- 29 4月, 2016 21 次提交
-
-
由 Richard Levitte 提交于
With DEC C on VMS, you can use __DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H to include some DEC C specific features or pragmas without having to touch the other header files. It seems, however, that the current version of the compiler requires the file names to be upcased, or it doesn't handle them quite right. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Kirill Marinushkin 提交于
Currently we can get all block ciphers with EVP_get_cipherbyname("<alg_name>-<block-mode-name>") for example, by names "aes-128-ecb" or "des-ede-cbc". I found a problem with des-ede-ecb and des-ede3-ecb ciphers as they can be accessed only with names: EVP_get_cipherbyname("des-ede") EVP_get_cipherbyname("des-ede3") It breaks the general concept. In this patch I add aliases which allow to use names: EVP_get_cipherbyname("des-ede-ecb") EVP_get_cipherbyname("des-ede3-ecb") in addition to the currently used names. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Kirill Marinushkin 提交于
Script obj_dat.pl depends on file obj_mac.h generated by script objects.pl Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
RT#4508 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Commit e1d9f1ab left some dead code behind. This removes it. Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The tls_client_key_exchange_post_work() frees the pms on error. It also calls ssl_generate_master_secret() which also free the pms. If an error occurs after ssl_generate_master_secret() has been called then a double free can occur. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Matt Caswell 提交于
Commit 91fb42dd fixed a leak but introduced a problem where a parameter is erroneously freed instead. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Commit 8e588e28 fixed a leak but introduced a new one. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Some digest algorithms can't be disabled, don't pretend they can. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1007)
-
由 FdaSilvaYY 提交于
with some adaptation to new multi-threading API. Once reference, lock, meth and flag fields are setup, DSA_free/DH_free can be called directly. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/996)
-
由 FdaSilvaYY 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/996)
-
由 FdaSilvaYY 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/952)
-
由 FdaSilvaYY 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/952)
-
由 Christian Heimes 提交于
OpenSSL 1.1.0-pre5 has made some additional structs opaque. Python's ssl module requires access to some of the struct members. Three new getters are added: int X509_OBJECT_get_type(X509_OBJECT *a); STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); Signed-off-by: NChristian Heimes <cheimes@redhat.com> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
Recycling an unused slot. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
The code that implements this control would work when enabling nbio, but the disabling code needed fixing. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 28 4月, 2016 19 次提交
-
-
由 Matt Caswell 提交于
The function dane_ctx_enable() allocated some memory that it did not free in an error path. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The r2i_certpol() function allocates an ASN1_OBJECT but can fail to free it in an error path. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The rsa_cms_encrypt() function allocates an ASN1_OCTET_STRING but can then fail to free it in an error condition. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The PKCS7_dataFinal() function allocates a memory buffer but then fails to free it on an error condition. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The PKCS12_key_gen_uni() had one error path which did not free memory correctly. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The i2b_PVK function leaked a number of different memory allocations on error paths (and even some non-error paths). Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The b2i_rsa() function uses a number of temporary local variables which get leaked on an error path. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
On error we could leak a ACCESS_DESCRIPTION and an ASN1_IA5STRING. Both should be freed in the error path. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Calls to BN_CTX_get() can fail so we should check that they were successful. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The cms_SignerInfo_content_sign() function allocated an EVP_MD_CTX but then failed to free it on an error path. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The cms_RecipientInfo_pwri_crypt() allocated an EVP_CIPHER_CTX but then failed to free it in some error paths. By allocating it a bit later that can be avoided. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
In BN_generate_prime_ex() we do some sanity checks first and return with an error if they fail. We should do that *before* allocating any resources to avoid a memory leak. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
In the BN_mpi2bn() function, a failure of a call to BN_bin2bn() could result in the leak of a previously allocated BIGNUM value. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
During construction of a mem BIO we allocate some resources. If this allocation fails we can end up leaking everything we have allocated so far. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
When setting an accepted socket for non-blocking, if the operation fails make sure we close the accepted socket. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
BIO_sock_error() returned 1 when getsockopt() fails when it should return the error code for that failure. Additionally, the optlen parameter to getsockopt() has to point at the size of the area that the optval parameter points at rather than zero. Some systems may forgive it being zero, but others don't. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
The traditional private key encryption algorithm doesn't function properly if the IV length of the cipher is zero. These ciphers (e.g. ECB mode) are not suitable for private key encryption anyway. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Viktor Dukhovni 提交于
We must test for new object == current object, not !=. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
Coverity reports a potential NULL deref when "2 0 0" DANE trust-anchors from DNS are configured via SSL_dane_tlsa_add() and X509_STORE_CTX_init() is called with a NULL stack of untrusted certificates. Since ssl_verify_cert_chain() always provideds a non-NULL stack of untrusted certs, and no other code path enables DANE, the problem can only happen in applications that use SSL_CTX_set_cert_verify_callback() to implement their own wrappers around X509_verify_cert() passing only the leaf certificate to the latter. Regardless of the "improbability" of the problem, we do need to ensure that build_chain() handles this case correctly. Reviewed-by: NMatt Caswell <matt@openssl.org>
-