- 03 9月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 02 9月, 2015 4 次提交
-
-
由 Viktor Dukhovni 提交于
Avoid using cnid = 0, use NID_undef instead, and return early instead of trying to find an instance of that in the subject DN. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
Initialize pointers in param id by the book (explicit NULL assignment, rather than just memset 0). In x509_verify_param_zero() set peername to NULL after freeing it. In x509_vfy.c's internal check_hosts(), avoid potential leak of possibly already non-NULL peername. This is only set when a check succeeds, so don't need to do this repeatedly in the loop. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Emilia Kasper 提交于
The NULL cipher case can't actually happen because we have no EVP_PBE_CTL combinations where cipher_nid is -1 and keygen is PKCS12_PBE_keyivgen. But make the code more obviously correct. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 01 9月, 2015 8 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 mrpre 提交于
Slightly modified from the original PR. Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Ben Kaduk 提交于
Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Emilia Kasper 提交于
Don't dereference |d| when |top| is zero. Also test that various BIGNUM methods behave correctly on zero/even inputs. Follow-up to b11980d79a52ec08844f08bea0e66c04b691840b Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 28 8月, 2015 3 次提交
-
-
由 Alessandro Ghedini 提交于
Fix more potential leaks in X509_verify_cert() Fix memory leak in ClientHello test Fix memory leak in gost2814789 test Fix potential memory leak in PKCS7_verify() Fix potential memory leaks in X509_add1_reject_object() Refactor to use "goto err" in cleanup. Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Ismo Puustinen 提交于
If the seed value for dsa key generation is too short (< qsize), return an error. Also update the documentation. Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Rich Salz 提交于
Fix from David Baggett via tweet. Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 27 8月, 2015 1 次提交
-
-
由 David Brodski 提交于
Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 26 8月, 2015 2 次提交
-
-
由 Rich Salz 提交于
Undocumented, unused, unnecessary (replaced by secure arena). Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
If a binary sequence is all zero's, call BN_zero. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 24 8月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NBen Laurie <ben@openssl.org>
-
- 17 8月, 2015 1 次提交
-
-
由 Dmitry Belyavsky 提交于
Add new OIDs for latest GOST updates Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 14 8月, 2015 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Ismo Puustinen 提交于
Part of RT 3997 Per Ben, just jump to common exit code. Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 12 8月, 2015 5 次提交
-
-
由 Dr. Stephen Henson 提交于
PR#3974 PR#3975 Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
This was obsolete in 2001. This is not the same as Gost94 digest. Thanks to Dmitry Belyavsky <beldmit@gmail.com> for review and advice. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
The function BN_MONT_CTX_set was assuming that the modulus was non-zero and therefore that |mod->top| > 0. In an error situation that may not be the case and could cause a seg fault. This is a follow on from CVE-2015-1794. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 11 8月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Especially since after the #ifdef cleanups this is not useful. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 06 8月, 2015 1 次提交
-
-
由 Anton Blanchard 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 04 8月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
EC_KEY_set_public_key_affine_coordinates was using some variables that only apply if OPENSSL_NO_EC2M is not defined. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 01 8月, 2015 2 次提交
-
-
由 Ben Laurie 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Loganaden Velvindron 提交于
From a CloudFlare patch. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 30 7月, 2015 1 次提交
-
-
由 Martin Vejnar 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 23 7月, 2015 2 次提交
-
-
由 Emilia Kasper 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Create bn_free_d utility routine and use it. Fix RT3950 Also a missing cleanse, from Loganaden Velvindron (loganaden@gmail.com), who noticed it in a Cloudflare patch. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 20 7月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Removed ability to set ex_data impl at runtime. This removed these three functions: const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void); int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i); int CRYPTO_ex_data_new_class(void); It is no longer possible to change the ex_data implementation at runtime. (Luckily those functions were never documented :) Also removed the ability to add new exdata "classes." We don't believe this received much (if any) use, since you can't add it to OpenSSL objects, and there are probably better (native) methods for developers to add their own extensible data, if they really need that. Replaced the internal hash table (of per-"class" stacks) with a simple indexed array. Reserved an index for "app" application. Each API used to take the lock twice; now it only locks once. Use local stack storage for function pointers, rather than malloc, if possible (i.e., number of ex_data items is under a dozen). Make CRYPTO_EX_DATA_FUNCS opaque/internal. Also fixes RT3710; index zero is reserved. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 16 7月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Remove support for RSA_NET and Netscape key format (-keyform n). Also removed documentation of SGC. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 14 7月, 2015 1 次提交
-
-
由 Richard Levitte 提交于
This leaves behind files with names ending with '.iso-8859-1'. These should be safe to remove. If something went wrong when re-encoding, there will be some files with names ending with '.utf8' left behind. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 08 7月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
The -show_chain flag to the verify command line app shows information about the chain that has been built. This commit adds the text "untrusted" against those certificates that have been used from the untrusted list. Reviewed-by: NRich Salz <rsalz@openssl.org>
-