- Aug 24, 2016
-
-
Andy Polyakov authored
Addition was not preserving inputs' property of being fully reduced. Thanks to Brian Smith for reporting this. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Thanks to David Benjamin for reporting this. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
The declaration of bio_type_lock is independent of no-sock so should not be inside OPENSSL_NO_SOCK guards. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Aug 23, 2016
-
-
Dr. Stephen Henson authored
If a ticket callback changes the HMAC digest to SHA512 the existing sanity checks are not sufficient and an attacker could perform a DoS attack with a malformed ticket. Add additional checks based on HMAC size. Thanks to Shi Lei for reporting this bug. CVE-2016-6302 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Andy Polyakov authored
Test doesn't work on Windows with non-Greek locale, because of Win32 perl[!] limitation, not OpenSSL. For example it passes on Cygwin and MSYS... Reviewed-by: Matt Caswell <matt@openssl.org>
-
David Benjamin authored
The bound on log(2)/3 on the second line is incorrect and has an extra zero compared to the divisions in the third line. log(2)/3 = 0.10034... which is bounded by 0.101 and not 0.1001. The divisions actually correspond to 0.101 which is fine. The third line also dropped a factor of three. The actual code appears to be fine. Just the comments are wrong. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rob Percival authored
This makes it consistent with all of the other SCT setters. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rob Percival authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rob Percival authored
They may return if an SCT_signature struct is added in the future that allows them to be refactored to conform to the i2d/d2i function signature conventions. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rob Percival authored
Previously, if ct_v1_log_id_from_pkey failed, public_key would be freed by CTLOG_free at the end of the function, and then again by the caller (who would assume ownership was not transferred when CTLOG_new returned NULL). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rob Percival authored
SCT_verify is impossible to call through the public API (SCT_CTX_new() is not part of the public API), so rename it to SCT_CTX_verify and move it out of the public API. SCT_verify_v1 is redundant, since SCT_validate does the same verification (by calling SCT_verify) and more. The API is less confusing with a single verification function (SCT_validate). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Kurt Roeckx authored
This is a new minimal corpus with the following changes: - asn1: files: 1135 (+474), tuples: 27236 (+7496) - asn1parse: files: 305 (-3), tuples: 8758 (+11) - bignum: files: 370 (-1), tuples: 9547 (+10) - bndiv: files: 160 (+0), tuples: 2416 (+6) - cms: files: 155 (-1), tuples: 3408 (+0) - conf: files: 231 (-11), tuples: 4668 (+3) - crl: files: 905 (+188), tuples: 22876 (+4096) - ct: files: 117 (+35), tuples: 3557 (+908) - x509: files: 920, tuples: 28334 Note that tuple count depends on the binary and is random. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
FdaSilvaYY authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
FdaSilvaYY authored
ASN1_buf_print, asn1_print_*, X509_NAME_oneline, X509_NAME_print Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
FdaSilvaYY authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
FdaSilvaYY authored
remove useless cast to call ASN1_STRING_set Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
FdaSilvaYY authored
... add a static keyword. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
There was a block of code at the start that used the Camellia cipher. The original idea behind this was to fill the buffer with non-zero data so that oversteps can be detected. However this block failed when using no-camellia. This has been replaced with a RAND_bytes() call. I also updated the the CTR test section, since it seems to be using a CBC cipher instead of a CTR cipher. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Aug 22, 2016
-
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
The assignment to ret is dead, because ret is assigned again later. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
If it's negative don't try and malloc it. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
Otherwise we try to malloc a -1 size. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
Ensure BN_CTX_get() has been successful Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
The mem pointed to by cAB can be leaked on an error path. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
The mem pointed to by cAB can be leaked on an error path. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
The mem pointed to by tmp can be leaked on an error path. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
Sometimes it is called with a NULL pointer Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
Don't leak pke_ctx on error. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Kurt Roeckx authored
Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1472
-
FdaSilvaYY authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1471
-
Matt Caswell authored
The PKCS12 command line utility is not available if no-des is used. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Also, re-organize RSA check to use goto err. Add a test case. Try all checks, not just stopping at first (via Richard Levitte) Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Kazuki Yamaguchi authored
The variable 'buffer', allocated by EC_POINT_point2buf(), isn't free'd on the success path. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Kazuki Yamaguchi authored
Declare EC{PK,}PARAMETERS_{new,free} functions in public headers. The free functions are necessary because EC_GROUP_get_ec{pk,}parameters() was made public by commit 60b350a3 ("RT3676: Expose ECgroup i2d functions"). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
FdaSilvaYY authored
Code was relying on an implicit data-sharing through duplication of loopargs_t pointer-members made by ASYNC_start_job(). Now share structure address instead of structure content. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
The following would fail, or rather, freeze: openssl genrsa -out rsa2048.pem 2048 openssl req -x509 -key rsa2048.pem -keyform PEM -out cert.pem In that case, the second command wants to read a certificate request from stdin, because -x509 wasn't fully flagged as being for creating something new. This changes makes it fully flagged. RT#4655 Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Andy Polyakov authored
Original strategy for page-walking was adjust stack pointer and then touch pages in order. This kind of asks for double-fault, because if touch fails, then signal will be delivered to frame above adjusted stack pointer. But touching pages prior adjusting stack pointer would upset valgrind. As compromise let's adjust stack pointer in pages, touching top of the stack. This still asks for double-fault, but at least prevents corruption of neighbour stack if allocation is to overstep the guard page. Also omit predict-non-taken hints as they reportedly trigger illegal instructions in some VM setups. Reviewed-by: Richard Levitte <levitte@openssl.org>
-