- Nov 26, 2018
-
-
Billy Brumley authored
Updated "condition" logic lifted from Theo Buehler's LibreSSL commit https://github.com/libressl-portable/openbsd/commit/517358603b4be76d48a50007a0d414c2072697dd Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7619) (cherry picked from commit 900fd8f375ca758d182e894bc1556509b231dbc8)
-
- Nov 24, 2018
-
-
Richard Levitte authored
There's too high a chance that the openssl app and perl get different messages for some error numbers. [extended tests] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7699) (cherry picked from commit 0777de15)
-
Richard Levitte authored
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696) (cherry picked from commit 3be389435fc7b94623d972b622dbd9f0cd5c34f7)
-
Richard Levitte authored
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696) (cherry picked from commit b741f153b2f24139d7210b1b0c9caf561f4900e8)
-
Richard Levitte authored
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696) (cherry picked from commit 76bc401cc63219a462224884cb4af787e17725ed)
-
Richard Levitte authored
When creating a tarball, it's pointless to include scripts that assume a git workspace. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696) (cherry picked from commit b9a694717902af796639e1dff641ba620703303b)
-
Richard Levitte authored
Also adds missing copyright boilerplate to util/mktar.sh Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696) (cherry picked from commit b42922ea2f605fd6c42faad1743fb27be5f7f1f3)
-
Richard Levitte authored
This typo prevented ia64 assembler to be compiled on VMS Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7700) (cherry picked from commit 04375857cf4971460c473fa44bef86351f2177fe)
-
Richard Levitte authored
It turns out that on VMS, strerror() returns messages with added spaces at the end. We wouldn't had noticed if it wasn't for perl trimming those spaces off for its own sake and thereby having test/recipes/02-test_errstr.t fail on VMS. The safe fix is to do the same trimming ourselves. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7701) (cherry picked from commit 9f15e5b911ba6053e09578f190354568e01c07d7)
-
David Woodhouse authored
If the private key says it can only support one specific digest, then don't ask it to perform a different one. Fixes: #7348 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 2d263a4a73f852005b16359873475d48755999ad) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7609)
-
David Woodhouse authored
ASN1_PKEY_CTRL_DEFAULT_MD_NID is documented to return 2 for a mandatory digest algorithm, when the key can't support any others. That isn't true here, so return 1 instead. Partially fixes #7348 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit eb7eb1378cd15c4652884b3701d4c0ef27b5b8a6) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7609)
-
- Nov 23, 2018
-
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7692) (cherry picked from commit 8d9535ec3e317641b8e551973c8cfe2ee1c89296)
-
Richard Levitte authored
Since recently, OpenSSL tarballs are produced with 'make tar' rather than 'make dist', as the latter has turned out to be more troublesome than useful. The next step to look at is why we would need to configure at all to produce a Makefile just to produce a tarball. After all, the tarball should now only contain source files that are present even without configuring. Furthermore, the current method for producing tarballs is a bit complex, and can be greatly simplified with the right tools. Since we have everything versioned with git, we might as well use the tool that comes with it. Added: util/mktar.sh, a simple script to produce OpenSSL tarballs. It takes the options --name to modify the prefix of the distribution, and --tarfile tp modify the tarball file name specifically. This also adds a few entries in .gitattributes to specify files that should never end up in a distribution tarball. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7692) (cherry picked from commit 8c209eeef426ded66ce99048f535f35d08b88462)
-
Richard Levitte authored
This ensures we collected them properly and and as completely as can be tested safely. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7681) (cherry picked from commit 4b801fdcf4c25f44374eb18cb18f36d904975edd)
-
Richard Levitte authored
We stored copies of the system error texts in a fixed line size array, which is a huge waste. Instead, use a static memory pool and pack all the string in there. The wasted space at the end, if any, gives us some leeway for longer strings than we have measured so far. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7681) (cherry picked from commit 2c5b6bbb6797242f43b5a986e1c018943e5c1305)
-
- Nov 22, 2018
-
-
Andy Polyakov authored
Blinding is performed more efficiently and securely if MONT_CTX for public modulus is available by the time blinding parameter are instantiated. So make sure it's the case. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7586) (cherry picked from commit 2cc3f68cde77af23c61fbad65470602ee86f2575)
-
- Nov 21, 2018
-
-
Matthew Hodgson authored
Fixes #7675 On macOS, if you call `connect()` on a UDP socket you cannot then call `sendto()` with a destination, otherwise it fails with Err#56 ('socket is already connected'). By calling `BIO_ctrl_set_connected()` on the wbio we can tell it that the socket has been connected and make it call `send()` rather than `sendto()`. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7676) (cherry picked from commit b92678f4e94eeec468f194333f874906a6fff7f1)
