|
Revision tags: OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c |
|
| #
6dcba070 |
| 02-Oct-2016 |
Dr. Stephen Henson |
Fix X509_NAME decode for malloc failures.
The original X509_NAME decode free code was buggy: this
could result in double free or leaks if a malloc failure
occurred.
Simplify
Fix X509_NAME decode for malloc failures.
The original X509_NAME decode free code was buggy: this
could result in double free or leaks if a malloc failure
occurred.
Simplify and fix the logic.
Thanks to Guido Vranken for reporting this issue.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1691)
show more ...
|
|
Revision tags: OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0, OpenSSL_1_1_0-pre6 |
|
| #
9f5466b9 |
| 07-Jul-2016 |
FdaSilvaYY |
Constify some X509_NAME, ASN1 printing code
ASN1_buf_print, asn1_print_*, X509_NAME_oneline, X509_NAME_print
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard L
Constify some X509_NAME, ASN1 printing code
ASN1_buf_print, asn1_print_*, X509_NAME_oneline, X509_NAME_print
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
6eabcc83 |
| 15-Aug-2016 |
Matt Caswell |
Make X509_NAME_get0_der() conform to OpenSSL style
Put the main object first in the params list.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <
Make X509_NAME_get0_der() conform to OpenSSL style
Put the main object first in the params list.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
show more ...
|
| #
08275a29 |
| 03-Jul-2016 |
FdaSilvaYY |
Constify ASN1_TYPE_get, ASN1_STRING_type, ASN1_STRING_to_UTF8, ASN1_TYPE_get_octetstring & co...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Constify ASN1_TYPE_get, ASN1_STRING_type, ASN1_STRING_to_UTF8, ASN1_TYPE_get_octetstring & co...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
show more ...
|
| #
02f730b3 |
| 02-Jul-2016 |
mrpre |
Cleanup after sk_push fail
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1281)
|
|
Revision tags: OpenSSL-fips-2_0_13 |
|
| #
5ab0b7e6 |
| 03-Jun-2016 |
FdaSilvaYY |
Missing NULL check on OBJ_dup result in x509_name_canon
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl
Missing NULL check on OBJ_dup result in x509_name_canon
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)
show more ...
|
| #
3892b957 |
| 04-Jun-2016 |
Kurt Roeckx |
Avoid creating an illegal pointer
Found by tis-interpreter
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1164
|
| #
b1322259 |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 09/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
4e0d184a |
| 04-May-2016 |
Dr. Stephen Henson |
Fix name length limit check.
The name length limit check in x509_name_ex_d2i() includes
the containing structure as well as the actual X509_NAME. This will
cause large CRLs to be rej
Fix name length limit check.
The name length limit check in x509_name_ex_d2i() includes
the containing structure as well as the actual X509_NAME. This will
cause large CRLs to be rejected.
Fix by limiting the length passed to ASN1_item_ex_d2i() which will
then return an error if the passed X509_NAME exceeds the length.
RT#4531
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h |
|
| #
295f3a24 |
| 28-Apr-2016 |
Dr. Stephen Henson |
Add size limit to X509_NAME structure.
This adds an explicit limit to the size of an X509_NAME structure. Some
part of OpenSSL (e.g. TLS) already effectively limit the size due to
re
Add size limit to X509_NAME structure.
This adds an explicit limit to the size of an X509_NAME structure. Some
part of OpenSSL (e.g. TLS) already effectively limit the size due to
restrictions on certificate size.
Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
| #
ed3eb5e0 |
| 28-Apr-2016 |
Matt Caswell |
The x509_name_canon function doesn't check for an error return
i2d_name_canon can return a negative number on error. We should check it
before continuing.
Reviewed-by: Rich Salz
The x509_name_canon function doesn't check for an error return
i2d_name_canon can return a negative number on error. We should check it
before continuing.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_1_0-pre5, OpenSSL_1_1_0-pre4, OpenSSL_1_0_1s, OpenSSL_1_0_2g, OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12 |
|
| #
0d4fb843 |
| 05-Feb-2016 |
FdaSilvaYY |
GH601: Various spelling fixes.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| #
7ab50749 |
| 30-Jan-2016 |
Dr. Stephen Henson |
Add function to return internal enoding of X509_NAME.
