- Feb 10, 2016
-
-
Andy Polyakov authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> (cherry picked from commit 740b2b9a)
-
- Dec 03, 2015
-
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by:
-
- Dec 02, 2015
-
-
Matt Caswell authored
Update the CHANGES and NEWS files for the new release. Reviewed-by:Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Change the "reuse" behaviour in ASN1_item_d2i: if successful the old structure is freed and a pointer to the new one used. If it is not successful then the passed structure is untouched. Exception made for primitive types so ssl_asn1.c still works. Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
Emilia Käsper <emilia@openssl.org> Conflicts: doc/crypto/d2i_X509.pod
-
Dr. Stephen Henson authored
When parsing a combined structure pass a flag to the decode routine so on error a pointer to the parent structure is not zeroed as this will leak any additional components in the parent. This can leak memory in any application parsing PKCS#7 or CMS structures. CVE-2015-3195. Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using libFuzzer. PR#4131 Reviewed-by: -
Richard Levitte authored
The feature_test_macros(7) manual tells us that _BSD_SOURCE is deprecated since glibc 2.20 and that the compiler will warn about it being used, unless _DEFAULT_SOURCE is defined as well. Reviewed-by:
-
- Nov 24, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Thanks to Guido Vranken <guidovranken@gmail.com> for reporting this issue. Reviewed-by:
-
- Oct 10, 2015
-
-
Dr. Stephen Henson authored
PR#4079 Reviewed-by:
-
- Oct 06, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by:
-
- Sep 29, 2015
-
-
Ismo Puustinen authored
Signed-off-by:
-
- Sep 25, 2015
-
-
Rich Salz authored
Reviewed-by:
-
- Sep 22, 2015
-
-
Rich Salz authored
Reviewed-by:
-
Rich Salz authored
For all release branches. It adds travis build support. If you don't have a config file it uses the default (because we enabled travis for the project), which uses ruby/rake/rakefiles, and you get confusing "build still failing" messages. Reviewed-by:
Andy Polyakov <appro@openssl.org> (cherry picked from commit db9defdf)
-
- Sep 17, 2015
-
-
Matt Caswell authored
In master we have the function OPENSSL_clear_free(x,y), which immediately returns if x == NULL. In <=1.0.2 this function does not exist so we have to do: OPENSSL_cleanse(x, y); OPENSSL_free(x); However, previously, OPENSSL_cleanse did not check that if x == NULL, so the real equivalent check would have to be: if (x != NULL) OPENSSL_cleanse(x, y); OPENSSL_free(x); It would be easy to get this wrong during cherry-picking to other branches and therefore, for safety, it is best to just ensure OPENSSL_cleanse also checks for NULL. Reviewed-by:
-
- Sep 16, 2015
-
-
Ivo Raisr authored
PR#4035 Reviewed-by:
Stephen Henson <steve@openssl.org> (cherry picked from commit 929f6d6f)
-
- Sep 11, 2015
-
-
Dr. Stephen Henson authored
If the field separator isn't specified through -nameopt then use XN_FLAG_SEP_CPLUS_SPC instead of printing nothing and returing an error. PR#2397 Reviewed-by:
-
- Sep 01, 2015
-
-
Matt Caswell authored
Builds using no-tlsext in 1.0.0 and 0.9.8 are broken. This commit fixes the issue. The same commit is applied to 1.0.1 and 1.0.2 branches for code consistency. However this commit will not fix no-tlsext in those branches which have always been broken for other reasons. The commit is not applied to master at all, because no-tlsext has been completely removed from that branch. Based on a patch by Marc Branchaud <marcnarc@xiplink.com> Reviewed-by:
-
- Aug 31, 2015
-
-
Richard Levitte authored
Because we recently encourage people to have a .dir-locals.el, it's a good idea to ignore it on a git level. Reviewed-by:
-
Richard Levitte authored
Apparently, emacs sees changes to auto-fill-mode as insecure Reviewed-by:
-
Richard Levitte authored
This file, when copied to .dir-locals.el in the OpenSSL source top, will make sure that the CC mode style "OpenSSL-II" will be used for all C files. Additionally, I makes sure that tabs are never used as indentation character, regardless of the emacs mode, and that the fill column is 78. Reviewed-by:
-
Richard Levitte authored
This hopefully conforms closely enough to the current code style. Reviewed-by:
-
- Aug 16, 2015
-
-
Rich Salz authored
Best hope of keeping current. Reviewed-by:
-
- Aug 01, 2015
-
-
Dirk Wetter authored
Reviewed-by:
-
- Jul 31, 2015
-
-
Loganaden Velvindron authored
From a CloudFlare patch. Reviewed-by:
-
- Jul 30, 2015
-
-
Martin Vejnar authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (cherry picked from commit fa4629b6)
-
- Jul 29, 2015
-
-
Rich Salz authored
Reviewed-by:
-
- Jul 13, 2015
-
-
Richard Levitte authored
Fixes GH#330 Reviewed-by:
-
- Jul 10, 2015
-
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Instead of piping through tardy, and possibly suffering from bugs in certain versions, use --transform, --owner and --group directly with GNU tar (we already expect that tar variant). Reviewed-by:
-
- Jul 09, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by:
-
- Jul 06, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by:
-
- Jul 02, 2015
-
-
Dr. Stephen Henson authored
The PSK identity hint should be stored in the SSL_SESSION structure and not in the parent context (which will overwrite values used by other SSL structures with the same SSL_CTX). Use BUF_strndup when copying identity as it may not be null terminated. Reviewed-by:
-
- Jun 25, 2015
-
-
Dr. Stephen Henson authored
PR#3923 Reviewed-by:
-
- Jun 16, 2015
-
-
Richard Levitte authored
Reviewed-by:
Kurt Roeckx <kurt@openssl.org> (cherry picked from commit b4f0d1a4)
-
Richard Levitte authored
Reviewed-by:
-
- Jun 11, 2015
-
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Updates to CHANGES and NEWS to take account of the latest security fixes. Reviewed-by:
-
