- Nov 20, 2016
-
-
Todd Short authored
When configured with "no-mdc2 enable-crypto-mdebug" the evp_test will leak memory due to skipped tests, and error out. Also fix a skip condition Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1946)
-
- Nov 18, 2016
-
-
Beat Bolli authored
In the X509_NAME_get_index_by_NID.pod example, the initialized variable is called "loc", but the one used in the for loop is called "lastpos". Make the names match. CLA: trivial Reviewed-by:
-
- Nov 17, 2016
-
-
Dr. Stephen Henson authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (cherry picked from commit b6c68982)
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
FdaSilvaYY authored
Both strdup or malloc failure should raise an err. Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
-
FdaSilvaYY authored
Reviewed-by:
-
- Nov 16, 2016
-
-
Rob Percival authored
This reflects its position in include/openssl/ct.h. Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Otherwise, |dec| gets moved past the end of the signature by o2i_SCT_signature and then can't be correctly freed afterwards. Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
This gives better code coverage and is more representative of how a user would likely construct an SCT (using the base64 returned by a CT log). Reviewed-by:
-
Richard Levitte authored
The rationale is that the linux-x86 is the most likely config target to evolve and should therefore be chosen when possible, while linux-elf is mostly reserved for older Linux machines. Reviewed-by:
-
Richard Levitte authored
'linux-x86' is similar to 'linux-x86_64' but uses -m32 rather than -m64. Reviewed-by:
-
Matt Caswell authored
ssl_test_old was reaching inside the SSL structure and changing the internal BIO values. This is completely unneccessary, and was causing an abort in the test when enabling TLSv1.3. I also removed the need for ssl_test_old to include ssl_locl.h. This required the addition of some missing accessors for SSL_COMP name and id fields. Reviewed-by:
-
Rich Salz authored
Factorise multiple bn_get_top(group->field) calls Add missing checks on some conditional BN_copy return value Add missing checks on some BN_copy return value Add missing checks on a few bn_wexpand return value Reviewed-by:
-
- Nov 15, 2016
-
-
Rich Salz authored
Also fix version in libcrypto.num, from backporting new functions. Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> Reviewed-by:
-
Rob Percival authored
Checks that the epoch_time_in_ms field of CT_POLICY_EVAL_CTX is initialized to approximately the current time (as returned by time()) by default. This prevents the addition of this field, and its verification during SCT validation, from breaking existing code that calls SCT_validate directly. Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
As requested in https://github.com/openssl/openssl/pull/1554#issuecomment-246371575 . Reviewed-by:
-
Rob Percival authored
See https://github.com/openssl/openssl/pull/1554#issuecomment-246354677 . Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Do not call the time "current", as a different time can be provided. For example, a time slightly in the future, to provide tolerance for CT logs with a clock that is running fast. Reviewed-by:
-
Rob Percival authored
ctlog_new_null() no longer exists. Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Richard Levitte authored
engines/e_padlock.c assumes that for all x86 and x86_64 platforms, the lower level routines will be present. However, that's not always true, for example for solaris-x86-cc, and that leads to build errors. The better solution is to have configure detect if the lower level padlock routines are being built, and define the macro PADLOCK_ASM if they are, and use that macro in our C code. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Under certain circumstances, the libcrypto init code would loop, causing a deadlock. This would typically happen if something in ossl_init_base() caused an OpenSSL error, and the error stack routines would recurse into the init code before the flag that ossl_init_base() had been run was checked. This change makes sure ossl_init_base isn't run once more of the base is initiated. Thanks to Dmitry Kostjuchenko for the idea. Fixes Github issue #1899 Reviewed-by:
-
- Nov 14, 2016
-
-
Andy Polyakov authored
Reviewed-by:
-
Sebastian Andrzej Siewior authored
prio openssl 1.1.0 seed_len < q was accepted and the seed argument was then ignored. Now DSA_generate_parameters_ex() returns an error in such a case but no error string. Signed-off-by:
Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by:
-
Matt Caswell authored
This reverts commit edc18749 . The proposed fix is incorrect. It marks the "run_once" code as having finished before it has. The intended semantics of run_once is that no threads should proceed until the code has run exactly once. With this change the "second" thread will think the run_once code has already been run and will continue, even though it is still in progress. This could result in a crash or other incorrect behaviour. Reviewed-by:
-
- Nov 13, 2016
-
-
DK authored
Fixed deadlock in CRYPTO_THREAD_run_once() if call to init() is causing a recursive call to CRYPTO_THREAD_run_once() again that is causing a hot deadloop inside do { } while (result == ONCE_ININIT); section. CLA: trivial Reviewed-by: -
Matthias Kraft authored
Avoid a memory alignment issue. Signed-off-by:
Matthias Kraft <Matthias.Kraft@softwareag.com> CLA: trivial Reviewed-by:
-
EasySec authored
Reviewed-by:
-
EasySec authored
Replace the 'SSL' broken link with SSL_CTX_set_security_level which seems not being referenced from elsewhere Reviewed-by:
-
- Nov 12, 2016
-
-
enkore authored
CLA: trivial Reviewed-by:
-
Kurt Roeckx authored
llvm's ubsan reported: runtime error: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself Found using libfuzzer Reviewed-by:
-
