- Jul 18, 2017
-
-
Emilia Kasper authored
This is an inherent weakness of the padding mode. We can't make the implementation constant time (see the comments in rsa_pk1.c), so add a warning to the docs. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jul 16, 2017
-
-
Bernd Edlinger authored
Make RSA key exchange code actually constant-time. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3935)
-
- Jul 15, 2017
-
-
simon-p-r authored
From https://github.com/openssl/openssl/pull/1023 CLA: trivial Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3904)
-
- Jul 06, 2017
-
-
Richard Levitte authored
When tree_calculate_user_set() fails, a jump to error failed to deallocate a possibly allocated |auth_nodes|. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3851)
-
- Jul 05, 2017
-
-
Bernd Edlinger authored
Fixes #3349 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3819)
-
Richard Levitte authored
Undoing: > - in UI_process(), |state| was never made NULL, which means an error > when closing the session wouldn't be accurately reported. This was a faulty cherry-pick from master Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3853)
-
Richard Levitte authored
- in EVP_read_pw_string_min(), the return value from UI_add_* wasn't properly checked - in UI_process(), |state| was never made NULL, which means an error when closing the session wouldn't be accurately reported. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3849) (cherry picked from commit b96dba9e)
-
- Jul 04, 2017
-
-
Rich Salz authored
Port of GH#3842 to 1.0.2 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3845)
-
- Jul 02, 2017
-
-
Bernd Edlinger authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3828)
-
Bernd Edlinger authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3825)
-
- Jun 25, 2017
-
-
Richard Levitte authored
This function is undocumented, but similarly named functions (such as 'curl_global_cleanup') are documented as internals that should not be called by scripts. Fixes #3765 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3769)
-
- Jun 21, 2017
-
-
Benjamin Kaduk authored
Commit 201015ee added some generated files that were not part of the intended functionality; remove them. (Only the 1.0.2 branch version of the commit was affected, probably due to a smaller .gitignore on that branch.) Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3729)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3738)
-
- Jun 17, 2017
-
-
Bernd Edlinger authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3683) (cherry picked from commit 93a8b3ba)
-
- Jun 14, 2017
-
-
Bernd Edlinger authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3675) (cherry picked from commit fb0a6412)
-
Bernd Edlinger authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3675) (cherry picked from commit 5419dadd)
-
Bernd Edlinger authored
return value is now checked at the callers. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3678)
-
Bernd Edlinger authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3672) (cherry picked from commit 4fc426b7)
-
- Jun 10, 2017
-
-
Rich Salz authored
CLA: trivial Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3627) (cherry picked from commit a020f54c)
-
Paul Yang authored
Check return value of NETSCAPE_SPKI_new() and NETSCAPE_SPKI_b64_encode(), and also clean up coding style incidentally. Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3647) (cherry picked from commit f2582f08)
-
- Jun 09, 2017
-
-
Jonathan Protzenko authored
CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3487) (cherry picked from commit 9ae4e664)
-
- Jun 08, 2017
-
-
Benjamin Kaduk authored
Modern browsers are now, well, pretty modern. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3644) (cherry picked from commit 36c43851)
-
Rich Salz authored
when building with OPENSSL_SMALL_FOOTPRINT defined. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3533) (cherry picked from commit 0b20ad12)
-
- Jun 05, 2017
-
-
Rich Salz authored
Document that -psk is required to use PSK cipher Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3607) (cherry picked from commit 9d772829) (cherry picked from commit c1abfde7)
-
Andy Polyakov authored
Drop some redundant instructions in reduction in ecp_nistz256_sqr_montx. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 8fc063dc)
-
- Jun 02, 2017
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3606) (cherry picked from commit 01dfaa08)
-
- Jun 01, 2017
-
-
Todd Short authored
Code was added in commit 62f488d3 that overwrite the last ex_data valye using CRYPTO_dup_ex_data() causing a memory leak and potentially confusing the ex_data dup() callback. In ssl_session_dup(), new-up the ex_data before calling CRYPTO_dup_ex_data(); all the other structures that dup ex_data have the destination ex_data new'd before the dup. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3568)
-
Diego Santa Cruz authored
The password_callback() function does not necessarily NULL terminate the password buffer, the caller must use the returned length but the srp app uses this function as if it was doing NULL termination. This made the -passin and -passout options of "openssl srp" fail inexpicably and randomly or even crash. Fixed by enlarging the buffer by one, so that the maximum password length remains unchanged, and adding NULL termination upon return. [Rearrange code for coding style compliance in process.] This backport of 0e83981d . Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3579)
-
Matt Caswell authored
If we fail to negotiate a version then we should send a protocol version alert. Fixes #3595 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3598)
-
- May 26, 2017
-
-
Todd Short authored
The check for SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is inconsistent. Most places check SSL->options, one place is checking SSL_CTX->options; fix that. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> GH: #3521
-
- May 25, 2017
-
-
Matt Caswell authored
Fixes #3541 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3555)
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3548)
-
Bernd Edlinger authored
Fixes make test when configured with no-comp. Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3545)
-
- May 17, 2017
-
-
Tomas Mraz authored
Allow conversion of existing requests to certificates again. Fixes the issue #3396 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3485)
-
Richard Levitte authored
Notifications can be (and should be) configured on account basis on the CI web site. This avoids getting emails to openssl-commits for personal accounts that also build OpenSSL stuff. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3484) (cherry picked from commit 7a94f5b0)
-
- May 11, 2017
-
-
Pauli authored
The second BN_is_zero test can never be true. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3434) (cherry picked from commit 3f970523)
-
- May 10, 2017
-
-
Matt Caswell authored
The function SSL_set_SSL_CTX() can be used to swap the SSL_CTX used for a connection as part of an SNI callback. One result of this is that the s->cert structure is replaced. However this structure contains information about any custom extensions that have been loaded. In particular flags are set indicating whether a particular extension has been received in the ClientHello. By replacing the s->cert structure we lose the custom extension flag values, and it appears as if a client has not sent those extensions. SSL_set_SSL_CTX() should copy any flags for custom extensions that appear in both the old and the new cert structure. Fixes #2180 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3427)
-