- Mar 12, 2015
-
-
Matt Caswell authored
ASN1_primitive_new takes an ASN1_ITEM * param |it|. There are a couple of conditional code paths that check whether |it| is NULL or not - but later |it| is deref'd unconditionally. If |it| was ever really NULL then this would seg fault. In practice ASN1_primitive_new is marked as an internal function in the public header file. The only places it is ever used internally always pass a non NULL parameter for |it|. Therefore, change the code to sanity check that |it| is not NULL, and remove the conditional checking. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 9e488fd6)
-
Matt Caswell authored
Calling EVP_DigestInit_ex which has already had the digest set up for it should be possible. You are supposed to be able to pass NULL for the type. However currently this seg faults. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit a0108702)
-
Matt Caswell authored
In the event of an error |rr| could be NULL. Therefore don't assume you can use |rr| in the error handling code. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 8c5a7b33)
-
- Mar 11, 2015
-
-
Matt Caswell authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit ac5a1106)
-
Matt Caswell authored
Cleanse various intermediate buffers used by the PRF (backported version from master). Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 35fafc4d) Conflicts: ssl/s3_enc.c
-
- Mar 10, 2015
-
-
Emilia Kasper authored
Ensure all malloc failures return -1. Reported by Adam Langley (Google). Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 06c6a2b4)
-
Richard Godbee authored
BIO_debug_callback() no longer assumes the hexadecimal representation of a pointer fits in 8 characters. Signed-off-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 460e920d)
-
- Mar 09, 2015
-
-
Dmitry-Me authored
Signed-off-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 0b142f02)
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Mar 08, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit d6ca1cee)
-
Dr. Stephen Henson authored
New function ASN1_STRING_clear_free which cleanses an ASN1_STRING structure before freeing it. Call ASN1_STRING_clear_free on PKCS#8 private key components. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit a8ae0891)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit e3013932)
-
- Mar 07, 2015
-
-
Kurt Roeckx authored
They are moved to the COMPLEMENTOFDEFAULT instead. This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit f417997a) Conflicts: ssl/ssl_ciph.c
-
- Mar 06, 2015
-
-
Matt Caswell authored
Make the output from mkerr.pl consistent with the newly reformatted code. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Mar 05, 2015
-
-
Kurt Cancemi authored
This patch uses warning/fatal constants instead of numbers with comments for warning/alerts in d1_pkt.c and s3_pkt.c RT#3725 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit fd865cad)
-
Matt Caswell authored
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error paths as I spotted them along the way. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 918bb865) Conflicts: crypto/bio/bss_dgram.c Conflicts: apps/cms.c apps/s_cb.c apps/s_server.c apps/speed.c crypto/dh/dh_pmeth.c ssl/s3_pkt.c
-
- Mar 02, 2015
-
-
Dr. Stephen Henson authored
CVE-2015-0288 PR#3708 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 28a00bcd)
-
Dr. Stephen Henson authored
The format script didn't correctly recognise some ASN.1 macros and didn't reformat some files as a result. Fix script and reformat affected files. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 437b14b5)
-
- Feb 27, 2015
-
-
Matt Caswell authored
Some Cisco appliances use a pre-standard version number for DTLS. We support this as DTLS1_BAD_VER within the code. This change fixes d2i_SSL_SESSION for that DTLS version. Based on an original patch by David Woodhouse <dwmw2@infradead.org> RT#3704 Reviewed-by: Tim Hudson <tjh@openssl.org> Conflicts: ssl/ssl_asn1.c Conflicts: ssl/dtls1.h
-
Matt Caswell authored
Added various missing return value checks in tls1_change_cipher_state. Reviewed-by: Richard Levitte <levitte@openssl.org> Conflicts: ssl/t1_enc.c
-
Matt Caswell authored
Fixed various missing return value checks in ssl3_send_newsession_ticket. Also a mem leak on error. Reviewed-by: Richard Levitte <levitte@openssl.org> Conflicts: ssl/s3_srvr.c Conflicts: ssl/s3_srvr.c
-
Matt Caswell authored
This fixes another warning when config'd with no-ec Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
This is a partial back port of commit 5b430cfc to remove a warning when compiling with no-ec. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Feb 26, 2015
-
-
Matt Caswell authored
When OpenSSL is configured with no-ec, then the new evp_extra_test fails to pass. This change adds appropriate OPENSSL_NO_EC guards around the code. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit a9880362)
-
- Feb 25, 2015
-
-
Matt Caswell authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Reviewed-by: Emilia Käsper <emilia@openssl.org> Conflicts: doc/crypto/EC_KEY_new.pod doc/crypto/EC_POINT_new.pod
-
Matt Caswell authored
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org> CVE-2015-0209 Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
called evp_test.c, so I have called this one evp_extra_test.c Reviewed-by: Emilia Käsper <emilia@openssl.org> Conflicts: crypto/evp/Makefile test/Makefile Conflicts: test/Makefile crypto/evp/evp_extra_test.c
-
- Feb 24, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 384dee51)
-
- Feb 22, 2015
-
-
Edgar Pek authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit bcfa19a8)
-
Kurt Roeckx authored
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit edac5dc2)
-
Doug Hogan authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 1549a265)
-
Richard Levitte authored
The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a bit too enthusiastically. Windows/DOSish platforms of all sorts get identified as OPENSSL_SYS_MSDOS, and they get a different treatment altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the configuration. The answer is to restore those macro definitions for the affected configuration targets. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit ba4bdee7) Conflicts: Configure
-
Richard Levitte authored
The rationale for this move is that TERMIOS is default, supported by POSIX-1.2001, and most definitely on Linux. For a few other systems, TERMIO may still be the termnial interface of preference, so we keep -DTERMIO on those in Configure. crypto/ui/ui_openssl.c is simplified in this regard, and will define TERMIOS for all systems except a select few exceptions. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 64e6bf64) Conflicts: Configure crypto/ui/ui_openssl.c
-
- Feb 12, 2015
-
-
Rich Salz authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 872f91c4)
-
Graeme Perrow authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit b0333e69)
-
Eric Dequin authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 1d2932de)
-
- Feb 09, 2015
-
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 84903716)
-