- 23 9月, 2017 6 次提交
-
-
由 Kurt Roeckx 提交于
Found by OSS-Fuzz and the tests Reviewed-by: NAndy Polyakov <appro@openssl.org> GH: #4410
-
由 Dr. Stephen Henson 提交于
Avoid duplicate assertion by removing dhparam from SSL_CONF parameter list: dhparam is handled manually by s_server. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4408)
-
由 Pichulin Dmitrii 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NStephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4405)
-
由 Dr. Stephen Henson 提交于
Instead of storing supported groups in on-the-wire format store them as parsed uint16_t values. This simplifies handling of groups as the values can be directly used instead of being converted. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4406)
-
由 Andy Polyakov 提交于
The warning flag in question was added in GCC version 6, hence addition has to be conditional. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4401)
-
由 David Benjamin 提交于
This guards against the name constraints check consuming large amounts of CPU time when certificates in the presented chain contain an excessive number of names (specifically subject email names or subject alternative DNS names) and/or name constraints. Name constraints checking compares the names presented in a certificate against the name constraints included in a certificate higher up in the chain using two nested for loops. Move the name constraints check so that it happens after signature verification so peers cannot exploit this using a chain with invalid signatures. Also impose a hard limit on the number of name constraints check loop iterations to further mitigate the issue. Thanks to NCC for finding this issue. Fix written by Martin Kreichgauer. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4393)
-
- 22 9月, 2017 3 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4383)
-
由 Patrick Steuer 提交于
Compilation failed due to -Werror=misleading-indentation. Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4395)
-
由 Andy Polyakov 提交于
Detect clang even if it's disguised, e.g. cross-compiler or invoked by explicit path name, and add the option based on that. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4383)
-
- 21 9月, 2017 1 次提交
-
-
由 Benjamin Kaduk 提交于
This option was lost when converting to a table-driven option parser in commit 7e1b7485. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4398)
-
- 20 9月, 2017 6 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)
-
由 Dr. Stephen Henson 提交于
Allo RSA certificate to be used for RSA-PSS signatures: this needs to be explicit because RSA and RSA-PSS certificates are now distinct types. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)
-
由 Dr. Stephen Henson 提交于
Recognise RSA-PSS certificate algorithm and add a new certificate type. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)
-
由 David Benjamin 提交于
c2i_ASN1_BIT_STRING takes length as a long but uses it as an int. Check bounds before doing so. Previously, excessively large inputs to the function could write a single byte outside the target buffer. (This is unreachable as asn1_ex_c2i already uses int for the length.) Thanks to NCC for finding this issue. Fix written by Martin Kreichgauer. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4385)
-
- 18 9月, 2017 2 次提交
-
-
由 Pauli 提交于
Use the defined typechecking stack method to sort the compression methods stack rather than using the generic function and apply type casts. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4382)
-
由 Pauli 提交于
Address coverity report of null pointer being dereferenced. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4381)
-
- 15 9月, 2017 6 次提交
-
-
由 Christian Heimes 提交于
OpenSSL 1.1.0 made SSL_CTX and SSL structs opaque and introduced a new API to set the minimum and maximum protocol version for SSL_CTX with TLS_method(). Add getters to introspect the configured versions: int SSL_CTX_get_min_proto_version(SSL_CTX *ctx); int SSL_CTX_get_max_proto_version(SSL_CTX *ctx); int SSL_get_min_proto_version(SSL *ssl); int SSL_get_max_proto_version(SSL *ssl); NOTE: The getters do not resolv the version in case when the minimum or maxium version are configured as '0' (meaning auto-select lowest and highst version number). Signed-off-by: NChristian Heimes <christian@python.org> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4364)
-
由 Pauli 提交于
Introduced by #4372 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4374)
-
由 Pauli 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4373)
-
由 Pauli 提交于
Also use strndup instead of a malloc/memcpy pair. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4372)
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4371)
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4371)
-
- 14 9月, 2017 9 次提交
-
-
由 Benjamin Kaduk 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4369)
-
由 Paul Yang 提交于
[to be squashed] [skip ci] Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4356)
-
由 Paul Yang 提交于
1. make app pkey methods cleanup internal 2. add EVP_PKEY_meth_remove Fixes travis-ci failure in #4337 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4356)
-
由 Pauli 提交于
size_t variable. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4357)
-
由 Pauli 提交于
This reverts commit cc9c5689 for the file pbe_scrypt.c instead of scrypt.c Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4357)
-
由 Pauli 提交于
This reverts commit 1caaea13. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4357)
-
由 Pauli 提交于
This reverts commit a89c9a0d. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4357)
-
由 Benjamin Kaduk 提交于
The peek result is now called 'err', not just 'e'. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4362)
-
由 Paul Yang 提交于
A new method is added to EVP_PKEY_METH as: int (*check) (EVP_PKEY_CTX *ctx); and to EVP_PKEY_ASN1_METHOD as: int (*pkey_check) (EVP_PKEY_CTX *ctx); This is used to check the validity of a specific key. The order of calls is: EVP_PKEY_check -> pmeth.check -> ameth.pkey_check. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4337)
-
- 12 9月, 2017 7 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4359)
-
由 Richard Levitte 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4336)
-
由 Richard Levitte 提交于
Simply put, any NAME type OSS_STORE_INTO is a new object that can be looked into, and potentially lead to a whole tree of data to dive into. The recursive option allows someone to view the whole tree and its data in one go. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4336)
-
由 Richard Levitte 提交于
crypto/rand/rand_egd.c makes extensive use of stdio functions. When they are disabled, it makes sense to disable egd as well. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4358)
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-