- 06 6月, 2016 4 次提交
-
-
由 Matt Caswell 提交于
The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch off the constant time implementation for RSA, DSA and DH have been made no-ops and deprecated. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The dsa_ossl.c file defined a couple of multi-line macros, but then only used each one once. The macros just serve to complicate the code and make it more difficult to understand what is really going on. Hence they are removed. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Cesar Pereida 提交于
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key. CVE-2016-2178 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Andy Polyakov 提交于
Some of the instructions used in latest additions are extension ones. There is no real reason to limit ourselves to specific processors, so [re-]adhere to base instruction set. RT#4548 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 05 6月, 2016 6 次提交
-
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
-
由 FdaSilvaYY 提交于
Return directly NULL after ASN1_STRING_set, as it already has set an error code. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
-
- 04 6月, 2016 9 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1139
-
由 Dr. Stephen Henson 提交于
RT#4474 (partial) Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
If the string to print is exactly 2048 character long (excluding the NULL terminator) then BIO_printf will chop off the last byte. This is because it has filled its static buffer but hasn't yet allocated a dynamic buffer. In cases where we don't have a dynamic buffer we need to truncate but that is not the case for BIO_printf(). We need to check whether we are able to have a dynamic buffer buffer deciding to truncate. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Jonas Maebe 提交于
zapparams modification based on tip from Matt Caswell RT#3198 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Mat 提交于
Use STATUS_SUCCESS instead of 0. Renamed USE_BCRYPT to RAND_WINDOWS_USE_BCRYPT to avoid possible collisions with other defines. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1142)
-
由 Mat 提交于
Adds missing casts for 64-bit. Removed zero initialization of hProvider. hProvider is an "out" parameter of CryptAcquireContextW. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1142)
-
由 Mat 提交于
Define USE_BCRYPT Removed _WIN32_WINNT define Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1142)
-
由 Mat 提交于
When openssl is compiled with MSVC and _WIN32_WINNT>=0x0601 (Windows 7), BCryptGenRandom is used instead of the legacy CryptoAPI. This change brings the following benefits: - Removes dependency on CryptoAPI (legacy API) respectively advapi32.dll - CryptoAPI Cryptographic Service Providers (rsa full) are not dynamically loaded. - Allows Universal Windows Platform (UWP) apps to use openssl (CryptGenRandom is not available for Windows store apps) Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1142)
-
由 Pauli 提交于
The problem is the checking in policy_cache_set, there is a race condition between the null check and obtaining the lock. The fix is in policy_cache_new to detect if the creation has happened already. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 03 6月, 2016 1 次提交
-
-
由 Andy Polyakov 提交于
_ctr32 in function name refers to 32-bit counter, but it was implementing 64-bit one. This didn't pose problem to EVP, but 64-bit counter was just misleading. RT#4512 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 02 6月, 2016 12 次提交
-
-
由 Matt Caswell 提交于
Numerous test failures were occuring when Configured with enable-ubsan although they could all be traced back to one issue. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Dr. Stephen Henson 提交于
Also fixes -Wstrict-oveflow warning on this file. RT#4474 (partial) Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The set_reasons() function in v3_crld.c leaks a STACK_OF(CONF_VALUE) object on an error path. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The int X509_PURPOSE_add() function was leaking an X509_PURPOSE object on error. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The X509_TRUST_add() function was leaking an X509_TRUST object on error. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The ASN1_item_pack() function was leaking an ASN1_STRING object on error paths. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The ASN1_GENERALIZEDTIME_adj() function leaks an ASN1_GENERALIZEDTIME object on an error path. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The v2i_POLICY_MAPPINGS() function leaked ASN1_OBJECT pointers on error paths. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The notice_section() function allocates a STACK_OF(CONF_VALUE) but then fails to free it on an error path. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The v2i_AUTHORITY_KEYID() function can leak memory under an error condition. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The function a2i_ASN1_INTEGER() allocates a buffer |s| but then fails to free it on error paths. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The ec_wNAF_mul() function allocates some temporary storage that it doesn't always free on an error condition. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 01 6月, 2016 8 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Add copyright to missing assembler files. Add copyrights to missing test/* files. Add copyrights Various source and misc files. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
RT2630 -- segfault for int overlow RT2877 -- check return values in apps/rand Update CHANGES file for previous "windows rand" changes. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Salt must be two ASCII characters. Add tests to check for that, and a test to test the checks. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
The -text argument to dhparam is broken, because the DHparams_print() function always returns an error. The problem is that always expects a public or private key to be present, even though that is never the case with parameters. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 FdaSilvaYY 提交于
Add missing error raise call, as it is done everywhere else. and as CRYPTO_THREAD_lock_new don't do it internally. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
On OpenBSD we turn off async capabilities due to no ucontext.h. RT#4379 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Mat 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-