| Age | Commit message (Collapse) | Author |
|---|
|
It should not have been removed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
If not, fall back to our own code, using the given mutex
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
For increments, the relaxed model is fine. For decrements, it's
recommended to use the acquire release model. We therefore go for the
latter.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Note: we trust any other compiler that fully implements GNU extension
to define __GNUC__
RT#4642
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Thanks to Shi Lei for reporting this issue.
CVE-2016-6303
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
The variable assignment c1 is never read before it is overwritten.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
RT#4625
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
RT#4625
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Addition was not preserving inputs' property of being fully reduced.
Thanks to Brian Smith for reporting this.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Addition was not preserving inputs' property of being fully reduced.
Thanks to Brian Smith for reporting this.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Thanks to David Benjamin for reporting this.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
The declaration of bio_type_lock is independent of no-sock so should not be
inside OPENSSL_NO_SOCK guards.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
The bound on log(2)/3 on the second line is incorrect and has an extra
zero compared to the divisions in the third line. log(2)/3 = 0.10034...
which is bounded by 0.101 and not 0.1001. The divisions actually
correspond to 0.101 which is fine. The third line also dropped a factor
of three.
The actual code appears to be fine. Just the comments are wrong.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
This makes it consistent with all of the other SCT setters.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
They may return if an SCT_signature struct is added in the future that
allows them to be refactored to conform to the i2d/d2i function signature
conventions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Previously, if ct_v1_log_id_from_pkey failed, public_key would be freed by
CTLOG_free at the end of the function, and then again by the caller (who
would assume ownership was not transferred when CTLOG_new returned NULL).
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
SCT_verify is impossible to call through the public API (SCT_CTX_new() is
not part of the public API), so rename it to SCT_CTX_verify and move it
out of the public API.
SCT_verify_v1 is redundant, since SCT_validate does the same verification
(by calling SCT_verify) and more. The API is less confusing with a single
verification function (SCT_validate).
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
ASN1_buf_print, asn1_print_*, X509_NAME_oneline, X509_NAME_print
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
remove useless cast to call ASN1_STRING_set
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
... add a static keyword.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
The assignment to ret is dead, because ret is assigned again later.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
If it's negative don't try and malloc it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Otherwise we try to malloc a -1 size.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Ensure BN_CTX_get() has been successful
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
The mem pointed to by cAB can be leaked on an error path.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
The mem pointed to by cAB can be leaked on an error path.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
The mem pointed to by tmp can be leaked on an error path.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Sometimes it is called with a NULL pointer
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Also, re-organize RSA check to use goto err.
Add a test case.
Try all checks, not just stopping at first (via Richard Levitte)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
The variable 'buffer', allocated by EC_POINT_point2buf(), isn't
free'd on the success path.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Original strategy for page-walking was adjust stack pointer and then
touch pages in order. This kind of asks for double-fault, because
if touch fails, then signal will be delivered to frame above adjusted
stack pointer. But touching pages prior adjusting stack pointer would
upset valgrind. As compromise let's adjust stack pointer in pages,
touching top of the stack. This still asks for double-fault, but at
least prevents corruption of neighbour stack if allocation is to
overstep the guard page.
Also omit predict-non-taken hints as they reportedly trigger illegal
instructions in some VM setups.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Fix an off by one error in the overflow check added by 07bed46f332fc
("Check for errors in BN_bn2dec()").
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Originally PKCS#12 subroutines treated password strings as ASCII.
It worked as long as they were pure ASCII, but if there were some
none-ASCII characters result was non-interoperable. But fixing it
poses problem accessing data protected with broken password. In
order to make asscess to old data possible add retry with old-style
password.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
The enable-zlib option was broken by the recent "const" changes.
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
RT#4628
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Thanks to Brian Smith for reporting this.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Add mutable versions of X509_get0_notBefore and X509_get0_notAfter.
Rename X509_SIG_get0_mutable to X509_SIG_getm.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR: #3176
|
|
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
Update certificate and CRL time routines to match new standard.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
The certificate and CRL time setting functions used similar code,
combine into a single utility function.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
