- 03 Apr, 2018 3 commits
-
-
Bernd Edlinger authored
Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5826) (cherry picked from commit 1518c55a)
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Thanks to Sem Voigtländer for reporting this issue. Reviewed-by:
-
- 28 Mar, 2018 1 commit
-
-
Miroslav Suk authored
Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
-
- 27 Mar, 2018 7 commits
-
-
Philippe Antoine authored
Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5687)
-
Matt Caswell authored
If we don't have OID data for an object then we should fail if we are asked to encode the ASN.1 for that OID. Fixes #5723 Reviewed-by:
-
Matt Caswell authored
Reviewed-by:Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by:
-
- 26 Mar, 2018 2 commits
-
-
Matt Caswell authored
Constructed types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. Therefore we limit the stack depth. CVE-2018-0739 Credit to OSSFuzz for finding this issue. Reviewed-by: -
Bernd Edlinger authored
Reviewed-by:
-
- 25 Mar, 2018 1 commit
-
-
Bernd Edlinger authored
Reviewed-by:
-
- 21 Mar, 2018 4 commits
-
-
Matt Caswell authored
Fixes #5711 Reviewed-by:
-
Samuel Weiser authored
Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5170) (cherry picked from commit 7150a472)
-
Samuel Weiser authored
Reviewed-by:
-
Samuel Weiser authored
Replaced variable-time GCD with consttime inversion to avoid side-channel attacks on RSA key generation Reviewed-by:
-
- 20 Mar, 2018 1 commit
-
-
Bernd Edlinger authored
Reviewed-by:
-
- 15 Mar, 2018 5 commits
-
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
It is quite likely for there to be multiple certificates with empty subjects, which are still distinct because of subjectAltName. Therefore we allow multiple certificates with an empty Subject even if unique_subject is set to yes. Reviewed-by:
-
Matt Caswell authored
Commit 87e8feca (16 years ago!) introduced a bug where if we are attempting to insert a cert with a duplicate subject name, and duplicate subject names are not allowed (which is the default), then we get an unhelpful error message back (error number 2). Prior to that commit we got a helpful error message which displayed details of the conflicting entry in the database. That commit was itself attempting to fix a bug with the noemailDN option where we were setting the subject field in the database too early (before extensions had made any amendments to it). This PR moves the check for a conflicting Subject name until after all changes to the Subject have been made by extensions etc. This also, co-incidentally Fixes the ca crashing bug described in issue 5109. Fixes #5109 Reviewed-by:
-
Matt Caswell authored
This reverts commit a3d684ff . Empty Subjects are permissible Reviewed-by:
-
Matt Caswell authored
This reverts commit dd37f6f1 . Empty Subjects are permissible. Reviewed-by:
-
- 14 Mar, 2018 1 commit
-
-
Richard Levitte authored
The void* needs to be cast to a char* first. Fixes #5614 Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5615)
-
- 12 Mar, 2018 2 commits
-
-
Matt Caswell authored
We should be using ASN1_OBJECT_free() not OPENSSL_free(). Fixes #5568 Reviewed-by:
-
Matt Caswell authored
If a mem allocation failed we would ignore it. This commit fixes it to always check. Reviewed-by:
-
- 11 Mar, 2018 1 commit
-
-
Kurt Roeckx authored
Reviewed-by:
-
- 08 Mar, 2018 1 commit
-
-
Richard Levitte authored
Reviewed-by:
-
- 07 Mar, 2018 1 commit
-
-
Dr. Matthias St. Pierre authored
BIO_get_mem_data() and BIO_get_mem_ptr() assign to *pp, not pp Reviewed-by:
-
- 05 Mar, 2018 1 commit
-
-
Bernd Edlinger authored
99bb59d9 at ssl_scan_clienthello_tlsext Reviewed-by:
-
- 04 Mar, 2018 1 commit
-
-
Rich Salz authored
Reviewed-by:
-
- 03 Mar, 2018 1 commit
-
-
Bernd Edlinger authored
Reviewed-by:
-
- 02 Mar, 2018 1 commit
-
-
Viktor Dukhovni authored
Reviewed-by:
-
- 01 Mar, 2018 1 commit
-
-
Ivan Filenko authored
CLA: trivial Reviewed-by:
-
- 26 Feb, 2018 1 commit
-
-
Dr. Matthias St. Pierre authored
Fixes #5405, #1381 The base64 filter BIO reads its input in chunks of B64_BLOCK_SIZE bytes. When processing input in PEM format it can happen in rare cases that - the trailing PEM marker crosses the boundary of a chunk, and - the beginning of the following chunk contains valid base64 encoded data. This happened in issue #5405, where the PEM marker was split into "-----END CER" and "TIFICATE-----" at the end of the first chunk. The decoding of the first chunk terminated correctly at the '-' character, which is treated as an EOF marker, and b64_read() returned. However, when called the second time, b64_read() read the next chunk and interpreted the string "TIFICATE" as valid base64 encoded data, adding 6 extra bytes '4c 81 48 08 04 c4'. This patch restores the assignment of the error code to 'ctx->cont', which was deleted accidentally in commit 5562cfac and which prevents b64_read() from reading additional data on subsequent calls...
-
- 22 Feb, 2018 2 commits
-
-
White_Rabbit authored
CLA: trivial Reviewed-by:
-
Philippe Antoine authored
Before reading first byte as length Reviewed-by:
-
- 21 Feb, 2018 2 commits
-
-
Pavel Kopyl authored
The memory pointed to by the 'push' is freed by the X509_NAME_ENTRY_free() in do_body(). The second time it is referenced to (indirectly) in certify_cert:X509_REQ_free(). Reviewed-by:
-
Pavel Kopyl authored
X509v3_add_ext: free 'sk' if the memory pointed to by it was malloc-ed inside this function. X509V3_EXT_add_nconf_sk: return an error if X509v3_add_ext() fails. This prevents use of a freed memory in do_body:sk_X509_EXTENSION_num(). Reviewed-by:
-
