generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
8,569 Commits 16 Branches 258 Tags
Commit Graph

1161 Commits

Author SHA1 Message Date
Dr. Stephen Henson
c61f0cbffb Fix free errors in ocsp utility. 
Keep copy of any host, path and port values allocated by
OCSP_parse_url and free as necessary.
(cherry picked from commit 5219d3dd350cc74498dd49daef5e6ee8c34d9857)
 2014-04-09 15:45:56 +01:00
Dr. Stephen Henson
e56334998c Use correct length when prompting for password. 
Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in
the openssl utility.

Thanks to Rob Mackinnon, Leviathan Security for reporting this issue.
(cherry picked from commit 7ba08a4d73c1bdfd3aced09a628b1d7d7747cdca)
 2014-04-04 13:09:05 +01:00
mancha
a375025e4d Fix alert handling. 
Fix OpenSSL 0.9.8 alert handling.

PR#3038
 2014-03-27 00:54:16 +00:00
Dr. Stephen Henson
430b637bd5 make update 2013-02-05 16:50:36 +00:00
Dr. Stephen Henson
bb152dae8f check mval for NULL too 2012-12-04 17:26:36 +00:00
Dr. Stephen Henson
c42ab44087 fix leak 2012-12-03 16:33:54 +00:00
Dr. Stephen Henson
c571a3e984 PR: 2908 
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

Fix DH double free if parameter generation fails.
 2012-11-21 14:01:38 +00:00
Dr. Stephen Henson
92e5882aca fix memory leak 2012-09-11 13:45:42 +00:00
Dr. Stephen Henson
a9101cdcaa Always use SSLv23_{client,server}_method in s_client.c and s_server.c, 
the old code came from SSLeay days before TLS was even supported.
 2012-03-18 18:18:30 +00:00
Dr. Stephen Henson
4f2fc3c2dd Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and 
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
 2012-03-12 14:51:45 +00:00
Bodo Möller
bf240f063a Fix usage indentation 2012-01-05 13:15:29 +00:00
Dr. Stephen Henson
7183aa6b9d make update 2012-01-04 19:12:39 +00:00
Dr. Stephen Henson
24f441e0bb The default CN prompt message can be confusing when often the CN needs to 
be the server FQDN: change it.
[Reported by PSW Group]
 2011-12-06 00:01:09 +00:00
Dr. Stephen Henson
91a1d08a4c use keyformat for -x509toreq, don't hard code PEM 2011-09-23 21:49:08 +00:00
Dr. Stephen Henson
6ec9ff83f3 PR: 2347 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Reviewed by: steve

Fix usage message.
 2011-09-23 13:13:02 +00:00
Dr. Stephen Henson
03e3fbb702 PR: 2527 
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Set cnf to NULL to avoid possible double free.
 2011-05-25 15:06:32 +00:00
Dr. Stephen Henson
32cd1da62e PR: 2469 
Submitted by: Jim Studt <jim@studt.net>
Reviewed by: steve

Check mac is present before trying to retrieve mac iteration count.
 2011-03-13 18:23:24 +00:00
Dr. Stephen Henson
50fb940f05 make WIN32 compile work again 2010-07-08 01:23:25 +00:00
Ben Laurie
d886975835 Fix gcc 4.6 warnings. Check TLS server hello extension length. 2010-06-12 13:18:58 +00:00
Dr. Stephen Henson
c1f1a03d0c PR: 2262 
Submitted By: Victor Wagner <vitus@cryptocom.ru>

Fix error reporting in load_key function.
 2010-05-27 14:09:22 +00:00
Dr. Stephen Henson
cf6a1dea19 PR: 2202 (partial) 
Submitted by: Steven M. Schweda <sms@antinode.info>

