- 06 5月, 2016 5 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dr. Stephen Henson 提交于
Try to set the ASN.1 parameters for CMS encryption even if the IV length is zero as the underlying cipher should still set the type. This will correctly result in errors if an attempt is made to use an unsupported cipher type. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Sergio Garcia Murillo 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
If the application has limited the size of the async pool using ASYNC_init_thread() then we could run out of jobs while trying to start a libssl io operation. However libssl was failing to handle this and treating it like a fatal error. It should not be fatal...we just need to retry when there are jobs available again. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Emilia Kasper 提交于
This demystifies two for-loops that do nothing. They were used to write the ladder in a unified way. Now that the ladder is otherwise commented, remove the dead loops. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 05 5月, 2016 8 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
Based on an orignal commit by GitHub user BertramScharpf. Rebased and updated to take account of all the updates since this was first raised. GH PR#62 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 J Mohan Rao Arisankala 提交于
list -disabled was checking OPENSSL_NO_SSL/OPENSSL_NO_TLS, which are not used to disable SSL/TLS respectively. Building with these macros wrongly show as SSL/TLS disabled, hence removing this code. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 FdaSilvaYY 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org> GH: #1021
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
The name length limit check in x509_name_ex_d2i() includes the containing structure as well as the actual X509_NAME. This will cause large CRLs to be rejected. Fix by limiting the length passed to ASN1_item_ex_d2i() which will then return an error if the passed X509_NAME exceeds the length. RT#4531 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 04 5月, 2016 15 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1025)
-
由 Marek Klein 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1020)
-
由 Matt Caswell 提交于
The old BIO_accept() function can encounter errors during malloc. We need to ensure we properly clean up if that occurs. GH Issue #817 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
PR#4514 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
RT#4527 Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The TLSProxy based tests don't work when TLS is disabled so we shouldn't run them. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The init_client() function in the apps sets up the client connection. It may try multiple addresses until it finds one that works. We should clear the error queue if we eventually get a successful connection because otherwise we get stale errors hanging around. This can cause problems in subsequent calls to SSL_get_error(), i.e. non-fatal NBIO events appear as fatal. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Some non-Gnu compilers interpret -E -P combination differently. some prioritize -E over -P, others -P over -E (in which case .i file is generated and sometimes truncated because of redirection). Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 03 5月, 2016 12 次提交
-
-
由 Viktor Dukhovni 提交于
The right variant is ~18 lines below. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Christian Bundy 提交于
This replaces the old SKIP primes with the most current Diffie-Hellman MODP groups defined by RFC 7296 and RFC 3526. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from GitHub https://github.com/openssl/openssl/pull/775)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Kurt Roeckx 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org> CVE-2016-2107 MR: #2572
-
由 Dr. Stephen Henson 提交于
Add tests for ASN.1 INTEGER: invalid tag, valid 0, 1, -1 and 0, -1 with illegal padding. Also add ASN1_ANY tests for 0, 1 and -1. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Dr. Stephen Henson 提交于
Only treat an ASN1_ANY type as an integer if it has the V_ASN1_INTEGER tag: V_ASN1_NEG_INTEGER is an internal only value which is never used for on the wire encoding. Thanks to David Benjamin <davidben@google.com> for reporting this bug. This was found using libFuzzer. RT#4364 (part)CVE-2016-2108. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
With the EVP_EncodeUpdate function it is the caller's responsibility to determine how big the output buffer should be. The function writes the amount actually used to |*outl|. However this could go negative with a sufficiently large value for |inl|. We add a check for this error condition. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
An overflow can occur in the EVP_EncodeUpdate function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. Due to the very large amounts of data involved this will most likely result in a crash. Internally to OpenSSL the EVP_EncodeUpdate function is primarly used by the PEM_write_bio* family of functions. These are mainly used within the OpenSSL command line applications, so any application which processes data from an untrusted source and outputs it as a PEM file should be considered vulnerable to this issue. User applications that call these APIs directly with large amounts of untrusted data may also be vulnerable. Issue reported by Guido Vranken. CVE-2016-2105 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dmitry-Me 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-