PR#4280
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Revision tags: OpenSSL_1_0_1r, OpenSSL_1_0_2f, OpenSSL_1_1_0-pre2 |
|
| #
34980760 |
| 18-Dec-2015 |
Rich Salz |
Remove /* foo.c */ comments
This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1
Remove /* foo.c */ comments
This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1 && m@/\* .*\.[ch] \*/@;
close ARGV if eof; # Close file to reset $.
And then some hand-editing of other files.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
show more ...
|
| #
4a1f3f27 |
| 06-Jan-2016 |
Dr. Stephen Henson |
Only declare stacks in headers
Don't define stacks in C source files: it causes warnings
about unused functions in some compilers.
Reviewed-by: Richard Levitte <levitte@openssl.
Only declare stacks in headers
Don't define stacks in C source files: it causes warnings
about unused functions in some compilers.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
85885715 |
| 28-Dec-2015 |
Dr. Stephen Henson |
Rename DECLARE*STACK_OF to DEFINE*STACK_OF
Applications wishing to include their own stacks now just need to include
DEFINE_STACK_OF(foo)
in a header file.
Reviewe
Rename DECLARE*STACK_OF to DEFINE*STACK_OF
Applications wishing to include their own stacks now just need to include
DEFINE_STACK_OF(foo)
in a header file.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_1_0-pre1, OpenSSL_0_9_8zh, OpenSSL_1_0_0t, OpenSSL_1_0_1q, OpenSSL_1_0_2e |
|
| #
90945fa3 |
| 30-Oct-2015 |
Matt Caswell |
Continue standardising malloc style for libcrypto
Continuing from previous commit ensure our style is consistent for malloc
return checks.
Reviewed-by: Kurt Roeckx <kurt@openssl
Continue standardising malloc style for libcrypto
Continuing from previous commit ensure our style is consistent for malloc
return checks.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
show more ...
|
| #
2aa707c6 |
| 22-Sep-2015 |
Dr. Stephen Henson |
Fix path in comments
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
0d0099ea |
| 22-Sep-2015 |
Dr. Stephen Henson |
Move functions.
Move various functions tagged onto t_x509.c to more appropriate places.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
df2ee0e2 |
| 05-Sep-2015 |
Ben Laurie |
Enable -Wmissing-variable-declarations and
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require
any code changes).
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
64b25758 |
| 03-Sep-2015 |
Rich Salz |
remove 0 assignments.
After openssl_zalloc, cleanup more "set to 0/NULL" assignments.
Many are from github feedback.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Revision tags: OpenSSL_1_0_1p, OpenSSL_1_0_2d, OpenSSL-fips-2_0_11, OpenSSL_1_0_1o, OpenSSL_1_0_2c, OpenSSL_0_9_8zg, OpenSSL_1_0_0s, OpenSSL_1_0_1n, OpenSSL_1_0_2b |
|
| #
b39fc560 |
| 14-May-2015 |
Richard Levitte |
Identify and move common internal libcrypto header files
There are header files in crypto/ that are used by a number of crypto/
submodules. Move those to crypto/include/internal and ada
Identify and move common internal libcrypto header files
There are header files in crypto/ that are used by a number of crypto/
submodules. Move those to crypto/include/internal and adapt the
affected source code and Makefiles.
The header files that got moved are:
crypto/cryptolib.h
crypto/md32_common.h
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
|
Revision tags: OpenSSL-fips-2_0_10 |
|
| #
b4faea50 |
| 02-May-2015 |
Rich Salz |
Use safer sizeof variant in malloc
For a local variable:
TYPE *p;
Allocations like this are "risky":
p = OPENSSL_malloc(sizeof(TYPE));
if the type of p change
Use safer sizeof variant in malloc
For a local variable:
TYPE *p;
Allocations like this are "risky":
p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption. Instead do this:
p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
b548a1f1 |
| 01-May-2015 |
Rich Salz |
free null cleanup finale
Don't check for NULL before calling OPENSSL_free
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
222561fe |
| 30-Apr-2015 |
Rich Salz |
free NULL cleanup 5a
Don't check for NULL before calling a free routine. This gets X509_.*free:
x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
X509_STORE_fre
free NULL cleanup 5a
Don't check for NULL before calling a free routine. This gets X509_.*free:
x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
X509_STORE_free X509_STORE_CTX_free X509_PKEY_free
X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
