Skip to content
  1. May 22, 2014
  2. May 21, 2014
  3. May 20, 2014
  4. May 19, 2014
  5. May 18, 2014
  6. May 15, 2014
  7. May 14, 2014
  8. May 12, 2014
  9. May 11, 2014
  10. May 09, 2014
    • Dr. Stephen Henson's avatar
      Return an error if no recipient type matches. · 2c414463
      Dr. Stephen Henson authored
      If the key type does not match any CMS recipient type return
      an error instead of using a random key (MMA mitigation). This
      does not leak any useful information to an attacker.
      
      PR#3348
      (cherry picked from commit bd43b4cf778a53ffa5d77510ecd408a009dc00d2)
      2c414463
  11. May 08, 2014
  12. May 07, 2014
  13. May 06, 2014
    • Geoff Thorpe's avatar
      dso: eliminate VMS code on non-VMS systems · d60f0193
      Geoff Thorpe authored
      
      
      Even though the meat of dso_vms.c is compiled out on non-VMS builds,
      the (pre-)compiler still traverses some of the macro handling. This
      trips up at least one non-VMS build configuration, so this commit
      makes the skip-VMS case more robust.
      
      Signed-off-by: default avatarGeoff Thorpe <geoff@openssl.org>
      d60f0193
    • Geoff Thorpe's avatar
      evp: prevent underflow in base64 decoding · 65402586
      Geoff Thorpe authored
      
      
      This patch resolves RT ticket #2608.
      
      Thanks to Robert Dugal for originally spotting this, and to David
      Ramos for noticing that the ball had been dropped.
      
      Signed-off-by: default avatarGeoff Thorpe <geoff@openssl.org>
      65402586
    • Geoff Thorpe's avatar
      bignum: allow concurrent BN_MONT_CTX_set_locked() · bf434468
      Geoff Thorpe authored
      
      
      The lazy-initialisation of BN_MONT_CTX was serialising all threads, as
      noted by Daniel Sands and co at Sandia. This was to handle the case that
      2 or more threads race to lazy-init the same context, but stunted all
      scalability in the case where 2 or more threads are doing unrelated
      things! We favour the latter case by punishing the former. The init work
      gets done by each thread that finds the context to be uninitialised, and
      we then lock the "set" logic after that work is done - the winning
      thread's work gets used, the losing threads throw away what they've done.
      
      Signed-off-by: default avatarGeoff Thorpe <geoff@openssl.org>
      bf434468