- Dec 03, 2018
-
-
Matt Caswell authored
Check that s is less than the order before attempting to verify the signature as per RFC8032 5.1.7 Fixes #7693 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7697)
-
Richard Levitte authored
Expand the text on deprecation to be more descriptive and to refer back to openssl_user_macros(7). Incidently, this required a small change in util/find-doc-nits, to have it skip over any line that isn't part of a block (i.e. that hasn't been indented with at least one space. That makes it skip over deprecation text. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7745)
-
Richard Levitte authored
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7744)
-
Richard Levitte authored
From now on, the default is to look in both the source directory and the build directory. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7742)
-
Richard Levitte authored
This manual is a start to describe macros that users can use to affect what symbols are exported by the public header files. Because the macro OPENSSL_API_COMPAT has a default that's affected by configuration choices, we must make it a generated manual. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7742)
-
- Dec 01, 2018
-
-
Antoine Salon authored
Signed-off-by: Antoine Salon <asalon@vmware.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7738)
-
- Nov 30, 2018
-
-
Andy Polyakov authored
Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding if nul delimiter is preceded by 8 consecutive 0x03 bytes. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
And make RSAErr call unconditional. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
And make RSAErr call unconditional. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
Expected usage pattern is to unconditionally set error and then wipe it if there was no actual error. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 27, 2018
-
-
Richard Levitte authored
Config options 'no-err' and 'no-autoerrinit' Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7711)
-
Paul Yang authored
If compile OpenSSL with SSL_DEBUG macro, some test cases will cause the process crashed in the debug code. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7707)
-
Richard Levitte authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7703)
-
Richard Levitte authored
We only convert lowercase .s to .asm, that turned out not to be sufficient. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7703)
-
- Nov 26, 2018
-
-
Billy Brumley authored
Updated "condition" logic lifted from Theo Buehler's LibreSSL commit https://github.com/libressl-portable/openbsd/commit/517358603b4be76d48a50007a0d414c2072697dd Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7619)
-
- Nov 24, 2018
-
-
Richard Levitte authored
There's too high a chance that the openssl app and perl get different messages for some error numbers. [extended tests] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7699)
-
Richard Levitte authored
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696)
-
Richard Levitte authored
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696)
-
Richard Levitte authored
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696)
-
Richard Levitte authored
When creating a tarball, it's pointless to include scripts that assume a git workspace. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696)
-
Richard Levitte authored
Also adds missing copyright boilerplate to util/mktar.sh Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696)
-
Richard Levitte authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7700)
-
Richard Levitte authored
This typo prevented ia64 assembler to be compiled on VMS Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7700)
-
Richard Levitte authored
It turns out that on VMS, strerror() returns messages with added spaces at the end. We wouldn't had noticed if it wasn't for perl trimming those spaces off for its own sake and thereby having test/recipes/02-test_errstr.t fail on VMS. The safe fix is to do the same trimming ourselves. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7701)
-
- Nov 23, 2018
-
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7692)
-
Richard Levitte authored
Since recently, OpenSSL tarballs are produced with 'make tar' rather than 'make dist', as the latter has turned out to be more troublesome than useful. The next step to look at is why we would need to configure at all to produce a Makefile just to produce a tarball. After all, the tarball should now only contain source files that are present even without configuring. Furthermore, the current method for producing tarballs is a bit complex, and can be greatly simplified with the right tools. Since we have everything versioned with git, we might as well use the tool that comes with it. Added: util/mktar.sh, a simple script to produce OpenSSL tarballs. It takes the options --name to modify the prefix of the distribution, and --tarfile tp modify the tarball file name specifically. This also adds a few entries in .gitattributes to specify files that should never end up in a distribution tarball. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7692)
-
Richard Levitte authored
This ensures we collected them properly and and as completely as can be tested safely. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7681)
-
Richard Levitte authored
We stored copies of the system error texts in a fixed line size array, which is a huge waste. Instead, use a static memory pool and pack all the string in there. The wasted space at the end, if any, gives us some leeway for longer strings than we have measured so far. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7681)
-
- Nov 21, 2018
-
-
Matthew Hodgson authored
Fixes #7675 On macOS, if you call `connect()` on a UDP socket you cannot then call `sendto()` with a destination, otherwise it fails with Err#56 ('socket is already connected'). By calling `BIO_ctrl_set_connected()` on the wbio we can tell it that the socket has been connected and make it call `send()` rather than `sendto()`. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7676)
-
Andy Polyakov authored
Blinding is performed more efficiently and securely if MONT_CTX for public modulus is available by the time blinding parameter are instantiated. So make sure it's the case. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7586)
-
- Nov 20, 2018
-
-
cclauss authored
CLA: trivial In Travis CI, add a Python linting step that runs flake8 tests in Travis CI to find syntax errors and undefined names. (http://flake8.pycqa.org ) __E901,E999,F821,F822,F823__ are the "_showstopper_" flake8 issues that can halt the runtime with a SyntaxError, NameError, etc. Most other flake8 issues are merely "style violations" -- useful for readability but they do not effect runtime safety. * F821: undefined name `name` * F822: undefined name `name` in `__all__` * F823: local variable name referenced before assignment * E901: SyntaxError or IndentationError * E999: SyntaxError -- failed to compile a file into an Abstract Syntax Tree Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7410)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7668)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7663)
-
- Nov 19, 2018
-
-
Richard Levitte authored
Mingw and Cygwin builds install the DLLs in the application directory, not the library directory, so ensure that one is created for them when installing the DLLs. Fixes #7653 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7654)
-
- Nov 18, 2018
-
-
Johannes Bauer authored
Add documentation to new parameter and two examples showcasing scrypt KDF. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5697)
-
Johannes Bauer authored
This patch adds the ability to interactively enter passphrases for the pkeyutl application. For example, you could use $ openssl pkeyutl -kdf TLS1-PRF -kdflen 8 -pkeyopt md:md5 -pkeyopt_passin secret -pkeyopt_passin seed To have the "secret" and "seed" values read interactively from keyboard (with hidden input). Alternatively, the pass phrase argument syntax is also supported, e.g.: $ openssl pkeyutl -kdf TLS1-PRF -kdflen 8 -pkeyopt md:md5 -pkeyopt_passin secret:stdin -pkeyopt_passin seed:env:SEEDVAR To have "secret" read from stdin and "seed" from the environment variable SEEDVAR. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5697)
-
- Nov 16, 2018
-
-
Andy Polyakov authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7643)
-
Andy Polyakov authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7643)
-
- Nov 15, 2018
-
-
Richard Levitte authored
Without this precaution, we end up having directory targets depend on shlib object files for which there are no rules. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7644)
-