- Apr 15, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
newsig may be used (freed) uninitialized on a malloc error. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Apr 14, 2015
-
-
Matt Caswell authored
If OpenSSL is configured with no-tlsext then ssl_get_prev_session can read past the end of the ClientHello message if the session_id length in the ClientHello is invalid. This should not cause any security issues since the underlying buffer is 16k in size. It should never be possible to overrun by that many bytes. This is probably made redundant by the previous commit - but you can never be too careful. With thanks to Qinghao Tang for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
The ClientHello processing is insufficiently rigorous in its checks to make sure that we don't read past the end of the message. This does not have security implications due to the size of the underlying buffer - but still needs to be fixed. With thanks to Qinghao Tang for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Apr 11, 2015
-
-
Rich Salz authored
Ongoing work to skip NULL check before calling free routine. This gets: ecp_nistz256_pre_comp_free nistp224_pre_comp_free nistp256_pre_comp_free nistp521_pre_comp_free PKCS7_free PKCS7_RECIP_INFO_free PKCS7_SIGNER_INFO_free sk_PKCS7_pop_free PKCS8_PRIV_KEY_INFO_free PKCS12_free PKCS12_SAFEBAG_free PKCS12_free sk_PKCS12_SAFEBAG_pop_free SSL_CONF_CTX_free SSL_CTX_free SSL_SESSION_free SSL_free ssl_cert_free ssl_sess_cert_free Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Rich Salz authored
It should have freed them when != NULL, not when == NULL. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
-
Kurt Roeckx authored
It would set gen->d.dirn to a freed pointer in case X509V3_NAME_from_section failed. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Kurt Roeckx authored
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
-
Rich Salz authored
Avoid checking for NULL before calling free functions. This gets ssl.*free: ssl_sess_cert_free ssl_free ssl_excert_free ssl_cert_free SSL_free SSL_SRP_CTX_free SSL_SESSION_free SSL_CTX_free SSL_CTX_SRP_CTX_free SSL_CONF_CTX_free Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
- Apr 10, 2015
-
-
Kurt Cancemi authored
PR#3790 Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
While *pval is usually a pointer in rare circumstances it can be a long value. One some platforms (e.g. WIN64) where sizeof(long) < sizeof(ASN1_VALUE *) this will write past the field. *pval is initialised correctly in the rest of ASN1_item_ex_new so setting it to NULL is unecessary anyway. Thanks to Julien Kauffmann for reporting this issue. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
PR#3789 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Viktor Dukhovni authored
No need for here documents, just use "yes" or </dev/null. No need for "|| exit 1" clauses, just use "set -e". Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Fix commit 30f54ad2 which used non-portable syntax for checking exit status. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Fix a "&" that should have been "!" when processing read_ahead. RT#3793 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Removed commented-out tests Standardize on doing cmd ... || exit 1 instead of cmd ... if [ $? != 0] ; then exit 1 fi where that if statement has ben one, three, or four lines, variously. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Apr 08, 2015
-
-
Richard Levitte authored
Since source reformat, we ended up with some error reason string definitions that spanned two lines. That in itself is fine, but we sometimes edited them to provide better strings than what could be automatically determined from the reason macro, for example: {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"}, However, mkerr.pl didn't treat those two-line definitions right, and they ended up being retranslated to whatever the macro name would indicate, for example: {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "No gost certificate sent by peer"}, Clearly not what we wanted. This change fixes this problem. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rich Salz authored
Remove CA.sh script and use CA.pl for testing, etc. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Output a consistent "start" marker for each test. Remove "2>/dev/null" from Makefile command lines. Add OPENSSL_CONFIG=/dev/null for places where it's needed, in order to suppress a warning message from the openssl CLI. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Apr 04, 2015
-
-
Richard Levitte authored
The macros BSWAP4 and BSWAP8 have statetemnt expressions implementations that use local variable names that shadow variables outside the macro call, generating warnings like this e_aes_cbc_hmac_sha1.c:263:14: warning: declaration shadows a local variable [-Wshadow] seqnum = BSWAP8(blocks[0].q[0]); ^ ../modes/modes_lcl.h:41:29: note: expanded from macro 'BSWAP8' ^ e_aes_cbc_hmac_sha1.c:223:12: note: previous declaration is here size_t ret = 0; ^ Have clang be quiet by modifying the macro variable names slightly (suffixing them with an underscore). Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
We use GNU statement expressions in crypto/md32_common.h, surrounded by checks that GNU C is indeed used to compile. It seems that clang, at least on Linux, pretends to be GNU C, therefore finds the statement expressions and then warns about them. The solution is to have clang be quiet about it. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
ebcdic.c:284:7: warning: ISO C requires a translation unit to contain at least one declaration [-Wempty-translation-unit] ^ 1 warning generated. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Apr 03, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Complete reimplementation of d2i_SSL_SESSION and i2d_SSL_SESSION using new ASN.1 code and eliminating use of old ASN.1 macros. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Apr 02, 2015
-
-
Rich Salz authored
Print "supported compression methods" all on one line. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
ARM has optimized Cortex-A5x pipeline to favour pairs of complementary AES instructions. While modified code improves performance of post-r0p0 Cortex-A53 performance by >40% (for CBC decrypt and CTR), it hurts original r0p0. We favour later revisions, because one can't prevent future from coming. Improvement on post-r0p0 Cortex-A57 exceeds 50%, while new code is not slower on r0p0, or Apple A7 for that matter. [Update even SHA results for latest Cortex-A53.] Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Apr 01, 2015
-
-
Emilia Kasper authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Mar 31, 2015
-
-
Richard Levitte authored
A bit of cleanup was forgotten. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
This engine is for VMS only, and isn't really part of the core OpenSSL but rather a side project of its own that just happens to have tagged along for a long time. The reasons why it has remained within the OpenSSL source are long lost in history, and there not being any real reason for it to remain here, it's time for it to move out. This side project will appear as a project in its own right, the location of which will be announced later on. Reviewed-by: Tim Hudson <tjh@openssl.org>
-