- Jun 10, 2017
-
-
Rich Salz authored
CLA: trivial Reviewed-by:
Kurt Roeckx <kurt@openssl.org> Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3627) (cherry picked from commit a020f54c)
-
Paul Yang authored
Check return value of NETSCAPE_SPKI_new() and NETSCAPE_SPKI_b64_encode(), and also clean up coding style incidentally. Signed-off-by:
Paul Yang <paulyang.inf@gmail.com> Reviewed-by:
-
- Jun 09, 2017
-
-
Jonathan Protzenko authored
CLA: trivial Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
- Jun 08, 2017
-
-
Benjamin Kaduk authored
Modern browsers are now, well, pretty modern. Reviewed-by:
-
Rich Salz authored
when building with OPENSSL_SMALL_FOOTPRINT defined. Reviewed-by:
-
- Jun 05, 2017
-
-
Rich Salz authored
Document that -psk is required to use PSK cipher Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3607) (cherry picked from commit 9d772829) (cherry picked from commit c1abfde7)
-
Andy Polyakov authored
Drop some redundant instructions in reduction in ecp_nistz256_sqr_montx. Reviewed-by:
-
- Jun 02, 2017
-
-
Rich Salz authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3606) (cherry picked from commit 01dfaa08)
-
- Jun 01, 2017
-
-
Todd Short authored
Code was added in commit 62f488d3 that overwrite the last ex_data valye using CRYPTO_dup_ex_data() causing a memory leak and potentially confusing the ex_data dup() callback. In ssl_session_dup(), new-up the ex_data before calling CRYPTO_dup_ex_data(); all the other structures that dup ex_data have the destination ex_data new'd before the dup. Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
-
Diego Santa Cruz authored
The password_callback() function does not necessarily NULL terminate the password buffer, the caller must use the returned length but the srp app uses this function as if it was doing NULL termination. This made the -passin and -passout options of "openssl srp" fail inexpicably and randomly or even crash. Fixed by enlarging the buffer by one, so that the maximum password length remains unchanged, and adding NULL termination upon return. [Rearrange code for coding style compliance in process.] This backport of 0e83981d . Reviewed-by:
-
Matt Caswell authored
If we fail to negotiate a version then we should send a protocol version alert. Fixes #3595 Reviewed-by:
-
- May 26, 2017
-
-
Todd Short authored
The check for SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is inconsistent. Most places check SSL->options, one place is checking SSL_CTX->options; fix that. Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> GH: #3521
-
- May 25, 2017
-
-
Matt Caswell authored
Fixes #3541 Reviewed-by:
-
Matt Caswell authored
Reviewed-by:Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by:
-
Bernd Edlinger authored
Fixes make test when configured with no-comp. Reviewed-by:
-
- May 17, 2017
-
-
Tomas Mraz authored
Allow conversion of existing requests to certificates again. Fixes the issue #3396 Reviewed-by:
-
Richard Levitte authored
Notifications can be (and should be) configured on account basis on the CI web site. This avoids getting emails to openssl-commits for personal accounts that also build OpenSSL stuff. Reviewed-by:
-
- May 11, 2017
-
-
Pauli authored
The second BN_is_zero test can never be true. Reviewed-by:
-
- May 10, 2017
-
-
Matt Caswell authored
The function SSL_set_SSL_CTX() can be used to swap the SSL_CTX used for a connection as part of an SNI callback. One result of this is that the s->cert structure is replaced. However this structure contains information about any custom extensions that have been loaded. In particular flags are set indicating whether a particular extension has been received in the ClientHello. By replacing the s->cert structure we lose the custom extension flag values, and it appears as if a client has not sent those extensions. SSL_set_SSL_CTX() should copy any flags for custom extensions that appear in both the old and the new cert structure. Fixes #2180 Reviewed-by:
-
- May 05, 2017
-
-
Andy Polyakov authored
Perl, multiple versions, for some reason occasionally takes issue with letter b[?] in ox([0-9a-f]+) regex. As result some constants, such as 0xb1 came out wrong when generating code for MASM. Fixes GH#3241. Reviewed-by:
-
- May 02, 2017
-
-
Matt Caswell authored
Fixes #1653 reported by Guido Vranken Reviewed-by:
-
Rich Salz authored
Code by Steve Henson. Backport to 1.0.2 from commit fe2d1491 Fixes #2346 Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
Todd Short authored
ASN1_GENERALIZEDTIME and ASN1_UTCTIME may be specified using offsets, even though that's not supported within certificates. To convert the offset time back to GMT, the offsets are supposed to be subtracted, not added. e.g. 1759-0500 == 2359+0100 == 2259Z. Reviewed-by:
-
- Apr 30, 2017
-
-
Rich Salz authored
Bug found and fix suggested by Julian Rüth. Push error if fflush fails Reviewed-by:
-
- Apr 27, 2017
-
-
Bernd Edlinger authored
It is not necessary to remove leading zeros here because RSA_padding_check_PKCS1_OAEP_mgf1 appends them again. As this was not done in constant time, this might have leaked timing information. Reviewed-by:
-
- Apr 24, 2017
-
-
Rich Salz authored
Reviewed-by:
-
Alex Gaynor authored
EV Guidelines section 9.2.5 says jurisdictionCountryName follows the same ASN.1 encoding rules as countryName. Reviewed-by:
-
- Apr 22, 2017
-
-
Camille Guérin authored
'X509_XTORE_CTX_cleanup' -> 'X509_STORE_CTX_cleanup' Reviewed-by:
-
David Benjamin authored
BN_is_prime_fasttest_ex begins by rejecting if a <= 1. Then it goes to set A := abs(a), but a cannot be negative at this point. Reviewed-by:
-
- Apr 13, 2017
-
-
junfx authored
If exiting non-zero, which not consistent with shell conventions, the shells/scripts treat the cmd as failed. CLA: trivial Reviewed-by:
-
- Apr 11, 2017
-
-
Rich Salz authored
Reviewed-by:
-
- Apr 04, 2017
-
-
Andy Polyakov authored
It seems to be problematic to probe processor capabilities with SIGILL on MacOS X. The problem should be limited to cases when application code is debugged, but crashes were reported even during normal execution... [backport of 0bd93bbe ] Reviewed-by:
-
- Apr 03, 2017
-
-
Matt Caswell authored
dhparams correctly handles X9.42 params in PEM format. However it failed to correctly processes them when reading/writing DER format. Reviewed-by:
-
Matt Caswell authored
DHparams has d2i_DHparams_fp, d2i_DHxparams_bio etc, but the equivalent macros for DHxparams were omitted. Reviewed-by:
-
- Mar 31, 2017
-
-
Jon Spillett authored
Reviewed-by:
-
- Mar 29, 2017
-
-
Matt Caswell authored
This causes a minor (64 bytes on my machine) mem leak in s_server/s_client. Reviewed-by:
-