VMS fixes:
	Reduce copying into .apps and .test in makevms.com
	Don't try to use blank CA certificate in CA.com
	Allow use of C files from original directories in maketests.com
 2010-03-25 12:29:56 +00:00
Dr. Stephen Henson
4610d8dc00 don't leave bogus errors in the queue 2010-03-10 13:48:35 +00:00
Dr. Stephen Henson
b7c114f044 PR: 2183 
PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0
 2010-03-03 19:56:00 +00:00
Richard Levitte
53b5d04715 Apply changes from the 1.0.0 branch. 2010-02-23 07:51:39 +00:00
Dr. Stephen Henson
162f1e08f8 make no-rsa no-dsa compile again 2010-02-02 14:03:07 +00:00
Dr. Stephen Henson
714044cc03 oops revert test code from previous commit 2010-01-24 13:52:38 +00:00
Dr. Stephen Henson
5598b99fb3 The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING 
ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround
call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should
both address the original bug and retain compatibility with the old behaviour.
 2010-01-24 13:50:57 +00:00
Dr. Stephen Henson
444ff35029 revert patch 2010-01-19 19:10:53 +00:00
Dr. Stephen Henson
ff2549be1d PR: 2144 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Better fix for PR#2144
 2010-01-19 19:10:03 +00:00
Dr. Stephen Henson
24fc4f656c PR: 1618 
Submitted by: steve@openssl.org

Fix bug in 0.9.8-stable time handling in ca.c . NB: this only handles cases
where times are not being checked or printed properly. Issues relating to
time_t becoming negative or wrapping around are *NOT* addressed. OpenSSL
1.0.0 and later does fix these issues by using its own time routines.
 2010-01-14 17:44:46 +00:00
Dr. Stephen Henson
ccc3df8c33 New option to enable/disable connection to unpatched servers 2009-12-16 20:34:20 +00:00
Dr. Stephen Henson
59f44e810b Add ctrl and macro so we can determine if peer support secure renegotiation. 
Fix SSL_CIPHER initialiser for mcsv
 2009-12-08 13:47:28 +00:00
Dr. Stephen Henson
6cf61614e4 Replace the broken SPKAC certification with the correct version. 2009-12-02 14:39:12 +00:00
Richard Levitte
e333a8d673 Updated from 1.0.0-stable. 2009-11-12 16:59:18 +00:00
Ben Laurie
c2b78c31d6 First cut of renegotiation extension. 2009-11-08 14:51:54 +00:00
Ben Laurie
6156be4da3 Fix compilation problem. 2009-11-05 10:18:11 +00:00
Dr. Stephen Henson
e6e11f4ec3 Don't attempt session resumption if no ticket is present and session 
ID length is zero.
 2009-10-28 19:53:10 +00:00
Dr. Stephen Henson
ef62799783 PR: 1847 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Integrated patches to CA.sh to bring it into line with CA.pl functionality.
 2009-10-15 17:28:02 +00:00
Dr. Stephen Henson
8196257f00 Cross compilation updates. 2009-10-15 14:14:35 +00:00
Dr. Stephen Henson
d7050b4424 Fix warnings about ignoring fgets return value 2009-10-04 16:43:39 +00:00
Dr. Stephen Henson
822da9ccc3 Stop unused variable warning. 2009-09-20 13:26:46 +00:00
Dr. Stephen Henson
48b30bf0e2 make update 2009-09-06 16:14:20 +00:00
Dr. Stephen Henson
197ab47bdd PR: 2028 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS cookie management bugs.
 2009-09-04 17:53:30 +00:00
Richard Levitte
f78bcb8945 Moving up the inclusion of e_os.h was a bad idea. 
Put it back where it was and place an inclusion of e_os2.h to get platform
macros defined...
 2009-08-26 11:21:57 +00:00
Richard Levitte
e75445f688 Add CMS to the list of applications. 
Define EXE_DIR earlier.
Make sure S_SOCKET also gets compiled with _POSIX_C_SOURCE defined.

Submitted by Zoltan Arpadffy <zoli@polarhome.com>
 2009-08-25 07:26:25 +00:00
Richard Levitte
df51d79ec4 Move up the inclusion of e_os.h so OPENSSL_SYS_VMS_DECC has a chance 
to be properly defined.
 2009-08-25 07:24:00 +00:00
Dr. Stephen Henson
fbc4a24633 PR: 1997 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timeout handling fix.
 2009-08-13 15:14:32 +00:00
Dr. Stephen Henson
3008a7d819 Typo 2009-08-10 15:52:33 +00:00
Dr. Stephen Henson
233f758523 PR: 1999 
Submitted by: "Bayram Kurumahmut" <kbayram@ubicom.com>
Approved by: steve@openssl.org

Don't use HAVE_FORK in apps/speed.c it can conflict with configured version.
 2009-08-10 15:30:17 +00:00
Dr. Stephen Henson
d36e9d160b Make genrsa work again. 2009-07-26 16:06:41 +00:00