- Feb 23, 2017
-
-
Pauli authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2715)
-
Richard Levitte authored
The generation number is ';nnn' at the end of the file name fetched with readdir(). Because rehash checks for specific extensions and doesn't expect an additional generation number, the easiest is to massage the received file name early by simply removing the generation number. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2717)
-
- Feb 22, 2017
-
-
Richard Levitte authored
Also, don't exit with an error code Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2716)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2689)
-
Bernd Edlinger authored
There has never been any gcc option of that kind. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2705)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2707)
-
Rich Salz authored
Prevent that memory beyond the last element is accessed if every element of group->poly[] is non-zero Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2689)
-
Richard Levitte authored
A spelling error prevented it from building correctly. Furthermore, we need to be more careful when to add a / at the end of the dirname and when not. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2706)
-
Richard Levitte authored
opendir(), readdir() and closedir() have been available on VMS since version 7.0. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2707)
-
Rob Percival authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/843)
-
Rob Percival authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/843)
-
Rob Percival authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/843)
-
Rob Percival authored
TODO(robpercival): Should actually test that the output certificate contains the poison extension. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/843)
-
Rob Percival authored
This makes it a little easier to create a pre-certificate. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/843)
-
Bernd Edlinger authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2704)
-
Richard Levitte authored
The condition wasn't quite right Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2702)
-
- Feb 21, 2017
-
-
Bernd Edlinger authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2607)
-
Andy Polyakov authored
One of the reasons for why masm/ml64 is not [fully] supported is that it's problematic to support multiple versions. But latest one usually works and/or it's lesser problem to make it work. So idea here is to have a "whistle" when it breaks, so that problems can be evaluated as they emerge. It's kind of "best effort" thing, as opposite to "full support". Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dmitry Belyavskiy authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2676)
-
Bernd Edlinger authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2684)
-
Bernd Edlinger authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2684)
-
Dmitry Belyavskiy authored
commands. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2695)
-
Rich Salz authored
Change size comparison from > (GT) to >= (GTE) to ensure an additional byte of output buffer, to prevent OOB reads/writes later in the function Reject input strings larger than 2GB Detect invalid output buffer size and return early Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2672)
-
Kurt Roeckx authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #2682
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2679)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2679)
-
Dr. Stephen Henson authored
Set default validity flags if signature algorithms extension is not present. Preserve flags when checking chains. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2679)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2679)
-
Hikar authored
CLA: trivial. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2674)
-
Pauli authored
The sh_add_to_list function will overwrite subsequent slots in the free list for small allocations. This causes a segmentation fault if the writes goes off the end of the secure memory. I've not investigated if this problem can overwrite memory without the segmentation fault, but it seems likely. This fix limits the minsize to the sizeof of the SH_LIST structure (which also has a side effect of properly aligning the pointers). The alternative would be to return an error if minsize is too small. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2657)
-
Pauli authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2337)
-
Pauli authored
This implementation is written in endian agnostic C code. No attempt at providing machine specific assembly code has been made. This implementation expands the evptests by including the test cases from RFC 5794 and ARIA official site rather than providing an individual test case. Support for ARIA has been integrated into the command line applications, but not TLS. Implemented modes are CBC, CFB1, CFB8, CFB128, CTR, ECB and OFB128. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2337)
-
Dmitry Belyavskiy authored
It makes possible to print the certificate's DN correctly in case of verification errors. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2656)
-
Rich Salz authored
Prevent undefined behavior in CRYPTO_cbc128_encrypt: calling this function with the 'len' parameter being 0 would result in a memcpy where the source and destination parameters are the same, which is undefined behavior. Do same for AES_ige_encrypt. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2671)
-
- Feb 20, 2017
-
-
Kurt Roeckx authored
This reverts commit 3aad8e18 . Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #2686
-
- Feb 19, 2017
-
-
Andy Polyakov authored
Travis OS X utilization and backlog statistics suggest that it became bottleneck for our integration builds with requests piling up for days during working days of the week. Suggestion is to remove osx till capacity is lesser issue. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Kurt Roeckx authored
Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #2633
-
Todd Short authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2649)
-
Richard Levitte authored
On VMS, file names with more than one period get all but the last get escaped with a ^, so 21-key-update.conf.in becomes 21-key-update^.conf.in That means that %conf_dependent_tests and %skip become useless unless we massage the file names that are used as indexes. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2678)
-
Richard Levitte authored
Since 20-cert-select.conf will vary depending in no-dh and no-dsa, don't check it against original when those options are selected Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2680)
-