- 24 8月, 2016 13 次提交
-
-
由 Andy Polyakov 提交于
Addition was not preserving inputs' property of being fully reduced. Thanks to Brian Smith for reporting this. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Addition was not preserving inputs' property of being fully reduced. Thanks to Brian Smith for reporting this. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Thanks to David Benjamin for reporting this. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The declaration of bio_type_lock is independent of no-sock so should not be inside OPENSSL_NO_SOCK guards. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
If a ticket callback changes the HMAC digest to SHA512 the existing sanity checks are not sufficient and an attacker could perform a DoS attack with a malformed ticket. Add additional checks based on HMAC size. Thanks to Shi Lei for reporting this bug. CVE-2016-6302 Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Andy Polyakov 提交于
Test doesn't work on Windows with non-Greek locale, because of Win32 perl[!] limitation, not OpenSSL. For example it passes on Cygwin and MSYS... Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 David Benjamin 提交于
The bound on log(2)/3 on the second line is incorrect and has an extra zero compared to the divisions in the third line. log(2)/3 = 0.10034... which is bounded by 0.101 and not 0.1001. The divisions actually correspond to 0.101 which is fine. The third line also dropped a factor of three. The actual code appears to be fine. Just the comments are wrong. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rob Percival 提交于
This makes it consistent with all of the other SCT setters. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rob Percival 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rob Percival 提交于
They may return if an SCT_signature struct is added in the future that allows them to be refactored to conform to the i2d/d2i function signature conventions. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rob Percival 提交于
Previously, if ct_v1_log_id_from_pkey failed, public_key would be freed by CTLOG_free at the end of the function, and then again by the caller (who would assume ownership was not transferred when CTLOG_new returned NULL). Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rob Percival 提交于
SCT_verify is impossible to call through the public API (SCT_CTX_new() is not part of the public API), so rename it to SCT_CTX_verify and move it out of the public API. SCT_verify_v1 is redundant, since SCT_validate does the same verification (by calling SCT_verify) and more. The API is less confusing with a single verification function (SCT_validate). Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Kurt Roeckx 提交于
This is a new minimal corpus with the following changes: - asn1: files: 1135 (+474), tuples: 27236 (+7496) - asn1parse: files: 305 (-3), tuples: 8758 (+11) - bignum: files: 370 (-1), tuples: 9547 (+10) - bndiv: files: 160 (+0), tuples: 2416 (+6) - cms: files: 155 (-1), tuples: 3408 (+0) - conf: files: 231 (-11), tuples: 4668 (+3) - crl: files: 905 (+188), tuples: 22876 (+4096) - ct: files: 117 (+35), tuples: 3557 (+908) - x509: files: 920, tuples: 28334 Note that tuple count depends on the binary and is random. Reviewed-by: NEmilia Käsper <emilia@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 23 8月, 2016 19 次提交
-
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 FdaSilvaYY 提交于
ASN1_buf_print, asn1_print_*, X509_NAME_oneline, X509_NAME_print Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 FdaSilvaYY 提交于
remove useless cast to call ASN1_STRING_set Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 FdaSilvaYY 提交于
... add a static keyword. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
There was a block of code at the start that used the Camellia cipher. The original idea behind this was to fill the buffer with non-zero data so that oversteps can be detected. However this block failed when using no-camellia. This has been replaced with a RAND_bytes() call. I also updated the the CTR test section, since it seems to be using a CBC cipher instead of a CTR cipher. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
The assignment to ret is dead, because ret is assigned again later. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
If it's negative don't try and malloc it. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Otherwise we try to malloc a -1 size. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Ensure BN_CTX_get() has been successful Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
The mem pointed to by cAB can be leaked on an error path. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
The mem pointed to by cAB can be leaked on an error path. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
The mem pointed to by tmp can be leaked on an error path. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Sometimes it is called with a NULL pointer Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Don't leak pke_ctx on error. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1472
-
由 FdaSilvaYY 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1471
-
- 22 8月, 2016 8 次提交
-
-
由 Matt Caswell 提交于
The PKCS12 command line utility is not available if no-des is used. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Also, re-organize RSA check to use goto err. Add a test case. Try all checks, not just stopping at first (via Richard Levitte) Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Kazuki Yamaguchi 提交于
The variable 'buffer', allocated by EC_POINT_point2buf(), isn't free'd on the success path. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Kazuki Yamaguchi 提交于
Declare EC{PK,}PARAMETERS_{new,free} functions in public headers. The free functions are necessary because EC_GROUP_get_ec{pk,}parameters() was made public by commit 60b350a3 ("RT3676: Expose ECgroup i2d functions"). Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 FdaSilvaYY 提交于
Code was relying on an implicit data-sharing through duplication of loopargs_t pointer-members made by ASYNC_start_job(). Now share structure address instead of structure content. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Richard Levitte 提交于
The following would fail, or rather, freeze: openssl genrsa -out rsa2048.pem 2048 openssl req -x509 -key rsa2048.pem -keyform PEM -out cert.pem In that case, the second command wants to read a certificate request from stdin, because -x509 wasn't fully flagged as being for creating something new. This changes makes it fully flagged. RT#4655 Reviewed-by: NAndy Polyakov <appro@openssl.org>
-