- Dec 08, 2017
-
-
FdaSilvaYY authored
Expression '...' is always true. The 'b->init' variable is assigned values twice successively Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4753)
-
FdaSilvaYY authored
Pointer 'o' is set inside a local buffer, so it can't be NULL. Also fix coding style and add comments Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
-
Benjamin Kaduk authored
s_client -status is not available in this configuration. While here, remove an outdated TODO(TLS1.3) comment. Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4873)
-
Benjamin Kaduk authored
make_dummy_resp() uses OCSP types, and get_cert_and_key() is unused once make_dummy_resp() is compiled out, so neither can be included in the build when OCSP is disabled and strict warnings are active. Reviewed-by:
-
Benjamin Kaduk authored
There's no reason to wrap this call in TEST_true() if we're not checking the return value of TEST_true() -- all of the surrounding similar calls do not have the macro wrapping them. Reviewed-by:
-
Benjamin Kaduk authored
Avoid memory leaks in error paths, and correctly apply parentheses to function calls in a long if-chain. Reviewed-by:
-
Richard Levitte authored
Otherwise, any command that relies on ssl modules may fail, because SSL_add_ssl_module() will be called after the config file has already been loaded. Fixes #4788 Reviewed-by:
-
Richard Levitte authored
IF OPENSSL_init_ssl() is called with the option flag OPENSSL_INIT_LOAD_CONFIG, any SSL config will be handled wrongly (i.e. there will be an attempt to load libssl_conf.so or whatever corresponds to that on non-Unix platforms). Therefore, at least SSL_add_ssl_module() MUST be called before OPENSSL_init_crypto() is called. The base ssl init does that, plus adds all kinds of ciphers and digests, which is harmless. Fixes #4788 Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Benjamin Kaduk authored
Reviewed-by:
-
Andy Polyakov authored
256-bit AVX512VL was estimated to deliver ~50% improvement over AVX2 and it did live up to the expectations. Reviewed-by:
-
Andy Polyakov authored
It was observed that AVX512 code paths can negatively affect overall Skylake-X system performance. But we are talking specifically about 512-bit code, while AVX512VL, 256-bit variant of AVX512F instructions, is supposed to fly as smooth as AVX2. Which is why it remains unmasked. Reviewed-by:
-
Paul Yang authored
[to be squashed] Reviewed-by:
-
Paul Yang authored
1. the 'ignore -days' warning should not be printed without '-x509' 2. the 'ignore -days' warning should terminate with new-line Reviewed-by:
-
Richard Levitte authored
Some compilers react badly to non-ASCII characters Fixes #4877 Reviewed-by:
-
JitendraLulla authored
Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
-
JitendraLulla authored
Reviewed-by:
-
JitendraLulla authored
Reviewed-by:
-
JitendraLulla authored
extending afalg with aes-cbc-192/256, afalgtest.c also updated accordingly. comments from matt, Stephen considered fix indentation, remove printf from afalgtest.c Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
- Dec 07, 2017
-
-
Richard Levitte authored
Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4818)
-
Richard Levitte authored
It's better to inform the user about this than silently ignoring something that the user might expect to work, somehow. Reviewed-by:
-
Richard Levitte authored
This is, even when they contain spaces or all kinds of funny quotes Reviewed-by:
-
Richard Levitte authored
This way, any of the relevant environment variables for the platform being configured are preserved and don't have to be recalled manually when reconfiguring. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
In other words, make the following possible: ./config CC=clang or ./Configure CC=clang linux-x86_64 Reviewed-by: -
Richard Levitte authored
There are cases when we overwrite %ENV values, and while this is perfectly fine on some platforms, it isn't on others, because the Configure script isn't necessarely run in a separate process, and thus, changing %ENV may very well change the environment of the calling shell. VMS is such a platform. Furthermore, saving away values that we use also allow us to save them in configdata.pm in an effective way, and recall those values just as effectively when reconfiguring. Also, this makes sure that we do use the saved away values when reconfiguring, when the actual environment variables might otherwise affect us. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
- Dec 06, 2017
-
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Test reading/writing to an SSL object after a fatal error has been detected. This CVE only affected 1.0.2, but we should add it to other branches for completeness. Reviewed-by:Viktor Dukhovni <viktor@openssl.org>
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Credit to OSS-Fuzz for finding this. CVE-2017-3738 Reviewed-by: -
Matt Caswell authored
The check_fatal macro is supposed to only be called if we are already expecting to be in the fatal state. The macro asserts that we are and puts us into the fatal state if not. This issue combined with the problem fixed in the previous commit meant that the fuzzer detected a crash at a point in the processing when we should have already been in the fatal state. Reviewed-by:
-
Matt Caswell authored
The recent SSL error overhaul left a case where an error occurs but SSLfatal() is not called. Credit to OSSfuzz for finding this issue. Reviewed-by:
-
- Dec 05, 2017
-
-
Patrick Steuer authored
Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
-
Rich Salz authored
Thanks to Michel Sales for the suggestion. Reviewed-by:
-
Daniel Bevenius authored
CLA: trivial Reviewed-by:
-
- Dec 04, 2017
-
-
MerQGh authored
This line will allow use private keys, which created by Crypto Pro, to sign with OpenSSL. CLA: trivial Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
