- 15 Oct, 2014 7 commits
-
-
Richard Levitte authored
The different -I compiler parameters will take care of the rest... Reviewed-by:Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
Spaces were added in some strings for better readability. However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces Reviewed-by: -
Richard Levitte authored
algorithms MD2 and RC5 don't get built. Also, disable building the test apps in crypto/des and crypto/pkcs7, as they have no support at all. Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Update the VMS build according to the latest unixly build. Partly provided by Zoltan Arpadffy <arpadffy@polarhome.com> Reviewed-by: -
Richard Levitte authored
Make sure that disabling the MAYLOSEDATA3 warning is only done when the compiler supports it. Otherwise, there are warnings about it lacking everywhere, which is quite tedious to read through while trying to check for other warnings. Reviewed-by: -
Bodo Moeller authored
Reviewed-by:Rich Salz <rsalz@openssl.org>
-
- 10 Oct, 2014 1 commit
-
-
Dr. Stephen Henson authored
SSL_set_SSL_CTX is normally called for SNI after ClientHello has received and the digest to use for each certificate has been decided. The original ssl->cert contains the negotiated digests and is now copied to the new ssl->cert. PR: 3560 Reviewed-by:
-
- 06 Oct, 2014 1 commit
-
-
Matt Caswell authored
Patch supplied by Matthieu Patou <mat@matws.net>, and modified to also remove duplicate definition of PKCS7_type_is_digest. PR#3551 Reviewed-by:
-
- 29 Sep, 2014 1 commit
-
-
Dr. Stephen Henson authored
Reencode DigestInto in DER and check against the original: this will reject any improperly encoded DigestInfo structures. Note: this is a precautionary measure, there is no known attack which can exploit this. Thanks to Brian Smith for reporting this issue. Reviewed-by:
-
- 25 Sep, 2014 1 commit
-
-
Emilia Kasper authored
Accidentally omitted from commit 455b65df Reviewed-by:
Kurt Roeckx <kurt@openssl.org> (cherry picked from commit fdc35a9d)
-
- 24 Sep, 2014 6 commits
-
-
Dr. Stephen Henson authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (cherry picked from commit 5886354d)
-
Andy Polyakov authored
RT: 3541 Reviewed-by:
Emilia Kasper <emilia@openssl.org> (cherry picked from commit 8b07c005)
-
Emilia Kasper authored
Do the final padding check in EVP_DecryptFinal_ex in constant time to avoid a timing leak from padding failure. Reviewed-by:
-
Emilia Kasper authored
(Original commit adb46dbc ) Use the new constant-time methods consistently in s3_srvr.c Reviewed-by:
-
Adam Langley authored
that bad encryptions are treated like random session keys in constant time. (cherry picked from commit adb46dbc ) Reviewed-by:
-
Emilia Kasper authored
Also tweak s3_cbc.c to use new constant-time methods. Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1 This patch is based on the original RT submission by Adam Langley <agl@chromium.org>, as well as code from BoringSSL and OpenSSL. Reviewed-by:
-
- 21 Sep, 2014 1 commit
-
-
Tim Hudson authored
that fixed PR#3450 where an existing cast masked an issue when i was changed from int to long in that commit Picked up on z/linux (s390) where sizeof(int)!=sizeof(long) Reviewed-by:
-
- 10 Sep, 2014 1 commit
-
-
Rich Salz authored
If we don't find a signer in the internal list, then fall through and look at the internal list; don't just return NULL. Reviewed-by:
Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit b2aa38a9)
-
- 08 Sep, 2014 1 commit
-
-
Erik Auerswald authored
Reviewed-by:
-
- 05 Sep, 2014 1 commit
-
-
Adam Langley authored
