#
10c3c1c1 |
| 28-Jun-2018 |
Rich Salz |
Zero-fill IV by default. Fixes uninitialized memory read reported by Nick Mathewson Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pul
Zero-fill IV by default. Fixes uninitialized memory read reported by Nick Mathewson Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6603)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7 |
|
#
c82c3462 |
| 04-May-2018 |
Richard Levitte |
In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length Fixes #4716 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/opens
In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length Fixes #4716 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6173)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre6 |
|
#
d6d94d33 |
| 25-Apr-2018 |
Richard Levitte |
PEM_def_callback(): use same parameter names as for pem_password_cb Add a bit more commentary to explain what's going on. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged fr
PEM_def_callback(): use same parameter names as for pem_password_cb Add a bit more commentary to explain what's going on. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6080)
show more ...
|
#
4977b4e9 |
| 25-Apr-2018 |
Richard Levitte |
PEM_def_callback(): don't loop because of too short password given That error is already caught by EVP_read_pw_string_min, and causes this function to return -1, so the code detecting to
PEM_def_callback(): don't loop because of too short password given That error is already caught by EVP_read_pw_string_min, and causes this function to return -1, so the code detecting too short passwords in this function is practically dead. Fixes #5465 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6080)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4 |
|
#
c9c56ee5 |
| 30-Mar-2018 |
Bernd Edlinger |
Clear buffer in PEM_write_bio Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5814)
|
#
6714cb14 |
| 30-Mar-2018 |
Rich Salz |
Remove some code This commit removes the contribution of a user that we cannot trace to gain their consent for the licence change. I also cleaned up the return/error-return flow
Remove some code This commit removes the contribution of a user that we cannot trace to gain their consent for the licence change. I also cleaned up the return/error-return flow a bit. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5811)
show more ...
|
Revision tags: OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3 |
|
#
b0edda11 |
| 20-Mar-2018 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5689)
|
Revision tags: OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1 |
|
#
b0143b97 |
| 30-Jan-2018 |
Benjamin Kaduk |
Fix type error in PEM processing The get_name() helper was using a variable of type size_t to hold the result of BIO_gets(), but BIO_gets() returns int and makes use of negative valu
Fix type error in PEM processing The get_name() helper was using a variable of type size_t to hold the result of BIO_gets(), but BIO_gets() returns int and makes use of negative values to indicate error conditions. Change the type of the local variable to match, and propagate that through to other places in the file to avoid -Wsign-compare issues. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5211)
show more ...
|
Revision tags: OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
#
a1df06b3 |
| 20-Aug-2017 |
Pauli |
This has been added to avoid the situation where some host ctype.h functions return true for characters > 127. I.e. they are allowing extended ASCII characters through which then cause probl
This has been added to avoid the situation where some host ctype.h functions return true for characters > 127. I.e. they are allowing extended ASCII characters through which then cause problems. E.g. marking superscript '2' as a number then causes the common (ch - '0') conversion to number to fail miserably. Likewise letters with diacritical marks can also cause problems. If a non-ASCII character set is being used (currently only EBCDIC), it is adjusted for. The implementation uses a single table with a bit for each of the defined classes. These functions accept an int argument and fail for values out of range or for characters outside of the ASCII set. They will work for both signed and unsigned character inputs. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4102)
show more ...
|
#
e40ada04 |
| 21-Jun-2017 |
Matt Caswell |
Remove OPENSSL_assert() from crypto/pem Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3740)
|
#
75e2c877 |
| 03-Aug-2017 |
Rich Salz |
Switch from ossl_rand to DRBG rand If RAND_add wraps around, XOR with existing. Add test to drbgtest that does the wrap-around. Re-order seeding and stop after first success.
Switch from ossl_rand to DRBG rand If RAND_add wraps around, XOR with existing. Add test to drbgtest that does the wrap-around. Re-order seeding and stop after first success. Add RAND_poll_ex() Use the DF and therefore lower RANDOMNESS_NEEDED. Also, for child DRBG's, mix in the address as the personalization bits. Centralize the entropy callbacks, from drbg_lib to rand_lib. (Conceptually, entropy is part of the enclosing application.) Thanks to Dr. Matthias St Pierre for the suggestion. Various code cleanups: -Make state an enum; inline RANDerr calls. -Add RAND_POLL_RETRIES (thanks Pauli for the idea) -Remove most RAND_seed calls from rest of library -Rename DRBG_CTX to RAND_DRBG, etc. -Move some code from drbg_lib to drbg_rand; drbg_lib is now only the implementation of NIST DRBG. -Remove blocklength Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4019)
show more ...
