- May 19, 2016
-
-
Viktor Dukhovni authored
Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot continue due to malloc failure. Similarly for issuer lookup failures and caller errors (bad parameters or invalid state). Also, when X509_verify_cert() returns <= 0 make sure that the verification status does not remain X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns an error without setting an appropriate value of ctx->error. Add new and some missing error codes to X509 error -> SSL alert switch. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
In the X509 app check that the obtained public key is valid before we attempt to use it. Issue reported by Yuan Jochen Kang. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Matt Caswell authored
If p2 == NULL then p1 can get freed twice and a crash could occur. Issue reported by Shi Lei (Qihoo 360 Inc) Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- May 18, 2016
-
-
Cynh authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> GH: #1017 (cherry picked from commit c9141a43)
-
Richard Levitte authored
HMAC doesn't have any error codes Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
- Adjust mkerr.pl to produce the line length we used for source reformating. - Have mkerr.pl keep track of preprocessor directive indentation Among others, do not spuriously throw away a #endif at the end of header files. - Make sure mkerr.pl specifies any header inclusion correctly Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Some output difference in crypto/conf/conf_def.h, because the earlier source reformatting needlessly indented the macro values. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Alessandro Ghedini authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1083)
-
Richard Levitte authored
RT#1466 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit a37458c1)
-
Richard Levitte authored
RT#1466 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 0794b6a6)
-
Richard Levitte authored
Also adds 'esc_2254' to the possible command line name options RT#1466 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit bc776510)
-
- May 17, 2016
-
-
Richard Levitte authored
RT#2534 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
RT#2616 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
RT#2558 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
An if checks the value of |type| to see if it is V_ASN1_VISIBLESTRING twice. We only need to do it once. GitHub Issue #656 Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 2647e261)
-
Matt Caswell authored
Some compression related functions in libssl have dummy versions to be used when compiled with no-comp. However those dummy functions were not being exported on Windows so they are unusable when dynamically linked. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- May 16, 2016
-
-
Richard Levitte authored
The given sizes to not include the final NUL character. RT#2622 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 727ee8cf)
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1064)
-
- May 14, 2016
-
-
isnotnick authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- May 12, 2016
-
-
Richard Levitte authored
RT#4522 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- May 11, 2016
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Manual cherry-pick of f2b9c257)
-
Steven Valdez authored
RT#4363 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org> (cherry picked from commit 2ab851b7) Conflicts: crypto/ec/ec_key.c
-
Dr. Stephen Henson authored
RT#4256 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit c1176ebf) Conflicts: apps/CA.pl.in
-
Viktor Dukhovni authored
When *pp is NULL, don't write garbage, return an unexpected pointer or leak memory on error. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- May 10, 2016
-
-
Rich Salz authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Dr. Stephen Henson authored
RT#4538 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 981b5bb8)
-
- May 09, 2016
-
-
Richard Levitte authored
Originally submitted by Kurt Cancemi <kurt@x64architecture.com> Closes RT#4533 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 59a56c4c)
-
David Benjamin authored
Per RFC 5246, Note: this extension is not meaningful for TLS versions prior to 1.2. Clients MUST NOT offer it if they are offering prior versions. However, even if clients do offer it, the rules specified in [TLSEXT] require servers to ignore extensions they do not understand. Although second sentence would suggest that there would be no interop problems in always offering the extension, WebRTC has reported issues with Bouncy Castle on < TLS 1.2 ClientHellos that still include signature_algorithms. See also https://bugs.chromium.org/p/webrtc/issues/detail?id=4223 RT#4390 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org> (cherry picked from commit f7aa3185) Conflicts: ssl/ssl_locl.h
-
Matt Caswell authored
BIO_eof() was always returning true when using a BIO pair. It should only be true if the peer BIO is empty and has been shutdown. RT#1215 Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 3105d695)
-
- May 08, 2016
-
-
Dr. Stephen Henson authored
RT#3826 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- May 06, 2016
-
-
Dr. Stephen Henson authored
PR#4449 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 049f5bbc) Conflicts: doc/crypto/PKCS12_newpass.pod
-
Dr. Stephen Henson authored
PR#4466 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit d800d0f4) Conflicts: crypto/pkcs12/p12_npas.c
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 708cf5de)
-
- May 05, 2016
-
-
Dr. Stephen Henson authored
The default ASN.1 handling can be used for SEED. This also makes CMS work with SEED. PR#4504 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit c0aa8c27)
-
Dr. Stephen Henson authored
Try to set the ASN.1 parameters for CMS encryption even if the IV length is zero as the underlying cipher should still set the type. This will correctly result in errors if an attempt is made to use an unsupported cipher type. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 3fd60dc4) Conflicts: crypto/cms/cms_enc.c
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1025) (cherry picked from commit c73aa309)
-
- May 04, 2016
-
-
Dr. Stephen Henson authored
The name length limit check in x509_name_ex_d2i() includes the containing structure as well as the actual X509_NAME. This will cause large CRLs to be rejected. Fix by limiting the length passed to ASN1_item_ex_d2i() which will then return an error if the passed X509_NAME exceeds the length. RT#4531 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 4e0d184a)
-
Dr. Stephen Henson authored
RT#4527 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 3340e8bb)
-