Fix a bug in handling of 128 byte long PSK identity in psk_client_callback. OpenSSL supports PSK identities of up to (and including) 128 bytes in length. PSK identity is obtained via the psk_client_callback, implementors of which are expected to provide a NULL-terminated identity. However, the callback is invoked with only 128 bytes of storage thus making it impossible to return a 128 byte long identity and the required additional NULL byte. This CL fixes the issue by passing in a 129 byte long buffer into the psk_client_callback. As a safety precaution, this CL also zeroes out the buffer before passing it into the callback, uses strnlen for obtaining the length of the identity returned by the callback, and aborts the handshake if the identity (without the NULL terminator) is longer than 128 bytes. (Original patch amended to achieve strnlen in a different way.) Reviewed-by:
-
- 04 Sep, 2014 1 commit
-
-
Adam Langley authored
(cherry picked from commit 2b0180c3 ) Reviewed-by:
Ben Laurie <ben@openssl.org>
-
- 03 Sep, 2014 2 commits
-
-
Richard Levitte authored
string returns 0 with errno = ENOENT. Reviewed-by:
Andy Polyakov <appro@openssl.org> (cherry picked from commit 360928b7)
-
Phil Mesnier authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
-
- 02 Sep, 2014 1 commit
-
-
Emilia Kasper authored
"inline" without static is not correct as the compiler may choose to ignore it and will then either emit an external definition, or expect one. Reviewed-by:
Geoff Thorpe <geoff@openssl.org> (cherry picked from commit 86f50b36)
-
- 30 Aug, 2014 4 commits
-
-
Andy Polyakov authored
Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
Rich Salz authored
Re-order algorithm list. Be consistent in command synopsis. Add content about signing. Add EXAMPLE section Add some missing options: -r, -fips-fingerprint -non-fips-allow Various other fixes. Reviewed-by:
-
James Westby authored
Add the file written by James Westby, graciously contributed under the terms of the OpenSSL license. Reviewed-by:
-
- 29 Aug, 2014 1 commit
-
-
Rich Salz authored
The doc says that port can be "*" to mean any port. That's wrong. Reviewed-by:
-
- 28 Aug, 2014 3 commits
-
-
Emilia Kasper authored
Pull constant-time methods out to a separate header, add tests. Reviewed-by:
Bodo Moeller <bodo@openssl.org> (cherry picked from commit 9a9b0c04) Conflicts: test/Makefile
-
Raphael Spreitzer authored
Reviewed-by:
-
Rich Salz authored
Add the wrapper to all public header files (Configure generates one). Don't bother for those that are just lists of #define's that do renaming. Reviewed-by:
-
- 27 Aug, 2014 4 commits
-
-
Emilia Kasper authored
The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer when the buffer length is 0. Change this to verify explicitly that the ASN.1 string has positive length. Reviewed-by: -
Matt Caswell authored
When d2i_ECPrivateKey reads a private key with a missing (optional) public key, generate one automatically from the group and private key. Reviewed-by: -
Adam Langley authored
This change saves several EC routines from crashing when an EC_KEY is missing a public key. The public key is optional in the EC private key format and, without this patch, running the following through `openssl ec` causes a crash: -----BEGIN EC PRIVATE KEY----- MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH -----END EC PRIVATE KEY----- Reviewed-by: -
Mihai Militaru authored
I also removed some trailing whitespace and cleaned up the "see also" list. Reviewed-by:
-
- 26 Aug, 2014 1 commit
-
-
David Gatwood authored
The description of when the server creates a DH key is confusing. This cleans it up. (rsalz: also removed trailing whitespace.) Reviewed-by:Viktor Dukhovni <viktor@openssl.org>
-
- 25 Aug, 2014 1 commit
-
-
Jan Schaumann authored
The EXAMPLE that used FILE and RC2 doesn't compile due to a few minor errors. Tweak to use IDEA and AES-128. Remove examples about RC2 and RC5. Reviewed-by:
-
- 24 Aug, 2014 1 commit
-
-
Matt Caswell authored
This patch was submitted by user "Kox" via the wiki Reviewed-by:
-
