- Aug 19, 2016
-
-
Richard Levitte authored
Reviewed-by:Rich Salz <rsalz@openssl.org>
-
- Aug 18, 2016
-
-
Richard Levitte authored
Reviewed-by:
-
- Aug 16, 2016
-
-
Richard Levitte authored
Reviewed-by:
-
- Aug 15, 2016
-
-
Dr. Stephen Henson authored
Apply a limit to the maximum blob length which can be read in do_d2i_bio() to avoid excessive allocation. Thanks to Shi Lei for reporting this. Reviewed-by:
-
Dr. Stephen Henson authored
If an oversize BIGNUM is presented to BN_bn2dec() it can cause BN_div_word() to fail and not reduce the value of 't' resulting in OOB writes to the bn_data buffer and eventually crashing. Fix by checking return value of BN_div_word() and checking writes don't overflow buffer. Thanks to Shi Lei for reporting this bug. CVE-2016-2182 Reviewed-by:
Tim Hudson <tjh@openssl.org> (cherry picked from commit 07bed46f) Conflicts: crypto/bn/bn_print.c
-
Dr. Stephen Henson authored
Check for error return in BN_div_word(). Reviewed-by:
-
- Aug 11, 2016
-
-
Andy Polyakov authored
RT#4530 Reviewed-by:
-
- Aug 05, 2016
-
-
Dr. Stephen Henson authored
Thanks to Hanno Böck for reporting this bug. Reviewed-by:
-
Dr. Stephen Henson authored
Fix error path leaks in a2i_ASN1_STRING(), a2i_ASN1_INTEGER() and a2i_ASN1_ENUMERATED(). Thanks to Shi Lei for reporting these issues. Reviewed-by:
-
- Aug 04, 2016
-
-
Kurt Roeckx authored
GH: #1322 (cherry picked from commit 5e3553c2 ) Reviewed-by:
Stephen Henson <steve@openssl.org>
-
Dr. Stephen Henson authored
Thanks to Shi Lei for reporting this bug. Reviewed-by: -
Dr. Stephen Henson authored
Thanks to Shi Lei for reporting this issue. Reviewed-by: -
Dr. Stephen Henson authored
Thanks to Shi Lei for reporting this issue. Reviewed-by:
-
- Aug 03, 2016
-
-
Richard Levitte authored
Because proxy certificates typically come without any CRL information, trying to check revocation on them will fail. Better not to try checking such information for them at all. Reviewed-by:
-
- Aug 02, 2016
-
-
Dr. Stephen Henson authored
Use correct length in old ASN.1 indefinite length sequence decoder (only used by SSL_SESSION). This bug was discovered by Hanno Böck using libfuzzer. Reviewed-by: -
Dr. Stephen Henson authored
Reviewed-by: -
Dr. Stephen Henson authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> (cherry picked from commit e9f17097)
-
Dr. Stephen Henson authored
Reviewed-by:
-
- Jul 29, 2016
-
-
Dr. Stephen Henson authored
Thanks to David Benjamin <davidben@google.com> for reporting this bug. Reviewed-by:
-
- Jul 28, 2016
-
-
Rich Salz authored
Reviewed-by:
-
- Jul 26, 2016
-
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
- Jul 22, 2016
-
-
Dr. Stephen Henson authored
If two CRLs are equivalent then use the one with a later lastUpdate field: this will result in the newest CRL available being used. RT#4615 Reviewed-by:
-
Dr. Stephen Henson authored
RT#4511 Reviewed-by:Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result as a null terminated buffer. The length value returned is the total length the complete text reprsentation would need not the amount of data written. CVE-2016-2180 Thanks to Shi Lei for reporting this bug. Reviewed-by:
-
Dr. Stephen Henson authored
RT#4603 Reviewed-by:
-
- Jul 20, 2016
-
-
Todd Short authored
There are two failure cases for OCSP_request_add_id(): 1. OCSP_ONEREQ_new() failure, where |cid| is not freed 2. sk_OCSP_ONEREQ_push() failure, where |cid| is freed This changes makes the error behavior consistent, such that |cid| is not freed when sk_OCSP_ONEREQ_push() fails. OpenSSL only takes ownership of |cid| when the function succeeds. Reviewed-by:
-
- Jul 19, 2016
-
-
Dr. Stephen Henson authored
RT#4600 Reviewed-by:
-
Dr. Stephen Henson authored
RT#4610 Reviewed-by: -
Dr. Stephen Henson authored
Extended alg_print() in pkcs12 utility to support PBES2 algorithms. RT#4588 Reviewed-by: -
Dr. Stephen Henson authored
If underlying type is boolean don't check field is NULL. Reviewed-by:
-
- Jul 18, 2016
-
-
Dr. Stephen Henson authored
The ASN.1 BIGNUM type needs to be handled in a custom way as it is not a generic ASN1_STRING type. Reviewed-by:
-
- Jul 16, 2016
-
-
Richard Levitte authored
Reviewed-by:
-
- Jul 15, 2016
-
-
Richard Levitte authored
RT#4611 Reviewed-by:
-
- Jul 08, 2016
-
-
Matt Caswell authored
We shouldn't allow both "-tls1" and "-tls1_2", or "-tls1" and "-no_tls1_2". The only time multiple flags are allowed is where they are all "-no_<prot>". This fixes Github Issue #1268 Reviewed-by:
-
- Jul 06, 2016
-
-
Orgad Shaneh authored
Reviewed-by:
Kurt Roeckx <kurt@openssl.org> Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
- Jul 05, 2016
-
-
Cristian Stoica authored
cryptodev engine is initialized together with the other engines in ENGINE_load_builtin_engines. The initialization done through OpenSSL_add_all_algorithms is redundant. Signed-off-by:
Cristian Stoica <cristian.stoica@nxp.com> Reviewed-by:
-
- Jul 01, 2016
-
-
Matt Caswell authored
We calculate the size required for the ServerKeyExchange message and then call BUF_MEM_grow_clean() on the buffer. However we fail to take account of 2 bytes required for the signature algorithm and 2 bytes for the signature length, i.e. we could overflow by 4 bytes. In reality this won't happen because the buffer is pre-allocated to a large size that means it should be big enough anyway. Addresses an OCAP Audit issue. Reviewed-by: -
Andy Polyakov authored
Even though it's hard to imagine, it turned out that upper half of arguments passed to V8+ subroutine can be non-zero. ["n" pseudo-instructions, such as srln being srl in 32-bit case and srlx in 64-bit one, were implemented in binutils 2.10. It's assumed that Solaris assembler implemented it around same time, i.e. 2000.] Reviewed-by:
-
