- Feb 01, 2019
-
-
Andy Polyakov authored
Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8120)
-
Andy Polyakov authored
Reviewed-by:
-
- Jan 31, 2019
-
-
Bernd Edlinger authored
If the second PUBKEY is malformed there is use after free. Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Additionally avoid undefined behavior with in-place memcpy in X509_CRL_digest. Fixes #8099 Reviewed-by:
-
Richard Levitte authored
Fixes #8129 Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8130)
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
We never used it for anything Reviewed-by:
-
Richard Levitte authored
It was an ugly hack to avoid certain problems that are no more. Also added GENERATE lines for perlasm scripts that didn't have that explicitly. Reviewed-by:
-
Richard Levitte authored
There was a hack specifically for VMS, which involved setting a make variable to indicate that test/libtestutil contains a 'main'. Instead, we use the new attributes 'has_main' to indicate this, and let the VMS build file template fend with it appropriately. Reviewed-by:
-
Richard Levitte authored
VMS doesn't currently support unloading of shared object, and we need to reflect that. Without this, the shlibload test fails Reviewed-by:
-
weinholtendian authored
Previously if -psk was given a bad key it would print "Not a hex number 's_server'". CLA: Trivial Reviewed-by:
Paul Yang <yang.yang@baishancloud.com> Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8113)
-
- Jan 30, 2019
-
-
Petr Vorel authored
instead of duplicity the code. CLA: trivial Signed-off-by:
Petr Vorel <petr.vorel@gmail.com> Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8127)
-
David Benjamin authored
EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS and EVP_PKEY_CTRL_DSA_PARAMGEN_MD are only exposed from EVP_PKEY_CTX_ctrl, which means callers must write more error-prone code (see also issue #1319). Add the missing wrapper macros and document them. Reviewed-by:
-
Matt Caswell authored
The option -twopass to the pkcs12 app is ignored if -passin, -passout or -password is used. We should complain if an attempt is made to use it in combination with those options. Fixes #8107 Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
- Jan 29, 2019
-
-
Matt Caswell authored
If the call the ERR_set_error_data() in ERR_add_error_vdata() fails then a mem leak can occur. This commit checks that we successfully added the error data, and if not frees the buffer. Fixes #8085 Reviewed-by:
-
- Jan 28, 2019
-
-
Richard Levitte authored
It apepars that ANDROID_NDK_HOME is the recommended standard environment variable for the NDK. We retain ANDROID_NDK as a fallback. Fixes #8101 Reviewed-by:
-
- Jan 27, 2019
-
-
Antonio Iacono authored
A CAdES Basic Electronic Signature (CAdES-BES) contains, among other specifications, a collection of Signing Certificate reference attributes, stored in the signedData ether as ESS signing-certificate or as ESS signing-certificate-v2. These are described in detail in Section 5.7.2 of RFC 5126 - CMS Advanced Electronic Signatures (CAdES). This patch adds support for adding ESS signing-certificate[-v2] attributes to CMS signedData. Although it implements only a small part of the RFC, it is sufficient many cases to enable the `openssl cms` app to create signatures which comply with legal requirements of some European States (e.g Italy). Reviewed-by:
-
Ping Yu authored
Reviewed-by:
Ping Yu <ping.yu@intel.com> Signed-off-by:
Steven Linsell <stevenx.linsell@intel.com> (Merged from https://github.com/openssl/openssl/pull/7573)
-
Michael Richardson authored
Reviewed-by:
-
David Asraf authored
When the ret parameter is NULL the generated prime is in rnd variable and not in ret. CLA: trivial Reviewed-by:
Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by:
-
Shigeki Ohtsu authored
Before 1.1.0, this command letter is not sent to a server. CLA: trivial (cherry picked from commit bc180cb4887c2e82111cb714723a94de9f6d2c35) Reviewed-by:
-
Tomas Mraz authored
Reviewed-by:
-
Matthias Kraft authored
