Matt Caswell
563fc239d2
Fix dh_pub_encode
...
The return value from ASN1_STRING_new() was not being checked which could
lead to a NULL deref in the event of a malloc failure. Also fixed a mem
leak in the error path.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6aa8dab2bb
2015-03-12 09:29:48 +00:00
Dr. Stephen Henson
bfa34f551c
Cleanse PKCS#8 private key components.
...
New function ASN1_STRING_clear_free which cleanses an ASN1_STRING
structure before freeing it.
Call ASN1_STRING_clear_free on PKCS#8 private key components.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a8ae0891d4
2015-03-08 16:29:28 +00:00
Matt Caswell
d6b4a41d10
Unchecked malloc fixes
...
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 918bb86529
2015-03-05 09:15:08 +00:00
Kurt Roeckx
f95519538a
Fix memory leak
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit edac5dc220
2015-02-22 13:23:53 +01:00
Doug Hogan
79e2e927e6
Avoid a double-free in an error path.
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 1549a26520
2015-02-22 13:23:52 +01:00
Matt Caswell
ae5c8664e5
Run util/openssl-format-source -v -c .
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:31:38 +00:00
Matt Caswell
65a6a1ff45
indent has problems with comments that are on the right hand side of a line.
...
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.
Conflicts:
crypto/bn/bn.h
crypto/ec/ec_lcl.h
crypto/rsa/rsa.h
demos/engines/ibmca/hw_ibmca.c
ssl/ssl.h
ssl/ssl3.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:26:44 +00:00
Matt Caswell
bc2d623c0e
Fix source where indent will not be able to cope
...
Conflicts:
apps/ciphers.c
ssl/s3_pkt.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:24:04 +00:00
Tim Hudson
6977c7e2ba
mark all block comments that need format preserving so that
...
indent will not alter them when reformatting comments
(cherry picked from commit 1d97c84351
2015-01-22 09:23:04 +00:00
Andy Polyakov
2d63d0c84a
Fix irix-cc build.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit e464403d0b
2015-01-07 18:41:17 +01:00
Andy Polyakov
fe69e6be6e
dh_check.c: check BN_CTX_get's return value.
...
(cherry picked from commit 53e5161231
2014-03-06 14:21:17 +01:00
Dr. Stephen Henson
bc35b8e435
make update
2013-12-01 23:09:44 +00:00
Ben Laurie
ac5cb33356
Fix compile errors.
...
(cherry picked from commit a0aaa5660a
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
aaf74259ec
CMS RFC2631 X9.42 DH enveloped data support.
...
(cherry picked from commit bd59f2b91d
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
5c4ff8ad37
Add KDF for DH.
...
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.
Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
(cherry picked from commit dc1ce3bc64
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
c275fb091e
Extend DH parameter generation support.
...
Add support for DH parameter generation using DSA methods including
FIPS 186-3.
(cherry picked from commit 3909087801
2013-10-01 14:01:17 +01:00
Dr. Stephen Henson
90c341c601
Enhance DH dup functions.
...
Make DHparams_dup work properly with X9.42 DH parameters.
(cherry picked from commit d3cc91eee2
2013-10-01 14:01:17 +01:00
Dr. Stephen Henson
52d0e1ca4e
If present print j, seed and counter values for DH
...
(cherry picked from commit c9577ab5ea
2013-10-01 14:01:17 +01:00
Dr. Stephen Henson
6c4b3514d7
New SP 800-56A compliant version of DH_compute_key().
...
(cherry picked from commit bc91494e06
2013-10-01 14:01:17 +01:00
Ben Laurie
68d2cf51bc
Reduce version skew: trivia (I hope).
2012-06-03 22:03:37 +00:00
Dr. Stephen Henson
491734eb21
Initial experimental support for X9.42 DH parameter format to handle
...
RFC5114 parameters and X9.42 DH public and private keys.
(backport from HEAD)
2012-04-07 20:22:11 +00:00
Dr. Stephen Henson
4e891a191d
branches: 1.2.2;
...
Correct some parameter values.
(backport from HEAD)
2012-04-07 17:41:51 +00:00
Dr. Stephen Henson
b73a69a9c2
Update DH_check() to peform sensible checks when q parameter is present.
...
