- May 02, 2019
-
-
Dr. Matthias St. Pierre authored
Since commit 137096a7 it is possible to specify keywords instead of negative magic numbers for the salt length. This commit replaces the remaining occurrences of `rsa_pss_saltlen:-3` in the test recipes by `rsa_pss_saltlen:max`. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8860) (cherry picked from commit 31fc48dd)
-
Wojciech Kaluza authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8803) (cherry picked from commit 0c4e984d)
-
Wojciech Kaluza authored
- Allow user-defined RCFLAGS - Pass RCFLAGS to RC Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8803) (cherry picked from commit a583172d)
-
- Apr 30, 2019
-
-
Richard Levitte authored
The reason is that the shared-info attributes may depend on %disabled, so we need to process all enablings/disablings first. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8846) (cherry picked from commit 8f0dd6d9)
-
- Apr 25, 2019
-
-
Pauli authored
The testutil support for doubles isn't present in 1.1.1. This reverts commit 4a717667 from #8818. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8829)
-
Pauli authored
Add a Chi^2 goodness of fit test to empirically provide a degree of confidence in the uniformity of the output of the random range generation function. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8818) (cherry picked from commit bb5b3e6d)
-
Guido Vranken authored
Return error if the output tag buffer size doesn't match the tag size exactly. This prevents the caller from using that portion of the tag buffer that remains uninitialized after an otherwise succesfull call to CRYPTO_ccm128_tag. Bug found by OSS-Fuzz. Fix suggested by Kurt Roeckx. Signed-off-by: Guido Vranken <guidovranken@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8810) (cherry picked from commit 514c9da4)
-
- Apr 24, 2019
-
-
Jakub Jelen authored
CLA: trivial Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8786) (cherry picked from commit 87930507)
-
- Apr 23, 2019
-
-
Richard Levitte authored
Disabling one thing may mean having to disable other things as well. We already have a process to auto-disable things through cascading, but that was under-used. Making the cascading mechanism available through a function to be called to disable stuff makes it more automatic, and helps us when we forget how different disabling options affect others. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8812) (cherry picked from commit 71ef78d7)
-
Richard Levitte authored
Fixes #8787 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8812) (cherry picked from commit 4650d10f)
-
Richard Levitte authored
This came about with the realisation that upper case CFLAGS, LDFLAGS and so on aren't treated much after that, and this makes figuring out user added flags significantly easier, just look in %config. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8812) (cherry picked from commit c1a09254)
-
- Apr 19, 2019
-
-
dyrock authored
Check if num is 0 before trying to malloc memory. Otherwise for client hellos without extensions SSL_client_hello_get1_extensions_present will return MALLOC_FAILURE. Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8756) (cherry picked from commit 6fda11ae)
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8780) (cherry picked from commit a595b10d)
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8780) (cherry picked from commit 6f3aae256d62cfcc48c07cc0ead5080b070f371b)
-
- Apr 18, 2019
-
-
Richard Levitte authored
|str| was used for multiple conflicting purposes. When using '-strictpem', it's used to uniquely hold a reference to the loaded payload. However, when using '-strparse', |str| was re-used to hold the position from where to start parsing. So when '-strparse' and '-strictpem' are were together, |str| ended up pointing into data pointed at by |at|, and was yet being freed, with the result that the payload it held a reference to became a memory leak, and there was a double free conflict when both |str| and |at| were being freed. The situation is resolved by always having |buf| hold the pointer to the file data, and always and only use |str| to hold the position to start parsing from. Now, we only need to free |buf| properly and not |str|. Fixes #8752 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8753) (cherry picked from commit 4f29f3a2)
-
- Apr 16, 2019
-
-
Tomas Mraz authored
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8649) (cherry picked from commit 06add280)
-
Tomas Mraz authored
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8649) (cherry picked from commit 3d42833d389134b7b05b655c264e4dba5a2179e9)
-
Tomas Mraz authored
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8649) (cherry picked from commit d34bce03)
-
Bernd Edlinger authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8649) (cherry picked from commit c9dc22bc3d7f2df670dff66f04935e540e1b931a)
-
Tomas Mraz authored
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8649) (cherry picked from commit b238fb79)
-
- Apr 15, 2019
-
-
Joshua Lock authored
A couple of minor tweaks to match the style introduced in #7854: - BIO_connect: remove line break to make more grep friendly - SSL_CTX_new: harmoise the format of the HISTORY section Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 938e82f6 ) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8736)
