- Jun 10, 2017
-
-
Rich Salz authored
CLA: trivial Reviewed-by:
Kurt Roeckx <kurt@openssl.org> Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3627)
-
- Jun 09, 2017
-
-
Paul Yang authored
Check return value of NETSCAPE_SPKI_new() and NETSCAPE_SPKI_b64_encode(), and also clean up coding style incidentally. Signed-off-by:
Paul Yang <paulyang.inf@gmail.com> Reviewed-by:
-
Benjamin Kaduk authored
Move the call to ct_base64_decode(), which allocates, until after the check for NULL output parameter. Also place a cap on the number of padding characters used to decrement the output length -- any more than two '='s is not permitted in a well-formed base64 text. Prior to this change, ct_base64_decode() would return a length of -1 along with allocated storage for an input of "====". Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
-
Josh Soref authored
This incorrectly spelled item exists for compatibility purposes CLA: Trivial Reviewed-by:
-
Pichulin Dmitrii authored
Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
-
Jonathan Protzenko authored
CLA: trivial Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
Luke Faraone authored
Reviewed-by:
-
Paul Yang authored
Signed-off-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
-
- Jun 08, 2017
-
-
Rich Salz authored
The search is approximate; look only for those that look like functions. [skip ci] Reviewed-by:
-
Benjamin Kaduk authored
Modern browsers are now, well, pretty modern. Reviewed-by:
-
Tomas Mraz authored
Fixes #3490 Reviewed-by:
-
Rich Salz authored
when building with OPENSSL_SMALL_FOOTPRINT defined. Reviewed-by:
-
Diego Santa Cruz authored
This uses memset() to clear all of the SRP_CTX when free'ing or initializing it as well as in error paths instead of having a series of NULL and zero assignments as it is safer. It also changes SSL_SRP_CTX_init() to reset all the SRP_CTX to zero in case or error, previously it could retain pointers to freed memory, potentially leading to a double free. Reviewed-by:
-
Diego Santa Cruz authored
Ownership and lifetime rules of SRP_CTX.info are confusing and different from those of SRP_CTX.login, making it difficult to use correctly. This makes the ownership and lifetime be the same as those of SRP_CTX.login, thet is a copy is made when setting it and is freed when SRP_CTX is freed. Reviewed-by:
-
Matt Caswell authored
List the options in the same order and in the same style as the output from "openssl s_server -help" Reviewed-by:
-
Rich Salz authored
Fix test for "documenting private functions" And add -p flag to doc-nits recipe Mark when things were deprecated, if doc'd as such Reviewed-by:
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
[Also bypass sizeof(void *) == 8 check on some platforms.] Reviewed-by: -
Matt Caswell authored
This used to work but was inadvertently removed as part of the TLSv1.3 work. This adds it back. Fixes #3633 Reviewed-by:
-
Richard Levitte authored
The list of programs hit nmake's maximum line length, so we split up the line in smaller chunks. Fixes #3634 Reviewed-by:
-
Rich Salz authored
a buffer returned from BIO_gets is not checked for it's length before reading its contents. Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
-
Todd Short authored
This works with ASN1_UTCTIME and ASN1_GENERALIZED_TIME Reviewed-by:
-
Beat Bolli authored
Reviewed-by:
-
Beat Bolli authored
Reviewed-by:
-
Beat Bolli authored
Reviewed-by:
-
Beat Bolli authored
Reviewed-by:
-
Beat Bolli authored
I tried hard to keep the lines at 80 characters or less, but in a few cases I had to punt and just indented the subsequent lines by 4 spaces. A few well-placed typedefs for callback functions would really help, but these would be part of the API, so that's probably for later. I also took the liberty of inserting empty lines in overlong blocks to provide some visual space. Reviewed-by:
-
Beat Bolli authored
Reviewed-by:
-
Beat Bolli authored
The SSL server example in BIO_f_ssl.pod contains two copies of the BIO_do_accept() call. Remove the second one. Signed-off-by:
Beat Bolli <dev@drbeat.li> Reviewed-by:
-
Beat Bolli authored
Adjust brace placement, whitespace after keywords, indentation and empty lines after variable declarations according to https://www.openssl.org/policies/codingstyle.html . Indent literal sections by exactly one space. Reviewed-by:
-
- Jun 07, 2017
-
-
Rich Salz authored
Run perltidy on util/mkerr Change some mkerr flags, write some doc comments Make generated tables "const" when genearting lib-internal ones. Add "state" file for mkerr Renerate error tables and headers Rationalize declaration of ERR_load_XXX_strings Fix out-of-tree build Add -static; sort flags/vars for options. Also tweak code output Moved engines/afalg to engines (from master) Use -static flag Standard engine #include's of errors Don't linewrap err string tables unless necessary Reviewed-by:
-
Rich Salz authored
Various initialization functions modify this table, which can cause heap corruption in the absence of external synchronization. Some stats are modified from OPENSSL_LH_retrieve, where callers aren't expecting to have to take out an exclusive lock. Switch to using atomic operations for those stats. Reviewed-by:
-
- Jun 06, 2017
-
-
Todd Short authored
Reviewed-by:
-
Todd Short authored
At the moment we flush the write BIO if we send a fatal alert, but not a warning one. This can mean the warning is never sent if we never do another write and subsequently flush the BIO. Instead we should just always flush after writing an alert. Reviewed-by:
-
Todd Short authored
During setup of a reneg test the server can refuse to start reneg. If that happens we should let the client continue and then fail. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Paul Yang authored
Signed-off-by:
-