(backport from HEAD)
2012-04-07 17:40:08 +00:00
Dr. Stephen Henson
e811eff5a9
Add RFC5114 DH parameters to OpenSSL. Add test data to dhtest.
...
(backport from HEAD)
2012-04-07 12:19:50 +00:00
Dr. Stephen Henson
5999d45a5d
DH keys have an (until now) unused 'q' parameter. When creating from DSA copy
...
q across and if q present generate DH key in the correct range. (from HEAD)
2011-11-14 14:16:09 +00:00
Dr. Stephen Henson
9309ea6617
Backport PSS signature support from HEAD.
2011-10-09 23:13:50 +00:00
Dr. Stephen Henson
e34a303ce1
make depend
2011-09-16 23:15:22 +00:00
Dr. Stephen Henson
0ae7c43fa5
Improved error checking for DRBG calls.
...
New functionality to allow default DRBG type to be set during compilation
or during runtime.
2011-09-16 23:08:57 +00:00
Dr. Stephen Henson
3a5b97b7f1
Don't set default public key methods in FIPS mode so applications
...
can switch between modes.
2011-06-20 19:41:13 +00:00
Dr. Stephen Henson
ed9b0e5cba
Redirect DH key and parameter generation.
2011-06-09 15:21:46 +00:00
Dr. Stephen Henson
03e16611a3
Redirect DH operations to FIPS module. Block non-FIPS methods.
...
Sync DH error codes with HEAD.
2011-06-08 15:58:59 +00:00
Dr. Stephen Henson
6c29853bf2
PR: 1644
...
Submitted by: steve@openssl.org
Fix to make DHparams_dup() et al work in C++.
For 1.0 fix the final argument to ASN1_dup() so it is void *. Replace some
*_dup macros with functions.
2009-09-06 15:49:12 +00:00
Ben Laurie
6cfab29b71
Make depend.
2009-06-14 02:37:22 +00:00
Dr. Stephen Henson
82ae57136b
Some no-ec fixes (not complete yet).
2009-04-23 15:24:27 +00:00
Geoff Thorpe
6343829a39
Revert the size_t modifications from HEAD that had led to more
...
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e
Update obsolete email address...
2008-11-05 18:39:08 +00:00
Ben Laurie
5e4430e70d
More size_tification.
2008-11-01 16:40:37 +00:00
Ben Laurie
5ce278a77b
More type-checking.
2008-06-04 11:01:43 +00:00
Dr. Stephen Henson
fe591284be
Update dependencies.
2008-03-22 18:52:03 +00:00
Geoff Thorpe
1e26a8baed
Fix a variety of warnings generated by some elevated compiler-fascism,
...
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Lutz Jänicke
5f0477f47b
Typos
...
PR: 1578
Submitted by: Charles Longeau <chl@tuxfamily.org>
2007-09-24 11:22:58 +00:00
Nils Larsch
442cbb062d
check correct pointer before freeing it (Coverity CID 79,86)
2007-04-02 20:29:40 +00:00
Bodo Möller
bd31fb2145
Change to mitigate branch prediction attacks
...
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2007-03-28 00:15:28 +00:00
Dr. Stephen Henson
560b79cbff
Constify version strings and some structures.
2007-01-21 13:07:17 +00:00
Dr. Stephen Henson
47a9d527ab
Update from 0.9.8 stable. Eliminate duplicate error codes.
2006-11-21 21:29:44 +00:00
Mark J. Cox
c2cccfc585
Initialise ctx to NULL to avoid uninitialized free, noticed by
...
Steve Kiernan
2006-09-29 08:21:41 +00:00
Bodo Möller
5e3225cc44
Introduce limits to prevent malicious keys being able to
...
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
2006-09-28 13:45:34 +00:00
Dr. Stephen Henson
5c95c2ac23
Fix various error codes to match functions.
2006-07-17 16:33:31 +00:00
Dr. Stephen Henson
8bdcef40e4
New function to dup EVP_PKEY_CTX. This will be needed to make new signing
...
functions and EVP_MD_CTX_copy work properly.
2006-05-24 23:49:30 +00:00
Dr. Stephen Henson
eaff5a1412
Use size_t for new crypto size parameters.
2006-05-24 12:33:46 +00:00
