- 18 9月, 2015 6 次提交
-
-
由 Matt Caswell 提交于
In master we have the function OPENSSL_clear_free(x,y), which immediately returns if x == NULL. In <=1.0.2 this function does not exist so we have to do: OPENSSL_cleanse(x, y); OPENSSL_free(x); However, previously, OPENSSL_cleanse did not check that if x == NULL, so the real equivalent check would have to be: if (x != NULL) OPENSSL_cleanse(x, y); OPENSSL_free(x); It would be easy to get this wrong during cherry-picking to other branches and therefore, for safety, it is best to just ensure OPENSSL_cleanse also checks for NULL. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Emilia Kasper 提交于
Previously, the conversion would silently coerce to ASCII. Now, we error out. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Emilia Kasper 提交于
Rewrite EVP_DecodeUpdate. In particular: reject extra trailing padding, and padding in the middle of the content. Don't limit line length. Add tests. Previously, the behaviour was ill-defined, and depended on the position of the padding within the input. In addition, this appears to fix a possible two-byte oob read. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NDr Stephen Henson <steve@openssl.org>
-
由 Emilia Kasper 提交于
The bookmark API results in a lot of boilerplate error checking that can be much more easily achieved with a simple struct copy. It also lays the path for removing the third PACKET field. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Real fix for RT 4033 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 17 9月, 2015 9 次提交
-
-
由 Filipe DA SILVA 提交于
Make sure it's valid very early. Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Emilia Kasper 提交于
Simplify encrypted premaster secret reading by using new methods in the PACKET API. Don't overwrite the packet buffer. RSA decrypt accepts truncated ciphertext with leading zeroes omitted, so it's even possible that by crafting a valid ciphertext with several leading zeroes, this could cause a few bytes out-of-bounds write. The write is harmless because of the size of the underlying message buffer, but nevertheless we shouldn't write into the packet. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
New ASN.1 macro ASN1_EMBED. This is the same as ASN1_SIMPLE except the structure is not allocated: it is part of the parent. That is instead of FOO *x; it must be: FOO x; This reduces memory fragmentation and make it impossible to accidentally set a mandatory field to NULL. This currently only works for SEQUENCE and since it is equivalent to ASN1_SIMPLE it cannot be tagged, OPTIONAL, SET OF or SEQUENCE OF. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Alessandro Ghedini 提交于
When OPENSSL_EXPORT_VAR_AS_FUNCTION is defined, the static_ASN1_ITEM_start macro doesn't exist so the build fails. This problem was introduced in commit df2ee0e2. Reviewed-by: NStephen Henson <steve@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> MR #1128
-
- 16 9月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 15 9月, 2015 5 次提交
-
-
由 Richard Levitte 提交于
These notes include the use of HARNESS_VERBOSE (see the manual for Test::Harness) and the method to enumerate specific tests to run. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Kurt Roeckx 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org> MR #1005
-
由 Dr. Stephen Henson 提交于
For server use a PSK identity hint value in the CERT structure which is inherited when SSL_new is called and which allows applications to set hints on a per-SSL basis. The previous version of SSL_use_psk_identity_hint tried (wrongly) to use the SSL_SESSION structure. PR#4039 Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 12 9月, 2015 4 次提交
-
-
由 Dr. Stephen Henson 提交于
PR#3920. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
If the field separator isn't specified through -nameopt then use XN_FLAG_SEP_CPLUS_SPC instead of printing nothing and returing an error. PR#2397 Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 11 9月, 2015 3 次提交
-
-
由 Ben Laurie 提交于
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require any code changes). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Make the script and app match the documentation. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Functions to retrieve the function pointer of an existing method: this can be used to create a method which intercepts or modifies the behaviour of an existing method while retaining most of the existing behaviour. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 10 9月, 2015 6 次提交
-
-
由 Emilia Kasper 提交于
Fix both the caller to error out on malloc failure, as well as the eventual callee to handle a NULL gracefully. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Emilia Kasper 提交于
Reviewed-by: NDr Stephen Henson <steve@openssl.org>
-
由 David Woodhouse 提交于
This code does open-coded division on 64-bit quantities and thus when building with GCC on 32-bit platforms will require functions such as __umoddi3 and __udivdi3 from libgcc. In constrained environments such as firmware, those functions may not be available. So make it possible to compile out SCT support, which in fact (in the case of UEFI) we don't need anyway. Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
If a test recipe does something like this: indir "foo.$$" => sub { chmod 0500, File::Spec->curdir(); ok(run(app(["something"]))); } we get a problem, because we were storing the temporary stderr file in the current directory at all times (so while inside the 'indir', we would attemp to store it in "foo.$$"). So, change our ways to always store that temporary file in the exact same location, defined by the environment variable RESULT_D, or failing that TEST_D, or failing that $TOP/test. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 09 9月, 2015 4 次提交
-
-
由 Emilia Kasper 提交于
Use each once in s3_srvr.c to show how they work. Also fix a bug introduced in c3fc7eea and made apparent by this change: ssl3_get_next_proto wasn't updating next_proto_negotiated_len Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 David Woodhouse 提交于
Cast and then negate, don't negate an unsigned. Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 David Woodhouse 提交于
This provides support for building in the EDK II reference implementation of UEFI. Most UEFI firmware in existence uses OpenSSL for implementing the core cryptographic functionality needed for Secure Boot. This has always previously been handled with external patches to OpenSSL but we are now making a concerted effort to eliminate those. In this mode, we don't actually use the OpenSSL makefiles; we process the MINFO file generated by 'make files' and incorporate it into the EDK2 build system. Since EDK II builds for various targets with varying word size and we need to have a single prepackaged configuration, we deliberately don't hard-code the setting of SIXTY_FOUR_BIT vs. THIRTY_TWO_BIT in opensslconf.h. We bypass that for OPENSSL_SYS_UEFI and allow EDK II itself to set those, depending on the architecture. For x86_64, EDK II sets SIXTY_FOUR_BIT and thus uses 'long long' for the 64-bit type, even when building with GCC where 'long' is also 64-bit. We do this because the Microsoft toolchain has 32-bit 'long'. Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Rich Salz 提交于
Both now warn once if directory isn't writeable. Both now warn on file-write errors (multiple times). Update manpage to describe both program and script correctly. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 08 9月, 2015 2 次提交
-
-
由 Ben Laurie 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-