- 24 Aug, 2016 39 commits
-
-
Richard Levitte authored
Note: we trust any other compiler that fully implements GNU extension to define __GNUC__ RT#4642 Reviewed-by:Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
In apps/rsa.c, we were second guessing RSA_check_key() to leave error codes lying around without returning -1 properly. However, this also catches other errors that are lying around and that we should not care about. Reviewed-by:Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Thanks to Shi Lei for reporting this issue. CVE-2016-6303 Reviewed-by:Matt Caswell <matt@openssl.org>
-
Rich Salz authored
Add CVE to CHANGES Reviewed-by:Emilia Käsper <emilia@openssl.org>
-
Rich Salz authored
Reviewed-by:Viktor Dukhovni <viktor@openssl.org>
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Ownership semantics and function names have changed. Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
SCT_verify_v1 has been removed and SCT_verify is no longer part of the public API. Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
These functions have been removed from the public API. Reviewed-by:
-
Rob Percival authored
CTLOG_new_null() has been removed from the code, so it has also been removed from this POD. Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
This is covered by d2i_X509.pod. Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
The prior wording was less accurate. See https://github.com/openssl/openssl/pull/1372#discussion_r73127000 . Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Fixes complaint "ct missing from SYNOPSIS". Reviewed-by:
-
Rob Percival authored
util/fix-doc-nits.pl complains that "CT_POLICY_EVAL_CTX (filename) missing from NAME section". Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
util/find-doc-nits.pl complains that the file "doesn't end with =cut". Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Matt Caswell authored
It is never valid to call ssl3_read_bytes with type == SSL3_RT_CHANGE_CIPHER_SPEC, and in fact we check for valid values for type near the beginning of the function. Therefore this check will never be true and can be removed. Reviewed-by:Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
The variable assignment c1 is never read before it is overwritten. Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Andy Polyakov authored
RT#4625 Reviewed-by: -
Andy Polyakov authored
RT#4625 Reviewed-by: -
Andy Polyakov authored
Addition was not preserving inputs' property of being fully reduced. Thanks to Brian Smith for reporting this. Reviewed-by: -
Andy Polyakov authored
Addition was not preserving inputs' property of being fully reduced. Thanks to Brian Smith for reporting this. Reviewed-by: -
Andy Polyakov authored
Thanks to David Benjamin for reporting this. Reviewed-by:
Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
The declaration of bio_type_lock is independent of no-sock so should not be inside OPENSSL_NO_SOCK guards. Reviewed-by:
-
- 23 Aug, 2016 1 commit
-
-
Dr. Stephen Henson authored
If a ticket callback changes the HMAC digest to SHA512 the existing sanity checks are not sufficient and an attacker could perform a DoS attack with a malformed ticket. Add additional checks based on HMAC size. Thanks to Shi Lei for reporting this bug. CVE-2016-6302 Reviewed-by:
-
