- Dec 20, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Dec 19, 2015
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
No dummy arguments. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
BIO_int_ctrl isn't made for the purpose BIO_get_conn_int_port used it for. This also changes BIO_C_GET_CONNECT to actually return the port instead of assigning it to a pointer that was never returned back to the caller. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Fix some more URLs mangled by indent in the reformat. These ones don't exist in master so we have a separate commit. Based on a patch supplied by Arnaud Lacombe <al@aerilon.ca> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Some URLs in the source code ended up getting mangled by indent. This fixes it. Based on a patch supplied by Arnaud Lacombe <al@aerilon.ca> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Dec 18, 2015
-
-
Richard Levitte authored
Since we don't use the eay style any more, there's no point tryint to tell emacs to use it. Reviewed-by: Ben Laurie <ben@openssl.org>
-
- Dec 16, 2015
-
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 2e31ef03)
-
- Dec 14, 2015
-
-
Emilia Kasper authored
Commit 2b0180c3 attempted to do this but only hit one of many BN_mod_exp codepaths. Fix remaining variants and add a test for each method. Thanks to Hanno Boeck for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit d911097d)
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Dec 13, 2015
-
-
Andy Polyakov authored
RT#4171 Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit b9749432)
-
- Dec 10, 2015
-
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
A BIO_flush call in the DTLS code was not correctly setting the |rwstate| variable to SSL_WRITING. This means that SSL_get_error() will not return SSL_ERROR_WANT_WRITE in the event of an IO retry. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 67f60be8)
-
Matt Caswell authored
If using DTLS and NBIO then if a second or subsequent handshake message fragment hits a retry, then the retry attempt uses the wrong fragment offset value. This commit restores the fragment offset from the last attempt. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 2ad226e8)
-
Matt Caswell authored
If the call to OBJ_find_sigid_by_algs fails to find the relevant NID then we should set the NID to NID_undef. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 330dcb09)
-
- Dec 09, 2015
-
-
Dr Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Dec 08, 2015
-
-
Rich Salz authored
Reviewed-by: Steve Marquess <marquess@openssl.com> (cherry picked from commit ab29c82a)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 3cd7aef3)
-
Richard Levitte authored
As part of this, move release creation to a script to be called from .travis.yml. That makes it much easier to test outside of travis. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 382af61f)
-
Richard Levitte authored
Introducing DISTTARVARS to propagate changed variables down to the tar-making target. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 4d3c30a1)
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Dec 07, 2015
-
-
Richard Levitte authored
It seems like some tar versions don't like the name:id form for --owner and --group. The closest known anonymous user being 0 (root), that seems to be the most appropriate user/group to assign ownership to. It matters very little when unpacking either way. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit b91dd150)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 451a5bdf)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 475fc3d8)
-
Richard Levitte authored
Make TARFILE include ../ instead of having that hard coded all over the place. When transforming file names in TAR_COMMAND, use $(NAME) instead of openssl-$(VERSION) Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 4a544810)
-
- Dec 03, 2015
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Update the CHANGES and NEWS files for the new release. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Avoid seg fault by checking mgf1 parameter is not NULL. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug. CVE-2015-3194 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit e7c078db57908cbf16074c68034977565ffaf107)
-
Dr. Stephen Henson authored
When parsing a combined structure pass a flag to the decode routine so on error a pointer to the parent structure is not zeroed as this will leak any additional components in the parent. This can leak memory in any application parsing PKCS#7 or CMS structures. CVE-2015-3195. Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using libFuzzer. PR#4131 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
RT#4162 Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit b5516cfb)
-
- Dec 02, 2015
-
-
Richard Levitte authored
The feature_test_macros(7) manual tells us that _BSD_SOURCE is deprecated since glibc 2.20 and that the compiler will warn about it being used, unless _DEFAULT_SOURCE is defined as well. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit f9fd3524)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 2238e0e4)
-
- Dec 01, 2015
-
-
Matt Caswell authored
In the DTLS ClientHello processing the return value is stored in |ret| which by default is -1. |ret| is only updated to a positive value once we are past all points where we could hit an error. We wish to return 1 on success or 2 on success *and* we have validated the DTLS cookie. Previously on successful validation of the cookie we were setting |ret| to -2, and then once we were past all error points we set |ret = -ret|. This is non-obvious behaviour and could be error prone. This commit tries to make this a bit more intuitive. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Nov 30, 2015
-
-
Andy Polyakov authored
RT#4142 Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 76eba0d9 ) Resolved conflicts: crypto/bn/asm/x86_64-mont.pl crypto/bn/asm/x86_64-mont5.pl Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-