- 10 11月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Continuing from previous commit ensure our style is consistent for malloc return checks. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 05 11月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Rebuild error source files: the new mkerr.pl functionality will now pick up and translate static function names properly. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 31 10月, 2015 1 次提交
-
-
由 Rich Salz 提交于
All instances of SSLeay (any combination of case) were replaced with the case-equivalent OpenSSL. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 08 10月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
The function int_rsa_verify is an internal function used for verifying an RSA signature. It takes an argument |dtype| which indicates the digest type that was used. Dependant on that digest type the processing of the signature data will vary. In particular if |dtype == NID_mdc2| and the signature data is a bare OCTETSTRING then it is treated differently to the default case where the signature data is treated as a DigestInfo (X509_SIG). Due to a missing "else" keyword the logic actually correctly processes the OCTETSTRING format signature first, and then attempts to continue and process it as DigestInfo. This will invariably fail because we already know that it is a bare OCTETSTRING. This failure doesn't actualy make a real difference because it ends up at the |err| label regardless and still returns a "success" result. This patch just cleans things up to make it look a bit more sane. RT#4076 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Pascal Cuoq 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> MR #1231
-
- 04 9月, 2015 2 次提交
-
-
由 Rich Salz 提交于
After openssl_zalloc, cleanup more "set to 0/NULL" assignments. Many are from github feedback. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 David Bar 提交于
Also has changes from from David Woodhouse <David.Woodhouse@intel.com> and some tweaks from me. Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 03 9月, 2015 1 次提交
-
-
由 Rich Salz 提交于
There are many places (nearly 50) where we malloc and then memset. Add an OPENSSL_zalloc routine to encapsulate that. (Missed one conversion; thanks Richard) Also fixes GH328 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 26 8月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Undocumented, unused, unnecessary (replaced by secure arena). Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 11 8月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Especially since after the #ifdef cleanups this is not useful. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 24 6月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Add secure heap for storage of private keys (when possible). Add BIO_s_secmem(), CBIGNUM, etc. Add BIO_CTX_secure_new so all BIGNUM's in the context are secure. Contributed by Akamai Technologies under the Corporate CLA. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 09 6月, 2015 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> MR #588
-
- 23 5月, 2015 1 次提交
-
-
由 Richard Levitte 提交于
We had updates of certain header files in both Makefile.org and the Makefile in the directory the header file lived in. This is error prone and also sometimes generates slightly different results (usually just a comment that differs) depending on which way the update was done. This removes the file update targets from the top level Makefile, adds an update: target in all Makefiles and has it depend on the depend: or local_depend: targets, whichever is appropriate, so we don't get a double run through the whole file tree. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 14 5月, 2015 4 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
There are header files in crypto/ that are used by the rest of OpenSSL. Move those to include/internal and adapt the affected source code, Makefiles and scripts. The header files that got moved are: crypto/constant_time_locl.h crypto/o_dir.h crypto/o_str.h Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 11 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 07 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
For the various string-compare routines (strcmp, strcasecmp, str.*cmp) use "strcmp()==0" instead of "!strcmp()" Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 06 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr) for memset and memcpy. Remove needless casts for those functions. For memset, replace alternative forms of zero with 0. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 05 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
For a local variable: TYPE *p; Allocations like this are "risky": p = OPENSSL_malloc(sizeof(TYPE)); if the type of p changes, and the malloc call isn't updated, you could get memory corruption. Instead do this: p = OPENSSL_malloc(sizeof(*p)); Also fixed a few memset() calls that I noticed while doing this. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 02 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
After the finale, the "real" final part. :) Do a recursive grep with "-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are an "if NULL" check that can be removed. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 01 5月, 2015 5 次提交
-
-
由 Rich Salz 提交于
Don't check for NULL before calling OPENSSL_free Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
This gets BN_.*free: BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd dead code in engines/e_ubsec. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The problem occurs in EVP_PKEY_sign() when using RSA with X931 padding. It is only triggered if the RSA key size is smaller than the digest length. So with SHA512 you can trigger the overflow with anything less than an RSA 512 bit key. I managed to trigger a 62 byte overflow when using a 16 bit RSA key. This wasn't sufficient to cause a crash, although your mileage may vary. In practice RSA keys of this length are never used and X931 padding is very rare. Even if someone did use an excessively short RSA key, the chances of them combining that with a longer digest and X931 padding is very small. For these reasons I do not believe there is a security implication to this. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Rich Salz 提交于
Add OPENSSL_clear_free which merges cleanse and free. (Names was picked to be similar to BN_clear_free, etc.) Removed OPENSSL_freeFunc macro. Fixed the small simple ones that are left: CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Don't check for NULL before calling a free routine. This gets X509_.*free: x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free X509_STORE_free X509_STORE_CTX_free X509_PKEY_free X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 29 4月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Following ANSI C rules, remove the casts from calls to OPENSSL_malloc and OPENSSL_realloc. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 01 4月, 2015 2 次提交
-
-
由 Richard Levitte 提交于
With no more symlinks, there's no need for those variables, or the links target. This also goes for all install: and uninstall: targets that do nothing but copy $(EXHEADER) files, since that's now taken care of by the top Makefile. Also, removed METHTEST from test/Makefile. It looks like an old test that's forgotten... Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Rather than making include/openssl/foo.h a symlink to crypto/foo/foo.h, this change moves the file to include/openssl/foo.h once and for all. Likewise, move crypto/foo/footest.c to test/footest.c, instead of symlinking it there. Originally-by: NGeoff Thorpe <geoff@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 31 3月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Update code to use ASN1_TYPE_pack_sequence and ASN1_TYPE_unpack_sequence instead of performing the same operation manually. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 25 3月, 2015 2 次提交
-
-
由 Rich Salz 提交于
Start ensuring all OpenSSL "free" routines allow NULL, and remove any if check before calling them. This gets DH_free, DSA_free, RSA_free Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 24 3月, 2015 4 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Move EVP internals to evp_int.h, remove -Ievp hack from crypto/Makefile Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Move ASN.1 internals used across multiple directories into new internal header file asn1_int.h remove crypto/Makefile hack which allowed other directories to include "asn1_locl.h" Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Start ensuring all OpenSSL "free" routines allow NULL, and remove any if check before calling them. This gets ASN1_OBJECT_free and ASN1_STRING_free. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 23 3月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Remove old M_ASN1_ macros and replace any occurences with the corresponding function. Remove d2i_ASN1_bytes, d2i_ASN1_SET, i2d_ASN1_SET: no longer used internally. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 19 3月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix a bug where invalid PSS parameters are not rejected resulting in a NULL pointer exception. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. Thanks to Brian Carpenter for reporting this issues. CVE-2015-0208 Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 12 3月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
In the RSA_X931_derive_ex a call to BN_CTX_new is made. This can return NULL on error. However the return value is not tested until *after* it is derefed! Also at the top of the function a test is made to ensure that |rsa| is not NULL. If it is we go to the "err" label. Unfortunately the error handling code deref's rsa. Reviewed-by: NRich Salz <rsalz@openssl.org>
-