- Nov 12, 2017
-
-
Piotr Czajka authored
CLA: trivial Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4705)
-
Josh Soref authored
Around 138 distinct errors found and fixed; thanks! Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
- Nov 11, 2017
-
-
Long Qin authored
* addressing", Proc. 6th Conference on Very Large Databases: 212–223 ^ The EN DASH ('–') in this line is one UTF-8 character (hex: e2 80 93). Under some code page setting (e.g. 936), Visual Studio may report C4819 warning: The file contains a character that cannot be represented in the current code page. Replace this character with the ASCII char '-' (Hex Code: 2D). Reviewed-by:Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4691)
-
- Nov 10, 2017
-
-
FdaSilvaYY authored
Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4677)
-
Andy Polyakov authored
In earlier 5.1x Perl versions quoting globs works only if there is white space. If there is none, it's looking for names starting with ". Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
- Nov 09, 2017
-
-
Matt Caswell authored
We were using OPENSSL_strdup() unnecessarily and then failing to free it. There is no reason to use OPENSSL_strdup() in this scenario - so just remove it. Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4699)
-
- Nov 08, 2017
-
-
Andy Polyakov authored
HP-UX make doesn't recognize $< in explict target rules, only in inference ones such as .c.o. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by: -
Rich Salz authored
Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4703)
-
Rich Salz authored
Reviewed-by:
-
- Nov 07, 2017
-
-
FdaSilvaYY authored
Reviewed-by:
-
FdaSilvaYY authored
Reviewed-by:
-
Richard Levitte authored
'rsa', 'sha' and 'tlsext' can't be disabled, not even as a consequence of other conditions, so having cascading disables that depend on them is futile. Clean up! Reviewed-by:
-
Rich Salz authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4692)
-
Matt Caswell authored
If SSL_read() is called with a zero length buffer, and we read a zero length record then we should mark that record as read. Reviewed-by:
-
Matt Caswell authored
Normally TLSProxy waits for the s_server process to finish before continuing. However in cases where serverconnects > 1 we need to keep the s_server process around for a later test so we continue immediately. This means that TAP test output can end up being printed to stdout at the same time as s_server is printing stuff. This confuses the test runner and can cause spurious test failures. This commit introduces a small delay in cases where serverconnects > 1 in order to give s_server enough time to finish what it was doing before we continue to the next test. Fixes #4129 Reviewed-by:
-
Matt Caswell authored
There were 4 macros in ocsp.h that have not worked since 1.1.0 because they attempt to access the internals of an opaque structure. For OCSP_REQUEST_sign() applications should use OCSP_request_sign() instead. For OCSP_BASICRESP_sign() applications should use OCSP_basic_sign() instead. For OCSP_REQUEST_verify() applications should use OCSP_request_verify() instead. For OCSP_BASICRESP_verify() applications should use OCSP_basic_verify() instead. Reviewed-by:
-
- Nov 06, 2017
-
-
Pauli authored
The Chinese cryptographic operations should appear in the disabled list if they are disabled. Reviewed-by:
-
- Nov 05, 2017
-
-
Ronald Tse authored
Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
-
Jack Lloyd authored
SM3 is a secure hash function which is part of the Chinese "Commercial Cryptography" suite of algorithms which use is required for certain commercial applications in China. Reviewed-by:
-
FdaSilvaYY authored
Based on patch from Tomasz Moń: https://groups.google.com/forum/#!topic/mailing.openssl.dev/fQxXvCg1uQY Reviewed-by:
-
Andy Polyakov authored
It's not clear if it's a feature or bug, but binutils-2.29[.1] interprets 'adr' instruction with Thumb2 code reference differently, in a way that affects calculation of addresses of constants' tables. Reviewed-by:
-
- Nov 03, 2017
-
-
Benjamin Kaduk authored
Do not try to fuzz-test structures/routines that are compiled out of the library due to library configuration. Reviewed-by:
-
Pavel Kopyl authored
CLA: trivial Reviewed-by:
-
Pavel Kopyl authored
CLA: trivial Reviewed-by:
-
Pavel Kopyl authored
CLA: trivial Reviewed-by:
-
Kurt Roeckx authored
Reviewed-by: -
Kurt Roeckx authored
Reviewed-by:
-
Kurt Roeckx authored
b2 being negative is ignored Reviewed-by:
-
Kurt Roeckx authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
- Nov 02, 2017
-
-
Matt Caswell authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Credit to OSS-Fuzz for finding this. CVE-2017-3736 Reviewed-by: -
Richard Levitte authored
In OpenSSL pre 1.1.0, 'openssl x509 -CAkeyformat engine' was possible and supported. In 1.1.0, a small typo ('F' instead of 'f') removed that possibility. This restores the pre 1.1.0 behavior. Fixes #4366 Reviewed-by:
-
- Nov 01, 2017
-
-
Pauli authored
information about the length of the scalar used in ECDSA operations from a large number (2^32) of signatures. This doesn't rate as a CVE because: * For the non-constant time code, there are easier ways to extract more information. * For the constant time code, it requires a significant number of signatures to leak a small amount of information. Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for reporting this issue. Reviewed-by:
-
Pauli authored
information about the length of a value used in DSA operations from a large number of signatures. This doesn't rate as a CVE because: * For the non-constant time code, there are easier ways to extract more information. * For the constant time code, it requires a significant number of signatures to leak a small amount of information. Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for reporting this issue. Reviewed-by:
-
- Oct 31, 2017
-
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
It turns out that (some?) fuzzers can read a dictionary of OIDs, so we generate one as part of the usual 'make update'. Fixes #4615 Reviewed-by:
-
