- 26 2月, 2016 16 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
mkdef.pl was issuing the following error: Use of uninitialized value within %tag in numeric eq (==) at util/mkdef.pl line 560, <IN> line 92 This was because it was treating a __cplusplus "#ifdef" check as a "tag" but then skipping over the corresponding "#endif". Therefore after processing a file it still had "left over" tags from processing the previous file. It was also getting confused by "#if" checks that didn't match is pre-defined styles. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
build.info needed a slight update, one more include directory. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Alessandro Ghedini 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
They now default to " " as separator, but that can be overridden by having a hash with parameters as last argument. The only currently recognised parameter is `separator'. The special separator `undef' will force the result to become a list rather than a concatenated string. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Simplifies calling code. Also fixed up any !ptr tests that were nearby, turning them into NULL tests. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rob Percival 提交于
Reviewed-by: NBen Laurie <ben@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Adam Eijdenberg 提交于
Reviewed-by: NBen Laurie <ben@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Fixes github issue 463. Building the app without OPENSSL_NO_SOCK isn't supported, so only do OPENSSL_NO_OCSP. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 25 2月, 2016 9 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Rich Salz 提交于
See also the discussion in https://github.com/openssl/openssl/pull/455Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Emilia Kasper 提交于
The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory management semantics; the returned pointer was sometimes newly allocated, and sometimes owned by the callee. The calling code has no way of distinguishing these two cases. Specifically, SRP servers that configure a secret seed to hide valid login information are vulnerable to a memory leak: an attacker connecting with an invalid username can cause a memory leak of around 300 bytes per connection. Servers that do not configure SRP, or configure SRP but do not configure a seed are not vulnerable. In Apache, the seed directive is known as SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note that OpenSSL makes no strong guarantees about the indistinguishability of valid and invalid logins. In particular, computations are currently not carried out in constant time. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Richard Levitte 提交于
If the local system doesn't have GNU C or clang, and not even makedepend, the build will stop because the call of 'makedepend' fails. This changes so the build won't stop because of such failure. The result will be empty .d files, and that's ok. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 J Mohan Rao Arisankala 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Flavio Medeiros 提交于
This is also RT 4137 Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 24 2月, 2016 10 次提交
-
-
由 Dr. Stephen Henson 提交于
The ssl_set_masks() function no longer depends on the cipher. This also means there is no need to set the masks for each cipher in ssl3_choose_cipher. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Roumen Petrov 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
RT#4284 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
RT#4284 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Different assembler versions disagree on how to interpret #-1 as argument to vmov.i64, as 0xffffffffffffffff or 0x00000000ffffffff. So replace it with something they can't disagree on. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 David Woodhouse 提交于
The entire contents of <internal/bn_conf.h> are unwanted in the UEFI build because we have to do it differently there. To support building for both 32-bit and 64-bit platforms without re-running the OpenSSL Configure script, the EDK2 environment defines THIRTY_TWO_BIT or SIXTY_FOUR_BIT for itself according to the target platform. The current setup is broken, though. It checks for OPENSSL_SYS_UEFI but before it's actually defined, since opensslconf.h hasn't yet been included. Let's fix that by including opensslconf.h. And also let's move the bn_conf.h doesn't even need to *exist* in the UEFI build environment. This is also GH PR736. Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 J Mohan Rao Arisankala 提交于
Removing code, where memory was getting allocated for an unused variable Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 23 2月, 2016 5 次提交
-
-
由 Rich Salz 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
These flags are limitting needlessly, are often patched by packagers, and should be specified on the configuration command line by anyone who desires for it to be specific rather than forced by us. This work was already done with mingw when those configs were worked on, now it gets applied to the remaining configs. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Richard Levitte 提交于
In the earlier change, where static libraries get built with position independent code, OPENSSL_PIC was removed by mistake. This adds it back. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-