- Jun 03, 2016
-
-
Jonas Maebe authored
zapparams modification based on tip from Matt Caswell RT#3198 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dirk Feytons authored
Add missing ifdefs. Same change is already present in master, see b4a3aeeb Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1155)
-
Matt Caswell authored
Fix typos and clarify a few things in the CONTRIBUTING file. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jun 01, 2016
-
-
Matt Caswell authored
A common idiom in the codebase is: if (p + len > limit) { return; /* Too long */ } Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE "len" here could be from some externally supplied data (e.g. from a TLS message). The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour. For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit! Issue reported by Guido Vranken. CVE-2016-2177 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- May 31, 2016
-
-
FdaSilvaYY authored
Backport of 8e89e85f From PR #1019 / #997 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1019)
-
Dr. Stephen Henson authored
Don't copy parameters is they're already present in the destination. Return error if an attempt is made to copy different parameters to destination. Update documentation. If key type is not initialised return missing parameters RT#4149 Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit f72f00d4)
-
- May 26, 2016
-
-
Matt Caswell authored
After a call to EVP_PKEY_new() we should check for malloc failure. RT#4180 Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
The ssl3_digest_cached_records() function was failing to handle errors that might be returned from EVP_DigestSignInit() and EVP_DigestSignUpdate(). RT#4180 Reviewed-by: Stephen Henson <steve@openssl.org>
-
- May 23, 2016
-
-
Matt Caswell authored
If lh_OBJ_NAME_insert() fails then the allocated |onp| value is leaked. RT#2238 Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 0a618df0)
-
Matt Caswell authored
The functions SRP_Calc_client_key() and SRP_Calc_server_key() were incorrectly returning a valid pointer in the event of error. Issue reported by Yuan Jochen Kang Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 308ff286)
-
- May 20, 2016
-
-
Richard Levitte authored
All other errors should only display the error message. RT#1866 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Richard Levitte authored
This reverts commit 54fc5795 . Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
This reverts commit 7229a91a . Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
This reverts commit 87728c68 . Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
Defintions of macros similar to _XOPEN_SOURCE belong in command line or in worst case prior first #include directive in source. As for macros is was allegedly controlling. One can argue that we are probably better off demanding S_IS* macros but there are systems that just don't comply, hence this compromise solution... Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 2e6d7799)
-
- May 19, 2016
-
-
Viktor Dukhovni authored
Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot continue due to malloc failure. Similarly for issuer lookup failures and caller errors (bad parameters or invalid state). Also, when X509_verify_cert() returns <= 0 make sure that the verification status does not remain X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns an error without setting an appropriate value of ctx->error. Add new and some missing error codes to X509 error -> SSL alert switch. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
In the X509 app check that the obtained public key is valid before we attempt to use it. Issue reported by Yuan Jochen Kang. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Matt Caswell authored
If p2 == NULL then p1 can get freed twice and a crash could occur. Issue reported by Shi Lei (Qihoo 360 Inc) Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- May 18, 2016
-
-
Cynh authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> GH: #1017 (cherry picked from commit c9141a43)
-
Richard Levitte authored
HMAC doesn't have any error codes Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
- Adjust mkerr.pl to produce the line length we used for source reformating. - Have mkerr.pl keep track of preprocessor directive indentation Among others, do not spuriously throw away a #endif at the end of header files. - Make sure mkerr.pl specifies any header inclusion correctly Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Some output difference in crypto/conf/conf_def.h, because the earlier source reformatting needlessly indented the macro values. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Alessandro Ghedini authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1083)
-
Richard Levitte authored
RT#1466 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit a37458c1)
-
Richard Levitte authored
RT#1466 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 0794b6a6)
-
Richard Levitte authored
Also adds 'esc_2254' to the possible command line name options RT#1466 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit bc776510)
-
- May 17, 2016
-
-
Richard Levitte authored
RT#2534 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
RT#2616 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
RT#2558 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
An if checks the value of |type| to see if it is V_ASN1_VISIBLESTRING twice. We only need to do it once. GitHub Issue #656 Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 2647e261)
-
Matt Caswell authored
Some compression related functions in libssl have dummy versions to be used when compiled with no-comp. However those dummy functions were not being exported on Windows so they are unusable when dynamically linked. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- May 16, 2016
-
-
Richard Levitte authored
The given sizes to not include the final NUL character. RT#2622 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 727ee8cf)
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1064)
-
- May 14, 2016
-
-
isnotnick authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- May 12, 2016
-
-
Richard Levitte authored
RT#4522 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- May 11, 2016
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Manual cherry-pick of f2b9c257)
-
Steven Valdez authored
RT#4363 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org> (cherry picked from commit 2ab851b7) Conflicts: crypto/ec/ec_key.c
-
Dr. Stephen Henson authored
RT#4256 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit c1176ebf) Conflicts: apps/CA.pl.in
-