- Apr 22, 2016
-
-
Dr. Stephen Henson authored
If the ASN.1 BIO is presented with a large length field read it in chunks of increasing size checking for EOF on each read. This prevents small files allocating excessive amounts of data. CVE-2016-2109 Thanks to Brian Carpenter for reporting this issue. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Richard Levitte authored
The reason to warn is that configuration *may* pick up on configuration header files that are in the source tree, that might be for a wildly different configuration than what is expected in the current out-of-source configuration. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Viktor Dukhovni authored
It is up to the caller of SSL_dane_tlsa_add() to take appropriate action when no records are added successfully or adding some records triggers an internal error (negative return value). With this change the caller can continue with PKIX if desired when none of the TLSA records are usable, or take some appropriate action if DANE is required. Also fixed the internal ssl_dane_dup() function to properly initialize the TLSA RR stack in the target SSL handle. Errors in ssl_dane_dup() are no longer ignored. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
If we fail halfway through constructing the peer_tmp EVP_PKEY but we have already stored it in s->s3->peer_tmp then if anything tries to use it then it will likely fail. This was causing s_client to core dump in the sslskewith0p test. s_client was trying to print out the connection parameters that it had negotiated so far. Arguably s_client should not do that if the connection has failed...but given it is existing functionality it's easier to fix libssl. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
Using ASN1_ITEM tables in d2i_test: this then uses consistent names and makes it easier to extend. Add bio, reencode and compare tests. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Matt Caswell authored
The capi engine was failing to compile on Windows if the no-dsa option was selected. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
The no-dsa option was failing on Windows because some symbols were not correctly flagged in libcrypto.num. Problem found due to the new symbol consistency test. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Some pre-processor macros were incorrectly indented Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
no-cmac was failing on Windows/VMS due to libcrypto.num not marking the CMAC functions properly. Found due to the new symbol consistency test. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Our main development platforms are of the Unix family, which doesn't have the same strictness regarding a shared library being consistent with the contents of the ld script (.map file, on Linux and Solaris) as Windows is with the contents of the .def file or VMS is with the linker symb_vector option. To eliminate surprises, we therefore need to make sure to check that the contents of the .map file is matched with the shared library, at least to check that the shared library isn't missing any symbols that should be present. This test isn't absolutely perfect, as it will only check the symbols that would be present on Linux / Solaris and will therefore miss those that would only appear on Windows or VMS. On the other hand, those platform specific are few and far apart in time, so it's not likely they will pose a problem. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Apr 21, 2016
-
-
Dr. Stephen Henson authored
If allocation in CRYPTO_clear_realloc() fails don't free up the original buffer: this is consistent with the behaviour of realloc(3) and is expected in other places in OpenSSL. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Richard Levitte authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
The ocsp.h file did not have appropriate guards causing link failures on Windows. GH Issue 900 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
openssl.c and ts.c assign the value of opt_num_rest() to argc, but then only use the value once. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
All other instances of extract_min_max are checked for an error return, except this one. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Also correct the return value from the the "prime" application Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Various instances of variables being written to, but then never read. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Apr 20, 2016
-
-
Davide Galassi authored
The state was always set to BIO_CONN_S_OK. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Michel authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
With Richard Levitte. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Ensure public functions have appropriate guards in header files. GH Issue 899 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
The Unix build was the last to retain the classic build scheme. The new unified scheme has matured enough, even though some details may need polishing. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Link errors were occurring on Windows because the header files were not correctly guarding some functions with OPENSSL_NO_SOCK Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
We need the struct timeval definition from winsock2.h even if we're not going to call any socket functions. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Windows "select" only works for sockets so don't use it to wait for async. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
e_os.h was defining OPENSSL_NO_DGRAM if OPENSSL_NO_SOCK was defined. This causes link problems on Windows because the generated .def files still contain the DGRAM symbols even though they have not been compiled. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Link errors were occurring on Windows because the header files were not correctly guarding some functions with OPENSSL_NO_DGRAM Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Add copyright to most .pl files This does NOT cover any .pl file that has other copyright in it. Most of those are Andy's but some are public domain. Fix typo's in some existing files. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rainer Jung authored
Fixes some links in the pod files Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-