Only for SunCC for now. It turns out that some compilers to generate external variants of unused static inline functions, and if they use other external symbols, those need to be present as well. If you then happen to include one of safestack.h or lhash.h without linking with libcrypto, the build fails. Fixes #6912 Signed-off-by:
Matthias Kraft <Matthias.Kraft@softwareag.com> Reviewed-by:
-
- Jan 25, 2019
-
-
Dr. Matthias St. Pierre authored
Fixes #8084 Reviewed-by:
-
- Jan 24, 2019
-
-
Klotz, Tobias authored
Reviewed-by:
-
Matt Caswell authored
Fixes #8050 Reviewed-by:
-
Matt Caswell authored
This commit erroneously kept the DTLS timer running after the end of the handshake. This is not correct behaviour and shold be reverted. This reverts commit f7506416 . Fixes #7998 Reviewed-by:
-
Matt Caswell authored
During a DTLS handshake we may need to periodically handle timeouts in the DTLS timer to ensure retransmits due to lost packets are performed. However, one peer will always complete a handshake before the other. The DTLS timer stops once the handshake has finished so any handshake messages lost after that point will not automatically get retransmitted simply by calling DTLSv1_handle_timeout(). However attempting an SSL_read implies a DTLSv1_handle_timeout() and additionally will process records received from the peer. If those records are themselves retransmits then we know that the peer has not completed its handshake yet and a retransmit of our final flight automatically occurs. Reviewed-by:
-
- Jan 22, 2019
-
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
One variable misssing Fixes #8060 Reviewed-by:
-
Richard Levitte authored
For good measure, we pass down attributes when calling obj2shlib, obj2lib, obj2dso, obj2bin, or in2script. We currently don't use them in our build file templates, but might as well for future use. Reviewed-by:
-
Richard Levitte authored
We have two classes of scripts to be installed, those that are installed as "normal" programs, and those that are installed as "misc" scripts. These classes are installed in different locations, so the build file templates must pay attention. Because we didn't have the tools to indicate what scripts go where, we had these scripts hard coded in the build template files, with the maintenance issues that may cause. Now that we have attributes, those can be used to classify the installed scripts, and have the build file templates simply check the attributes to know what's what. Furthermore, the 'tsget.pl' script exists both as 'tsget.pl' and 'tsget', which is done by installing a symbolic link (or copy). This link name is now given through an attribute, which results in even less hard coding in the Unix Makefile template. Reviewed-by:
-
Richard Levitte authored
This means that all PROGRAMS_NO_INST, LIBS_NO_INST, ENGINES_NO_INST and SCRIPTS_NO_INST are changed to be PROGRAM, LIBS, ENGINES and SCRIPTS with the associated attribute 'noinst'. Reviewed-by:
-
Richard Levitte authored
Among others, this avoids having special variables like PROGRAMS_NO_INST. Instead, we can have something like this: PROGRAMS{noinst}=foo bar Configure itself is entirely agnostic to these attributes, they are simply passed to the build file templates, to be used as they see fit. Attributes can also have values, for example: SCRIPTS{linkname=foo}=foo.pl This could help indicate to build file templates that care that the perl script 'foo.pl' should also exist with the name 'foo', preferably as a symbolic link. Fixes #7568 Reviewed-by: -
Richard Levitte authored
Reviewed-by:
-
Matt Eaton authored
Minor typo fix to `adjustment` in the line: "In such case you have to pass matching target name to Configure and shouldn't use -D__ANDROID_API__=N. PATH adjustment becomes simpler, $ANDROID_NDK/bin:$PATH suffices." Reviewed-by:
-
- Jan 21, 2019
-
-
Richard Levitte authored
Now that we have the names of libraries on different systems established through platform modules, we can remove the old structure to establish the same thing, i.e. $unified_info{sharednames} and $unified_info{rename}. That means removing support for the RENAME and SHARED_NAME keywords in build.info as well. Reviewed-by:
-