-
Joshua Lock authored
SEE ALSO before HISTORY is the more common pattern in OpenSSL manual pages and seems to be the prevalent order based on sampling my system manual pages. Fixes #8631 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit b5c4bbbe ) Conflicts: doc/man3/RAND_DRBG_generate.pod doc/man3/RAND_DRBG_reseed.pod Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8736)
-
Joshua Lock authored
Check that the HISTORY section is located after the SEE ALSO section, this is a much more frequent order in OpenSSL manual pages (and UNIX manual pages in general). Also check that SEE ALSO comes after EXAMPLES, so that the tool can ensure the correct manual section sequence. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 573ac8f2228241771f727ecd8ff10f54073536d3) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8736)
-
Joshua Lock authored
Change to check_section_location(), a generic function to ensure that section SECTION appears before section BEFORE in the man pages. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 95f92d57755a9bfc83135a585da69d497f7293d9) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8736)
-
Paul Yang authored
This patch checks if the EXAMPLES section in a pod file is placed before the RETURN VALUES section. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit cc838ee2d66f7295bf7a7e6695aab1080d6791e9) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8736)
-
Paul Yang authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 4564e77ae9dd1866e8a033f03511b6a1792c024e) Conflicts: doc/internal/man3/openssl_ctx_get_data.pod (non-existant) doc/man3/OPENSSL_s390xcap.pod (non-existant) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8736)
-
- Apr 14, 2019
-
-
Bernd Edlinger authored
This happens in ec_key_simple_check_key and EC_GROUP_check. Since the the group order is not a secret scalar, it is unnecessary to use coordinate blinding. Fixes: #8731 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8734) (cherry picked from commit 3051bf2afab7ac8b7b9c64e68755d1addd2fb8ff)
-
- Apr 10, 2019
-
-
Shane Lontis authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8697) (cherry picked from commit 3a86f1db)
-
Bernd Edlinger authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8621) (cherry picked from commit 491360e7)
-
Jakub Wilk authored
CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8714) (cherry picked from commit ee215c7eea91f193d4765127eb31332758753058)
-
Richard Levitte authored
Even with custome ciphers, the combination in == NULL && inl == 0 should not be passed down to the backend cipher function. The reason is that these are the values passed by EVP_*Final, and some of the backend cipher functions do check for these to see if a "final" call is made. Fixes #8675 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8676) (cherry picked from commit dcb982d792d6064ed3493e79749208d8c257ff04)
-
Richard Levitte authored
'no-dso' is meaningless, as it doesn't get any macro defined. Therefore, we remove all checks of OPENSSL_NO_DSO. However, there may be some odd platforms with no DSO scheme. For those, we generate the internal macro DSO_NONE aand use it. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8622)
-
- Apr 09, 2019
-
-
Matt Caswell authored
If using a custom X509_LOOKUP_METHOD then calls to X509_STORE_CTX_get_by_subject may crash due to an incorrectly initialised X509_OBJECT being passed to the callback get_by_subject function. Fixes #8673 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8698) (cherry picked from commit b926f9deb3dc79d00f0a989370e95867516a3a17)
-
- Apr 08, 2019
-
-
Dan Campbell authored
Fixes #8645 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8654) (cherry picked from commit f997e456b9bd43af275aab90c727a52287467e98)
-
- Apr 06, 2019
-
-
Bernd Edlinger authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8620) (cherry picked from commit 8cf85d489978c384a3f193fb7cb25469e0559f27)
-
- Apr 05, 2019
-
-
Richard Levitte authored
It was assumed that the config functionality returned a boolean. However, it may return a negative number on error, so we need to take that into account. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8679) (cherry picked from commit e3af453baceee7401ba0c5044a4c3aeaf246406f)
-
Pauli authored
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8678)
-
- Apr 04, 2019
-
-
Matt Caswell authored
There are some ciphersuites that were introduced in TLSv1.0/TLSv1.1 but are backwards compatible with SSLv3. Fixes #8655 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8658) (cherry picked from commit 69539990)
-
- Apr 03, 2019
-
-
Tomas Mraz authored
This prevents failure of openssl s_server socket binding to wildcard address on hosts with disabled IPv6. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8550) (cherry picked from commit b8472b4e67ec7ad49254821f2da578ce588df4e6)
-
- Apr 02, 2019
-
-
Richard Levitte authored
I turns out that this made crypto/rand/rand_win.c to never build with BCrypt support unless the user sets _WIN32_WINNT. That wasn't the intent. This reverts commit cc8926ec8fcecae89ceab91ef753de93e49568f9. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8641) (cherry picked from commit 705a27f7e07c006b167b59070ff635a61f8e0407)
-