- Mar 10, 2016
-
-
Benjamin Kaduk authored
BIO_snprintf() can return -1 on truncation (and overflow as of commit 9cb17730 ). Though neither can realistically occur while printing a pointer and short fixed string into a buffer of length 256, the analysis to confirm that this the case goes somewhat far up the call chain, and not all static analyzers can successfully follow the chain of logic. It's easy enough to clamp the returned length to be nonnegative before continuing, which appeases the static analyzer and does not harm the subsequent code. Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
Rich Salz <rsalz@openssl.org>
-
Benjamin Kaduk authored
Some of the ASN.1 routines for the GeneralizedTime type can return errors; check for these and do not continue past failure, so as to appease coverity. Reviewed-by:
-
Richard Levitte authored
The reason for this is that the static libraries and the DLL import libraries are named the same on Windows. When configured "shared", the static libraries are unused anyway. Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Jim Basney authored
set pointers to NULL after OPENSSL_free before returning to caller to avoid possible double-free in caller Signed-off-by:
Rich Salz <rsalz@akamai.com> Reviewed-by:
-
Mat authored
return type should be int and not void Signed-off-by:
-
Viktor Dukhovni authored
Reviewed-by:Dr. Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
Reviewed-by: -
Kurt Roeckx authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by:
-
- Mar 09, 2016
-
-
Richard Levitte authored
This corrects a fault where the inner IF in this example was still being acted upon: IF[0] ...whatever... IF[1] ...whatever more... ENDIF ENDIF With this change, the inner IF is skipped over. Reviewed-by:Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Reviewed-by:Viktor Dukhovni <viktor@openssl.org>
-
Kurt Roeckx authored
Reviewed-by: -
Kurt Roeckx authored
Reviewed-by: -
Kurt Roeckx authored
Reviewed-by: -
Kurt Roeckx authored
Reviewed-by: -
Kurt Roeckx authored
Reviewed-by: -
Kurt Roeckx authored
Reviewed-by: -
Kurt Roeckx authored
Reviewed-by: -
Kurt Roeckx authored
Reviewed-by: -
Kurt Roeckx authored
This currently seems to be the only cipher we still support that should get disabled. Reviewed-by: -
Kurt Roeckx authored
Reviewed-by: -
Kurt Roeckx authored
Adjust ssl_set_client_hello_version to get both the minimum and maximum and then make ssl_set_client_hello_version use the maximum version. Reviewed-by: -
Kurt Roeckx authored
Reviewed-by: -
Kurt Roeckx authored
Reviewed-by: -
Kurt Roeckx authored
Reviewed-by: -
Kurt Roeckx authored
Reviewed-by: -
Rob Percival authored
Reviewed-by:
Emilia Käsper <emilia@openssl.org> Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rich Salz authored
Reviewed-by: -
Richard Levitte authored
The "extra checks" is a debugging tool to check the config resolving mechanism. It uses Perl's smart match, which is experimental and therefore always causes Perl to give out a warning, and it causes older Perl versions to fail entirely. So, it gets commented away, but stays otherwise in place, as it may be useful again. Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
ct_test assumed it's run in the source directory and failed when built elsewhere. It still defaults to that, but can be told another story with the environment variables CT_DIR and CERTS_DIR. Test recipe updated to match. Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Both of these functions can easily be implemented by callers instead. Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
