- 21 4月, 2017 2 次提交
-
-
由 Rich Salz 提交于
X509_STORE_add_cert and X509_STORE_add_crl are changed to return success if the object to be added was already found in the store, rather than returning an error. Raise errors if empty or malformed files are read when loading certificates and CRLs. Remove NULL checks and allow a segv to occur. Add error handing for all calls to X509_STORE_add_c{ert|tl} Refactor these two routines into one. Bring the unit test for duplicate certificates up to date using the test framework. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2830)
-
由 Marek Klein 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/576)
-
- 20 4月, 2017 1 次提交
-
-
由 Richard Levitte 提交于
Because many of our test programs use internal headers, we need to make sure they know how, exactly, to mangle the symbols. So far, we've done so by specifying it in the affected test programs, but as things change, that will develop into a goose chase. Better then to declare once and for all how symbols belonging in our libraries are meant to be treated, internally as well as publically. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3259)
-
- 18 4月, 2017 1 次提交
-
-
由 Andy Polyakov 提交于
Trouble was that integer negation wasn't producing *formally* correct result in platform-neutral sense. Formally correct thing to do is -(int64_t)u, but this triggers undefined behaviour for one value that would still be representable in ASN.1. The trigger was masked with (int64_t)(0-u), but this is formally inappropriate for values other than the problematic one. [Also reorder branches to favour most-likely paths and harmonize asn1_string_set_int64 with asn1_get_int64].] Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3231)
-
- 14 4月, 2017 3 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3192)
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3192)
-
由 Andy Polyakov 提交于
i.e. reduce amount of branches and favour likely ones. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3192)
-
- 13 4月, 2017 4 次提交
-
-
由 Richard Levitte 提交于
Fixes #3191 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3199)
-
由 Richard Levitte 提交于
Fixes #3191 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3199)
-
由 Richard Levitte 提交于
Also, when "allocating" or "deallocating" an embedded item, never call prim_new() or prim_free(). Call prim_clear() instead. Fixes #3191 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3199)
-
由 Todd Short 提交于
RT3877: Add X509 OCSP error codes and messages Add additional OCSP error codes for X509 verify usage RT3867: Support Multiple CA certs in ocsp app Add the ability to read multiple CA certs from a single file in the ocsp app. Update some missing X509 errors in documentation. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/941)
-
- 12 4月, 2017 2 次提交
-
-
由 Frank Morgner 提交于
fixes segmentation fault in case of not enough memory for object creation CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3157)
-
由 Richard Levitte 提交于
Clearing a misunderstanding. The routines c2i_uint64_int() and i2c_uint64_int() expect to receive that internal values are absolute and with a separate sign flag, and the x_int64.c code handles values that aren't absolute and have the sign bit embedded. We therefore need to convert between absolute and non-absolute values for the encoding of negative values to be correct. [extended tests] Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3160)
-
- 11 4月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3159)
-
- 10 4月, 2017 6 次提交
-
-
由 Richard Levitte 提交于
Replace all remaining uses of LONG and ZLONG with INT32 / ZINT32. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
-
由 Richard Levitte 提交于
Don't compile code that still uses LONG when it's deprecated Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3152)
-
- 08 4月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Document thread-safety issues Have RSA_null return NULL (always fails) Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2244)
-
- 07 4月, 2017 3 次提交
-
-
由 Richard Levitte 提交于
When configured no-engine, we still refered to rand_engine_lock. Rework the lock init code to avoid that. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3145)
-
由 Richard Levitte 提交于
This is especially harmful since OPENSSL_cleanup() has already called the RAND cleanup function Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3137)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3137)
-
- 06 4月, 2017 2 次提交
-
-
由 Todd Short 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3115)
-
由 Richard Levitte 提交于
If no default method was yet given, RAND_get_rand_method() will set it up. Doing so just to clean it away seems pretty silly, so instead, use the default_RAND_meth variable directly. This also clears a possible race condition where this will try to init things, such as ERR or ENGINE when in the middle of a OPENSSL_cleanup. Fixes #3128 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3136)
-
- 04 4月, 2017 5 次提交
-
-
由 Gergely Nagy 提交于
This commit contains some optimizations in PKCS5_PBKDF2_HMAC() and HMAC_CTX_copy() functions which together makes PBKDF2 computations faster by 15-40% according to my measurements made on x64 Linux with both asm optimized and no-asm versions of SHA1, SHA256 and SHA512. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1708)
-
由 Richard Levitte 提交于
Bug uncovered by test [extended tests] Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3088)
-
由 Matt Caswell 提交于
Credit to OSS-Fuzz for finding this. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3088)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3088)
-
由 Richard Levitte 提交于
Also Z varieties. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3088)
-
- 03 4月, 2017 1 次提交
-
-
由 Andy Polyakov 提交于
It seems to be problematic to probe processor capabilities with SIGILL on MacOS X. The problem should be limited to cases when application code is debugged, but crashes were reported even during normal execution... Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 01 4月, 2017 1 次提交
-
-
由 Andy Polyakov 提交于
Originally there was dependency on BN configuration parameters, but it stemmed from times when "long long" support was optional. Today we require 64-bit support from compiler, and there is no reason to have "greatest-width integer" depend on BN configuration. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 31 3月, 2017 2 次提交
-
-
由 Jon Spillett 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3087)
-
由 Andy Polyakov 提交于
'j' is specified as modifier for "greatest-width integer type", which in practice means 64 bits on both 32- and 64-bit platforms. Since we rely on __attribute__((__format__(__printf__,...))) to sanitize BIO_print format, we can use it to denote [u]int64_t-s in platform-neutral manner. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3083)
-
- 30 3月, 2017 1 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 29 3月, 2017 4 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3064)
-
由 Qin Long 提交于
Add OPENSSL_SYS_UEFI to remove unused syslog and uid stuffs for more clean UEFI build. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2961)
-
由 FdaSilvaYY 提交于
Fix some comments too [skip ci] Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3069)
-
由 FdaSilvaYY 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3066)
-