- 06 Jan, 2018 2 commits
-
-
Richard Levitte authored
Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5017)
-
Richard Levitte authored
Thanks to Douglas Fyfe @ VSI for making me aware of this Reviewed-by:
-
- 05 Jan, 2018 1 commit
-
-
Konstantin Shemyak authored
A backport of #4997. Fixes #4996. Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5020)
-
- 27 Dec, 2017 1 commit
-
-
Andy Polyakov authored
Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4974) (cherry picked from commit 8af7e94d)
-
- 23 Dec, 2017 1 commit
-
-
Viktor Dukhovni authored
Reviewed-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
Paul Dale <paul.dale@oracle.com>
-
- 13 Dec, 2017 1 commit
-
-
Viktor Dukhovni authored
Also documented X509_V_FLAG_TRUSTED_FIRST Reviewed-by:
-
- 11 Dec, 2017 1 commit
-
-
Matt Caswell authored
SSL_trace() has a case which was inadvertently falling through. Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
-
- 10 Dec, 2017 1 commit
-
-
Richard Levitte authored
Looking for 'gcc' and 'clang' in the output from the C compiler is uncertain. Some versions report argv[0], which might be /usr/bin/cc (for example), and others might mention gcc without being gcc or a derivate. Better then to fetch predefined macros and checking if __GNUC__ and __clang__ are defined. Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4755)
-
- 09 Dec, 2017 1 commit
-
-
Richard Levitte authored
They are from the 1.1.0 or master branches Fixes #4863 Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4887)
-
- 08 Dec, 2017 4 commits
-
-
Rich Salz authored
Reviewed-by:
-
FdaSilvaYY authored
Pointer 'o' is set inside a local buffer, so it can't be NULL. Also fix coding style and add comments Reviewed-by:
-
Richard Levitte authored
Some compilers react badly to non-ASCII characters Fixes #4877 Reviewed-by:
-
Dr. Matthias St. Pierre authored
Fixes #2533 The call to FIPS_crypto_set_id_callback() was added in revision a43cfd7b , but there is no prototype for it in <openssl/fips.h>. Signed-off-by:
Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by:
-
- 07 Dec, 2017 6 commits
-
-
Matt Caswell authored
Fixes #4865 Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by:
-
- 06 Dec, 2017 3 commits
-
-
Matt Caswell authored
Test reading/writing to an SSL object after a fatal error has been detected. Reviewed-by: -
Matt Caswell authored
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an attacker would have to trick an application into behaving incorrectly by issuing an SSL_read()/SSL_write() after having already received a fatal error. Thanks to David Benjamin (Google) for reporting this issue and suggesting this fix. CVE-2017-3737 Reviewed-by: -
Andy Polyakov authored
Credit to OSS-Fuzz for finding this. CVE-2017-3738 Reviewed-by:
-
- 04 Dec, 2017 1 commit
-
-
MerQGh authored
This line will allow use private keys, which created by Crypto Pro, to sign with OpenSSL. CLA: trivial Reviewed-by:
-
- 30 Nov, 2017 1 commit
-
-
FdaSilvaYY authored
Fixes #4775 Reviewed-by:
-
- 16 Nov, 2017 1 commit
-
-
FdaSilvaYY authored
Backport of #4677 / 1687aa76 Reviewed-by:
-
- 14 Nov, 2017 1 commit
-
-
Richard Levitte authored
Fixes #4734 #4649 Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4735)
-
- 13 Nov, 2017 2 commits
-
-
Andy Polyakov authored
We had /WX (treat warnings as errors) in VC-WIN32 for long time. At some point it was somehow omitted. It's argued that it allows to keep better focus on new code, which motivates the comeback... Reviewed-by:
-
Andy Polyakov authored
It's argued that /WX allows to keep better focus on new code, which motivates its comeback... Reviewed-by:
-
- 11 Nov, 2017 2 commits
-
-
Long Qin authored
* addressing", Proc. 6th Conference on Very Large Databases: 212–223 ^ The EN DASH ('–') in this line is one UTF-8 character (hex: e2 80 93). Under some code page setting (e.g. 936), Visual Studio may report C4819 warning: The file contains a character that cannot be represented in the current code page. Replace this character with the ASCII char '-' (Hex Code: 2D). Reviewed-by: -
Richard Levitte authored
cb_ticket2() does an exit, and should therefore not need to return anything. Some compilers don't detect that, or don't care, and warn about a non-void function without a return statement. Reviewed-by:
-
- 10 Nov, 2017 1 commit
-
-
Richard Levitte authored
Reviewed-by:
-
- 08 Nov, 2017 1 commit
-
-
Andy Polyakov authored
In earlier 5.1x Perl versions quoting globs works only if there is white space. If there is none, it's looking for names starting with ". Reviewed-by:
-
- 07 Nov, 2017 4 commits
-
-
Andy Polyakov authored
It's not clear if it's a feature or bug, but binutils-2.29[.1] interprets 'adr' instruction with Thumb2 code reference differently, in a way that affects calculation of addresses of constants' tables. Reviewed-by:
-
Bernd Edlinger authored
Fixes: #4590 Reviewed-by:
-
Matt Caswell authored
The man pages say that BIGNUM arithmetic operations fail with a 0 return. However some functions were returning -1 on error. In master and 1.1.0 they already return 0, so this brings 1.0.2 in line. Reviewed-by:
-
Rich Salz authored
Cherry-picked by Matt Caswell from 69795831 . Reviewed-by:
-
- 03 Nov, 2017 3 commits
-
-
Pavel Kopyl authored
CLA: trivial Reviewed-by:
-
Pavel Kopyl authored
CLA: trivial Reviewed-by:
-
Kurt Roeckx authored
Reviewed-by:
-
- 02 Nov, 2017 1 commit
-
-
Matt Caswell authored
Reviewed-by:
-