|
#
2ca8bbe5 |
| 29-Jul-2017 |
Bernd Edlinger |
Use OPENSSL_secure_clear_free in PEM_read_bio_PrivateKey and PEM_read_bio_ex Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4044)
|
#
aa8dfbc4 |
| 09-Jul-2017 |
Bernd Edlinger |
Fix error handling in get_header_and_data. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3896)
|
#
86ba26c8 |
| 07-Jul-2017 |
Pauli |
Address potential buffer overflows. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3878)
|
#
b4df712a |
| 06-Jul-2017 |
Pauli |
change return (x) to return x Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3878)
|
#
0904e79a |
| 15-Jun-2017 |
Rich Salz |
Undo commit d420ac2 [extended tests] Original text: Use BUF_strlcpy() instead of strcpy(). Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead
Undo commit d420ac2 [extended tests] Original text: Use BUF_strlcpy() instead of strcpy(). Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus@openbsd.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3701)
show more ...
|
#
48feaceb |
| 01-Jul-2017 |
Richard Levitte |
Remove the possibility to disable the UI module entirely Instead, make it possible to disable the console reader that's part of the UI module. This makes it possible to use the UI API a
Remove the possibility to disable the UI module entirely Instead, make it possible to disable the console reader that's part of the UI module. This makes it possible to use the UI API and other UI methods in environments where the console reader isn't useful. To disable the console reader, configure with 'no-ui-console' / 'disable-ui-console'. 'no-ui' / 'disable-ui' is now an alias for 'no-ui-console' / 'disable-ui-console'. Fixes #3806 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3820)
show more ...
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16, OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0, OpenSSL_1_1_0-pre6, OpenSSL-fips-2_0_13, OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5, OpenSSL_1_1_0-pre4, OpenSSL_1_0_1s, OpenSSL_1_0_2g |
|
#
7671342e |
| 29-Feb-2016 |
Benjamin Kaduk |
Add PEM_bytes_read_bio_secmem() Split the PEM_bytes_read_bio() implementation out into a pem_bytes_read_bio_flags() helper, to allow it to pass PEM_FLAG_SECURE as needed. Adjust the
Add PEM_bytes_read_bio_secmem() Split the PEM_bytes_read_bio() implementation out into a pem_bytes_read_bio_flags() helper, to allow it to pass PEM_FLAG_SECURE as needed. Adjust the cleanup to properly use OPENSSL_secure_free() when needed, and reimplement PEM_bytes_read() as a wrapper around the _flags helper. Add documentation for PEM_bytes_read_bio() and the new secmem variant. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1700)
show more ...
|
#
204afd81 |
| 19-Feb-2016 |
Benjamin Kaduk |
Add PEM_read_bio_ex The extended function includes a 'flags' argument to allow callers to specify different requested behaviors. In particular, callers can request that temporary st
Add PEM_read_bio_ex The extended function includes a 'flags' argument to allow callers to specify different requested behaviors. In particular, callers can request that temporary storage buffers are allocated from the secure heap, which could be relevant when loading private key material. Refactor PEM_read_bio to use BIO_mems instead of BUFs directly, use some helper routines to reduce the overall function length, and make some of the checks more reasonable. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1700)
show more ...
|
#
69687aa8 |
| 28-Mar-2017 |
FdaSilvaYY |
More typo fixes Fix some comments too [skip ci] Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.
More typo fixes Fix some comments too [skip ci] Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3069)
show more ...
|
#
60250017 |
| 05-Aug-2016 |
klemens |
spelling fixes, just comments and readme. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull
spelling fixes, just comments and readme. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1413)
show more ...
|
#
cf3404fc |
| 25-Apr-2016 |
Matt Caswell |
Change the return type of EVP_EncodeUpdate Previously EVP_EncodeUpdate returned a void. However there are a couple of error conditions that can occur. Therefore the return type has been
Change the return type of EVP_EncodeUpdate Previously EVP_EncodeUpdate returned a void. However there are a couple of error conditions that can occur. Therefore the return type has been changed to an int, with 0 indicating error and 1 indicating success. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
af9895cb |
| 10-May-2016 |
Mat |
Updates from review Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
b01e1644 |
| 09-May-2016 |
Mat |
Fix: PEM_read_bio_PrivateKey with no-ui / no-stdio If openssl is compiled with no-ui or no-stdio, then PEM_read_bio_PrivateKey fails if a password but no callback is provided. The r
Fix: PEM_read_bio_PrivateKey with no-ui / no-stdio If openssl is compiled with no-ui or no-stdio, then PEM_read_bio_PrivateKey fails if a password but no callback is provided. The reason is that the premature return in the PEM_def_callback implementation when OPENSSL_NO_STDIO or OPENSSL_NO_UI is defined, comes too early. This patch moves the ifdef block to the correct place. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
67787844 |
| 24-Apr-2016 |
Viktor Dukhovni |
Improve and document low-level PEM read routines PEM_read(), PEM_read_bio(), PEM_get_EVP_CIPHER_INFO() and PEM_do_header(). Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|