- 24 8月, 2016 6 次提交
-
-
由 Rob Percival 提交于
This makes it consistent with all of the other SCT setters. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rob Percival 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rob Percival 提交于
They may return if an SCT_signature struct is added in the future that allows them to be refactored to conform to the i2d/d2i function signature conventions. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rob Percival 提交于
Previously, if ct_v1_log_id_from_pkey failed, public_key would be freed by CTLOG_free at the end of the function, and then again by the caller (who would assume ownership was not transferred when CTLOG_new returned NULL). Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rob Percival 提交于
SCT_verify is impossible to call through the public API (SCT_CTX_new() is not part of the public API), so rename it to SCT_CTX_verify and move it out of the public API. SCT_verify_v1 is redundant, since SCT_validate does the same verification (by calling SCT_verify) and more. The API is less confusing with a single verification function (SCT_validate). Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Kurt Roeckx 提交于
This is a new minimal corpus with the following changes: - asn1: files: 1135 (+474), tuples: 27236 (+7496) - asn1parse: files: 305 (-3), tuples: 8758 (+11) - bignum: files: 370 (-1), tuples: 9547 (+10) - bndiv: files: 160 (+0), tuples: 2416 (+6) - cms: files: 155 (-1), tuples: 3408 (+0) - conf: files: 231 (-11), tuples: 4668 (+3) - crl: files: 905 (+188), tuples: 22876 (+4096) - ct: files: 117 (+35), tuples: 3557 (+908) - x509: files: 920, tuples: 28334 Note that tuple count depends on the binary and is random. Reviewed-by: NEmilia Käsper <emilia@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 23 8月, 2016 19 次提交
-
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 FdaSilvaYY 提交于
ASN1_buf_print, asn1_print_*, X509_NAME_oneline, X509_NAME_print Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 FdaSilvaYY 提交于
remove useless cast to call ASN1_STRING_set Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 FdaSilvaYY 提交于
... add a static keyword. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
There was a block of code at the start that used the Camellia cipher. The original idea behind this was to fill the buffer with non-zero data so that oversteps can be detected. However this block failed when using no-camellia. This has been replaced with a RAND_bytes() call. I also updated the the CTR test section, since it seems to be using a CBC cipher instead of a CTR cipher. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
The assignment to ret is dead, because ret is assigned again later. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
If it's negative don't try and malloc it. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Otherwise we try to malloc a -1 size. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Ensure BN_CTX_get() has been successful Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
The mem pointed to by cAB can be leaked on an error path. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
The mem pointed to by cAB can be leaked on an error path. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
The mem pointed to by tmp can be leaked on an error path. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Sometimes it is called with a NULL pointer Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Don't leak pke_ctx on error. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1472
-
由 FdaSilvaYY 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1471
-
- 22 8月, 2016 15 次提交
-
-
由 Matt Caswell 提交于
The PKCS12 command line utility is not available if no-des is used. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Also, re-organize RSA check to use goto err. Add a test case. Try all checks, not just stopping at first (via Richard Levitte) Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Kazuki Yamaguchi 提交于
The variable 'buffer', allocated by EC_POINT_point2buf(), isn't free'd on the success path. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Kazuki Yamaguchi 提交于
Declare EC{PK,}PARAMETERS_{new,free} functions in public headers. The free functions are necessary because EC_GROUP_get_ec{pk,}parameters() was made public by commit 60b350a3 ("RT3676: Expose ECgroup i2d functions"). Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 FdaSilvaYY 提交于
Code was relying on an implicit data-sharing through duplication of loopargs_t pointer-members made by ASYNC_start_job(). Now share structure address instead of structure content. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Richard Levitte 提交于
The following would fail, or rather, freeze: openssl genrsa -out rsa2048.pem 2048 openssl req -x509 -key rsa2048.pem -keyform PEM -out cert.pem In that case, the second command wants to read a certificate request from stdin, because -x509 wasn't fully flagged as being for creating something new. This changes makes it fully flagged. RT#4655 Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Andy Polyakov 提交于
Original strategy for page-walking was adjust stack pointer and then touch pages in order. This kind of asks for double-fault, because if touch fails, then signal will be delivered to frame above adjusted stack pointer. But touching pages prior adjusting stack pointer would upset valgrind. As compromise let's adjust stack pointer in pages, touching top of the stack. This still asks for double-fault, but at least prevents corruption of neighbour stack if allocation is to overstep the guard page. Also omit predict-non-taken hints as they reportedly trigger illegal instructions in some VM setups. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The previous ciphersuite broke in no-ec builds. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Kazuki Yamaguchi 提交于
Fix an off by one error in the overflow check added by 07bed46f ("Check for errors in BN_bn2dec()"). Reviewed-by: NStephen Henson <steve@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
In mempacket_test_read(), we've already fetched the top value of the stack, so when we shift the stack, we don't care for the value. The compiler needs to be told, or it will complain harshly when we tell it to be picky. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Andy Polyakov 提交于
Originally PKCS#12 subroutines treated password strings as ASCII. It worked as long as they were pure ASCII, but if there were some none-ASCII characters result was non-interoperable. But fixing it poses problem accessing data protected with broken password. In order to make asscess to old data possible add retry with old-style password. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-