- Dec 29, 2016
-
-
Markus Triska authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> CLA: trivial (Merged from https://github.com/openssl/openssl/pull/2145) (cherry picked from commit 67adf0a7)
-
- Dec 20, 2016
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2121) (cherry picked from commit 2629440d)
-
Richard Levitte authored
For now, checking that the size is non-zero will suffice. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2120) (cherry picked from commit d7c8f142)
-
- Dec 18, 2016
-
-
Finn Hakansson authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> CLA: trivial (Merged from https://github.com/openssl/openssl/pull/2086) (cherry picked from commit 0b742f93) (cherry picked from commit f7a2da1d)
-
- Dec 14, 2016
-
-
russor authored
Some versions of the Microsoft TLS stack have problems when the DHE public key is encoded with fewer bytes than the DHE prime. (Backported from master) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1350)
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2082)
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2082)
-
- Dec 13, 2016
-
-
Benjamin Kaduk authored
- Always process ALPN (previously there was an early return in the certificate status handling) 1.0.2 did not have the double-alert issue from master, but it seems cleanest to pull in the structural change to alert handling anyway and jump to f_err instead of err to send the alert in the caller. (cherry picked from commit 70c22888 ) Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Dec 12, 2016
-
-
Andy Polyakov authored
$1<<32>>32 worked fine with either 32- or 64-bit perl for a good while, relying on quirk that [pure] 32-bit perl performed it as $1<<0>>0. But this apparently changed in some version past minimally required 5.10, and operation result became 0. Yet, it went unnoticed for another while, because most perl package providers configure their packages with -Duse64bitint option. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 82e08930)
-
- Dec 10, 2016
-
-
Richard Levitte authored
If on a non-tty stdin, TTY_get() will fail with errno == ENODEV. We didn't catch that. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2039) (cherry picked from commit c901bcce)
-
Richard Levitte authored
On all platforms, if the controlling tty isn't an actual tty, this is flagged by setting is_a_tty to zero... except on VMS, where this was treated as an error. Change this to behave like the other platforms. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2064)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2065) (cherry picked from commit 71bbc79b) Conflicts: crypto/rsa/rsa_err.c include/openssl/rsa.h
-
- Dec 08, 2016
-
-
Richard Levitte authored
A bang (!) slipped through in the recent UI cleanup Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2051) (cherry picked from commit 949320c5)
-
Richard Levitte authored
Mostly condition check changes. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2047) (cherry picked from commit 120fb9e4)
-
- Nov 29, 2016
-
-
Matt Caswell authored
Commit fa4c3745 got reverted, so this one also needs to be reverted as a result. This reverts commit ad69a303 . Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Nov 27, 2016
-
-
Vitezslav Cizek authored
Move rsa_key initialization in front of load_config(). If loading the config fails, rsa_key isn't initialized and may cause invalid free() in the end: cleanup. Remove superfluous memset. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Nov 26, 2016
-
-
Andy Polyakov authored
This is 1.0.2-specific reformat of 5ae5dc96 . Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Nov 25, 2016
-
-
Andy Polyakov authored
GH issue #1916 affects only big-endian platforms. TLS is not affected, because TLS fragment is never big enough. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 76f572ed)
-
- Nov 22, 2016
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1980) (cherry picked from commit 19cb71ef) (cherry picked from commit 793d9b79)
-
- Nov 21, 2016
-
-
Kurt Roeckx authored
Backport of beacb0f0, revert of fa4c3745 Fixes: #1903 Reviewed-by: Matt Caswell <matt@openssl.org> GH: #1967
-
- Nov 18, 2016
-
-
Beat Bolli authored
In the X509_NAME_get_index_by_NID.pod example, the initialized variable is called "loc", but the one used in the for loop is called "lastpos". Make the names match. CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1949) (cherry picked from commit 4b9c2669)
-
- Nov 16, 2016
-
-
Orgad Shaneh authored
also on systems with makedepend that does not report its version, or that its version does not contain "gcc" or "clang". Some versions of makedepends just overwrite Makefile. Preserve the timestamp of the previous Makefile, and copy it back if it is unchanged. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1370)
-
Orgad Shaneh authored
... on systems with symlinks. Creating or overwriting a symlink sets the file ctime to the current time. This causes needless rebuilds because the time of all the headers is changed, and apparently make considers the link's time rather than the time of the target. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1370)
-
Orgad Shaneh authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1370)
-
Orgad Shaneh authored
... on systems without symlinks. Overwriting all the headers on each Configure causes full rebuild even if nothing has changed. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1370)
-
Orgad Shaneh authored
When Makefile/opensslconf.h is unchanged, don't write it at all. Currently every time Configure is executed, these files are overwritten. Makefile leads to regeneration of buildinf.h, and opensslconf.h is itself a central header. As a result, Configure triggers full rebuild, even if nothing is changed. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1370)
-
Rich Salz authored
Factorise multiple bn_get_top(group->field) calls Add missing checks on some conditional BN_copy return value Add missing checks on some BN_copy return value Add missing checks on a few bn_wexpand return value Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1626) (cherry picked from commit 78e09b53)
-
- Nov 13, 2016
-
-
Matthias Kraft authored
Avoid a memory alignment issue. Signed-off-by: Matthias Kraft <Matthias.Kraft@softwareag.com> CLA: trivial Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1650)
-
- Nov 10, 2016
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 2fac86d9)
-
- Nov 08, 2016
-
-
Andy Polyakov authored
Build failure was reported in GH#1818 if APPS environment was defined. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1864)
-
- Nov 04, 2016
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1849) (cherry picked from commit 1e62cc12)
-
- Nov 02, 2016
-
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
TLS1.0 and TLS1.1 say you SHOULD ignore unrecognised record types, but TLS 1.2 says you MUST send an unexpected message alert. We swap to the TLS 1.2 behaviour for all protocol versions to prevent issues where no progress is being made and the peer continually sends unrecognised record types, using up resources processing them. Issue reported by 郭志攀 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
The heartbeat_test reaches into the internals of libssl and calls some internal functions. It then checks the return value to check its what it expected. However commit fa4c3745 changed the return value of these internal functions, and now the test is failing. The solution is to update the test to look for the new return value. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Forks will have to define their own Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1821) (cherry picked from commit 5e28b1c1)
-
- Nov 01, 2016
-
-
Benjamin Kaduk authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1625) (cherry picked from commit e4d94269)
-
- Oct 28, 2016
-
-
Richard Levitte authored
Without this, any linker flag the user gave when configuring are ignored. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1803)
-
Matt Caswell authored
Replace the various length checks in the extension code with a macro to simplify the logic. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
The previous commit inspired a review of all the length checks for the extension adding code. This adds more robust checks and adds checks where some were missing previously. The real solution for this is to use WPACKET which is currently in master - but that cannot be applied to release branches. Reviewed-by: Rich Salz <rsalz@openssl.org>
-