- Oct 19, 2016
-
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1686)
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1686)
-
Richard Levitte authored
Also, fix __wrap_cmd so it doesn't return unnecessary empty strings Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1686)
-
Richard Levitte authored
So far, apps and test programs, were a bit rigidely accessible as executables or perl scripts. But what about scripts in some other language? Or what about running entirely external programs? The answer is certainly not to add new functions to access scripts for each language or wrapping all the external program calls in our magic! Instead, this adds a new functions, cmd(), which is useful to access executables and scripts in a more generalised manner. app(), test(), fuzz(), perlapp() and perltest() are rewritten in terms of cmd(), and serve as examples how to do something similar for other scripting languages, or constrain the programs to certain directories. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1686)
-
Andrea Grandi authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1745)
-
Mat authored
Only set the load_crypto_strings_inited to 1 when err_load_crypto_strings_int was called. This solves the following issue: - openssl is built with no-err - load_crypto_strings_inited is set to 1 during the OPENSSL_init_crypto call - During the cleanup: OPENSSL_cleanup, err_free_strings_int is called because load_crypto_strings_inited == 1 - err_free_strings_int calls do_err_strings_init because it has never been called - Now do_err_strings_init calls OPENSSL_init_crypto - But since we are in the cleanup (stopped == 1) this results in an error: CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL); - which then tries to initialize everything we are trying to clean up: ERR_get_state, ossl_init_thread_start, etc Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1654)
-
FdaSilvaYY authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1632)
-
Richard Levitte authored
crypto/asn1/asn1_item_list.c needed including dh.h and rsa.h directly. The reason is that they are not included by x509.h when configured 'no-deprecated' Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1741)
-
Andrea Grandi authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Oct 18, 2016
-
-
FdaSilvaYY authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1742)
-
Patrick Steuer authored
crypto/s390xcap.c: internal/cryptlib.h needs to be included for OPENSSL_cpuid_setup function prototype is located there to avoid build error due to -Werror=missing-prototypes. Signed-off-by: Patrick Steuer <psteuer@mail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> CLA: trivial
-
Patrick Steuer authored
crypto/evp/e_aes.c: Types of inp and out parameters of AES_xts_en/decrypt functions need to be changed from char to unsigned char to avoid build error due to '-Werror=incompatible-pointer-types'. crypto/aes/asm/aes-s390x.pl: Comments need to reflect the above change. Signed-off-by: Patrick Steuer <psteuer@mail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> CLA: trivial
-
Patrick Steuer authored
crypto/asn1/a_strex.c: Type of width variable in asn1_valid_host function needs to be changed from char to signed char to avoid build error due to '-Werror=type-limits'. Signed-off-by: Patrick Steuer <psteuer@mail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> CLA: trivial
-
- Oct 17, 2016
-
-
David Woodhouse authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
David Woodhouse authored
OpenSSL 1.1.0 will negotiate EtM on DTLS but will then not actually *do* it. If we use DTLSv1.2 that will hopefully be harmless since we'll tend to use an AEAD ciphersuite anyway. But if we're using DTLSv1, then we certainly will end up using CBC, so EtM is relevant — and we fail to interoperate with anything that implements EtM correctly. Fixing it in HEAD and 1.1.0c will mean that 1.1.0[ab] are incompatible with 1.1.0c+... for the limited case of non-AEAD ciphers, where they're *already* incompatible with other implementations due to this bug anyway. That seems reasonable enough, so let's do it. The only alternative is just to turn it off for ever... which *still* leaves 1.0.0[ab] failing to communicate with non-OpenSSL implementations anyway. Tested against itself as well as against GnuTLS both with and without EtM. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Valentin Vidic authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Don't rely on embedded flag to free strings correctly: it wont be set if there is a malloc failure during initialisation. Thanks to Guido Vranken for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1725)
-
choury authored
CLA: trivial Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
In 1.1.0 we only allowed a strictly increasing version number in the *.num files, i.e. you could never introduce a symbol at the end of the *.num file with a lower version number than the one preceding it. This made sense for 1.1.0. However in master we may be introducing symbols for backport to 1.1.0. Therefore it is ok in master to have a symbol for version 1.1.0c coming after a symbol for version 1.1.1. This commit fixes the check in mkdef.pl to be a bit looser to allow this. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Oct 15, 2016
-
-
Steven Fackler authored
These are implemented as macros delegating to `EVP_DigestUpdate`, which takes a `size_t` as its third argument, not an `unsigned int`. CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
If len == 0 in a call to ERR_error_string_n() then we can read beyond the end of the buffer. Really applications should not be calling this function with len == 0, but we shouldn't be letting it through either! Thanks to Agostino Sarubbo for reporting this issue. Agostino's blog on this issue is available here: https://blogs.gentoo.org/ago/2016/10/14/openssl-libcrypto-stack-based-buffer-overflow-in-err_error_string_n-err-c/ Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Oct 14, 2016
-
-
Tomas Mraz authored
Copy the whole ALG_OP_TYPE to CMSG_DATA. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
FdaSilvaYY authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1694)
-
FdaSilvaYY authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1694)
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Xiaoyin Liu authored
I think the second "VC-WIN32" should be "VC-WIN64". Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> CLA: trivial
-
- Oct 13, 2016
-
-
Vitezslav Cizek authored
The number is taken from the OPENSSL_VERSION_NUMBER which is already in the hex form. CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1706)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1707)
-
FdaSilvaYY authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Looking for something starting with '-Wl,-rpath,' isn't good enough, as someone might give something like '-Wl,--enable-new-dtags,-rpath,/PATH'. Looking for ',-rpath,' should be safe enough. We could remove the preloading stuff entirely, but just in case the user has chosen to given RPATH setting arguments at configuration, we'd better make sure testing will still work. Fair warning, there are some configuration options that do not work with preloaded OpenSSL libraries, such as the sanity checking ones. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Make Configure recognise -rpath and -R to support user added rpaths for OSF1 and Solaris. For convenience, add a variable LIBRPATH in the Unix Makefile, which the users can use as follows: ./config [options] -Wl,-rpath,\$(LIBRPATH) Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Before OpenSSL 1.1.0, binaries were installed in a non-standard location by default, and runpath directories were therefore added in those binaries, to make sure the executables would be able to find the shared libraries they were linked with. With OpenSSL 1.1.0 and on, binaries are installed in standard directories by default, and the addition of runpath directories is therefore not needed any more. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Oct 12, 2016
-
-
Rich Salz authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1702)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Note that it relies on a trick from Configure, where file names for object files made from C++ source get '.cc' replaced with '_cc.o' to recognise them. This is needed so the correct compiler is used when linking binaries. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
A note: this will form object file names by changing '.cc' to '_cc.o'. This will permit other configuration code to recognise these object files were built for C++ rather than C. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Oct 11, 2016
-
-
Dr. Stephen Henson authored
The original X509_NAME decode free code was buggy: this could result in double free or leaks if a malloc failure occurred. Simplify and fix the logic. Thanks to Guido Vranken for reporting this issue. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1691)
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-