-
Paul Yang authored
This fixes issue #7677 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7678)
-
- Nov 20, 2018
-
-
cclauss authored
CLA: trivial In Travis CI, add a Python linting step that runs flake8 tests in Travis CI to find syntax errors and undefined names. (http://flake8.pycqa.org ) __E901,E999,F821,F822,F823__ are the "_showstopper_" flake8 issues that can halt the runtime with a SyntaxError, NameError, etc. Most other flake8 issues are merely "style violations" -- useful for readability but they do not effect runtime safety. * F821: undefined name `name` * F822: undefined name `name` in `__all__` * F823: local variable name referenced before assignment * E901: SyntaxError or IndentationError * E999: SyntaxError -- failed to compile a file into an Abstract Syntax Tree Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7410) (cherry picked from commit 2a6f57bc098cdfa6320189f2725337c7f74a052e)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7669)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7664)
-
- Nov 19, 2018
-
-
Richard Levitte authored
Without this precaution, we end up having directory targets depend on shlib object files for which there are no rules. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7645)
-
Richard Levitte authored
Mingw and Cygwin builds install the DLLs in the application directory, not the library directory, so ensure that one is created for them when installing the DLLs. Fixes #7653 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7654) (cherry picked from commit 9694ebf7)
-
- Nov 16, 2018
-
-
Andy Polyakov authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7643) (cherry picked from commit 6b956fe77b8aeb899ef7bdfa147a00bda51b804a)
-
Andy Polyakov authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7643) (cherry picked from commit 79d7fb990cd28bbe2888ed8f9051ab54c9f986b0)
-
- Nov 15, 2018
-
-
Richard Levitte authored
Fixes #7641 [extended tests] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7642) (cherry picked from commit c7af8b0a)
-
- Nov 14, 2018
-
-
Vitezslav Cizek authored
dsa_builtin_paramgen2 expects the L parameter to be greater than N, otherwise the generation will get stuck in an infinite loop. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (cherry picked from commit 3afd38b277a806b901e039c6ad281c5e5c97ef67) (Merged from https://github.com/openssl/openssl/pull/7493)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7620) (cherry picked from commit 65d2c16c)
-
- Nov 13, 2018
-
-
Richard Levitte authored
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7633) (cherry picked from commit 2dc37bc2b4c678462a24d2904604e58c0c5ac1cb)
-
Richard Levitte authored
We therefore must add defaults. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7626) (cherry picked from commit 45cdae1c7c93fe7ef2a981da4c36c3b8cb09e855)
-
Richard Levitte authored
When libssl and libcrypto are compiled on Linux with "-rpath", but not "--enable-new-dtags", the RPATH takes precedence over LD_LIBRARY_PATH, and we end up running with the wrong libraries. This is resolved by using full (or at least relative, rather than just the filename to be found on LD_LIBRARY_PATH) paths to the shared objects. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7626) (cherry picked from commit 18289399743da6c3db462f37fc8797738e8acf7c)
-
Richard Levitte authored
Fixes #7634 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7635)
-
- Nov 12, 2018
-
-
Viktor Dukhovni authored
SSL_get_signature_nid() -- local signature algorithm SSL_get_signature_type_nid() -- local signature algorithm key type SSL_get_peer_tmp_key() -- Peer key-exchange public key SSL_get_tmp_key -- local key exchange public key Aliased pre-existing SSL_get_server_tmp_key(), which was formerly just for clients, to SSL_get_peer_tmp_key(). Changed internal calls to use the new name. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7503) (cherry picked from commit 6e68dae8)
-
Matt Caswell authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7503) (cherry picked from commit fb8c8359)
-
Matt Caswell authored
SSL(_CTX)?_set_client_CA_list() was a server side only function in 1.1.0. If it was called on the client side then it was ignored. In 1.1.1 it now makes sense to have a CA list defined for both client and server (the client now sends it the the TLSv1.3 certificate_authorities extension). Unfortunately some applications were using the same SSL_CTX for both clients and servers and this resulted in some client ClientHellos being excessively large due to the number of certificate authorities being sent. This commit seperates out the CA list updated by SSL(_CTX)?_set_client_CA_list() and the more generic SSL(_CTX)?_set0_CA_list(). This means that SSL(_CTX)?_set_client_CA_list() still has no effect on the client side. If both CA lists are set then SSL(_CTX)?_set_client_CA_list() takes priority. Fixes #7411 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7503) (cherry picked from commit 98732979)
-
Richard Levitte authored
Just refering to a hash table element as an array reference will automatically create that element. Avoid that by defaulting to a separate empty array reference. Fixes #7543 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7544) (cherry picked from commit 3bed01a09071fb289484dfd265f0a8a991537282)
-
Matt Caswell authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7442) (cherry picked from commit 24ae00388fb9e25af8f94d36b7c191ae90061586)
-