_INFO_free PKCS7_SIGNER_INFO_free sk_PKCS7_pop_free PKCS8_PRIV_KEY_INFO_free PKCS12_free PKCS12_SAFEBAG_free PKCS12_free sk_PKCS12_SAFEBAG_pop_free SSL_CONF_CTX_free SSL_CTX_free SSL_SESSION_free SSL_free ssl_cert_free ssl_sess_cert_free Reviewed-by:Kurt Roeckx <kurt@openssl.org>
-
Rich Salz authored
It should have freed them when != NULL, not when == NULL. Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
Viktor Dukhovni <openssl-users@dukhovni.org>
-
Kurt Roeckx authored
It would set gen->d.dirn to a freed pointer in case X509V3_NAME_from_section failed. Reviewed-by: -
Kurt Roeckx authored
Reviewed-by: -
Rich Salz authored
Avoid checking for NULL before calling free functions. This gets ssl.*free: ssl_sess_cert_free ssl_free ssl_excert_free ssl_cert_free SSL_free SSL_SRP_CTX_free SSL_SESSION_free SSL_CTX_free SSL_CTX_SRP_CTX_free SSL_CONF_CTX_free Reviewed-by:
-
- Apr 10, 2015
-
-
Kurt Cancemi authored
PR#3790 Reviewed-by:
-
Dr. Stephen Henson authored
While *pval is usually a pointer in rare circumstances it can be a long value. One some platforms (e.g. WIN64) where sizeof(long) < sizeof(ASN1_VALUE *) this will write past the field. *pval is initialised correctly in the rest of ASN1_item_ex_new so setting it to NULL is unecessary anyway. Thanks to Julien Kauffmann for reporting this issue. Reviewed-by: -
Dr. Stephen Henson authored
Reviewed-by: -
Dr. Stephen Henson authored
PR#3789 Reviewed-by: -
Viktor Dukhovni authored
No need for here documents, just use "yes" or </dev/null. No need for "|| exit 1" clauses, just use "set -e". Reviewed-by:
-
Rich Salz authored
Fix commit 30f54ad2 which used non-portable syntax for checking exit status. Reviewed-by:
-
Matt Caswell authored
Fix a "&" that should have been "!" when processing read_ahead. RT#3793 Reviewed-by:
-
Rich Salz authored
Removed commented-out tests Standardize on doing cmd ... || exit 1 instead of cmd ... if [ $? != 0] ; then exit 1 fi where that if statement has ben one, three, or four lines, variously. Reviewed-by:
-
- Apr 08, 2015
-
-
Richard Levitte authored
Since source reformat, we ended up with some error reason string definitions that spanned two lines. That in itself is fine, but we sometimes edited them to provide better strings than what could be automatically determined from the reason macro, for example: {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"}, However, mkerr.pl didn't treat those two-line definitions right, and they ended up being retranslated to whatever the macro name would indicate, for example: {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "No gost certificate sent by peer"}, Clearly not what we wanted. This change fixes this problem. Reviewed-by: -
Rich Salz authored
Remove CA.sh script and use CA.pl for testing, etc. Reviewed-by: -
Rich Salz authored
Output a consistent "start" marker for each test. Remove "2>/dev/null" from Makefile command lines. Add OPENSSL_CONFIG=/dev/null for places where it's needed, in order to suppress a warning message from the openssl CLI. Reviewed-by: -
Richard Levitte authored
Reviewed-by:
-
- Apr 04, 2015
-
-
Richard Levitte authored
The macros BSWAP4 and BSWAP8 have statetemnt expressions implementations that use local variable names that shadow variables outside the macro call, generating warnings like this e_aes_cbc_hmac_sha1.c:263:14: warning: declaration shadows a local variable [-Wshadow] seqnum = BSWAP8(blocks[0].q[0]); ^ ../modes/modes_lcl.h:41:29: note: expanded from macro 'BSWAP8' ^ e_aes_cbc_hmac_sha1.c:223:12: note: previous declaration is here size_t ret = 0; ^ Have clang be quiet by modifying the macro variable names slightly (suffixing them with an underscore). Reviewed-by: -
Richard Levitte authored
We use GNU statement expressions in crypto/md32_common.h, surrounded by checks that GNU C is indeed used to compile. It seems that clang, at least on Linux, pretends to be GNU C, therefore finds the statement expressions and then warns about them. The solution is to have clang be quiet about it. Reviewed-by: -
Richard Levitte authored
ebcdic.c:284:7: warning: ISO C requires a translation unit to contain at least one declaration [-Wempty-translation-unit] ^ 1 warning generated. Reviewed-by:
-
