- Oct 08, 2018
-
-
Benjamin Kaduk authored
Historically (i.e., OpenSSL 1.0.x), the openssl applications would allow for empty subject attributes to be passed via the -subj argument, e.g., `opensl req -subj '/CN=joe/O=/OU=local' ...`. Commit db4c08f0 applied a badly needed rewrite to the parse_name() helper function that parses these strings, but in the process dropped a check that would skip attributes with no associated value. As a result, such strings are now treated as hard errors and the operation fails. Restore the check to skip empty attribute values and restore the historical behavior. Document the behavior for empty subject attribute values in the corresponding applications' manual pages. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7349) (cherry picked from commit 3d362f19)
-
Ԝеѕ authored
CLA: trivial Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7356) (cherry picked from commit 4fef4981)
-
- Oct 05, 2018
-
-
Richard Levitte authored
We passed that ioctl a pointer to the whole session_op structure, which wasn't quite right. Notified by David Legault. Fixes #7302 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/7304) (cherry picked from commit 470096e5)
-
Dr. Matthias St. Pierre authored
Fixes #7322 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7351) (cherry picked from commit 8529b156)
-
- Oct 04, 2018
-
-
Matt Caswell authored
Check that different return values passed to the BIO callback are correctly handled. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7344) (cherry picked from commit 52d78cc5)
-
Matt Caswell authored
The BIO callback handling incorrectly wrote over the return code passed to the callback, meaning that an incorrect result was (eventually) returned to the caller. Fixes #7343 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7344) (cherry picked from commit d97ce8d9)
-
Richard Levitte authored
Only a few clashing ones remain Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7331) (cherry picked from commit b44882a0)
-
Richard Levitte authored
BIO_s_log() is declared for everyone, so should return NULL when not actually implemented. Also, it had explicit platform limitations in util/mkdef.pl that didn't correspond to what was actually in code. While at it, a few other hard coded things that have lost their relevance were removed. include/openssl/ocsp.h had a few duplicate declarations. Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7331) (cherry picked from commit 7e09c5ea)
-
- Oct 02, 2018
-
-
Matt Caswell authored
Check some return values on some functions. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7335) (cherry picked from commit 434893af)
-
Matt Caswell authored
Free memory allocated in the parent process that is not needed in the child. We also free it in the parent. Technically this isn't really required since we end up calling exit() soon afterwards - but to prevent false positives we free it anyway. Fixes a Coverity issue. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7335) (cherry picked from commit c20a76f6)
-
- Sep 26, 2018
-
-
Antoine Salon authored
And references to other manpages are also added in openssl(1). Signed-off-by: Antoine Salon <asalon@vmware.com> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7314)
-
James Callahan authored
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7035)
-
- Sep 25, 2018
-
-
Antoine Salon authored
Signed-off-by: Antoine Salon <asalon@vmware.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7248) (cherry picked from commit eadde90b)
-
- Sep 24, 2018
-
-
Bernd Edlinger authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7297) (cherry picked from commit ec0c5f56)
-
Daniel Bevenius authored
This commit documents the OPENSSL_VERSION_TEXT which is currently missing in the man page. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7301) (cherry picked from commit 7c694957)
-
Pauli authored
Change all calls to getenv() inside libcrypto to use a new wrapper function that use secure_getenv() if available and an issetugid then getenv if not. CPU processor override flags are unchanged. Extra checks for OPENSSL_issetugid() have been removed in favour of the safe getenv. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7047) (cherry picked from commit 5c39a55d)
-
- Sep 23, 2018
-
-
Bernd Edlinger authored
It's a bit annoying, since some commands try to read a .rnd file, and print an error message if the file does not exist. But previously a .rnd file was created on exit, and that does no longer happen. Fixed by continuing in app_RAND_load_conf regardless of the error in RAND_load_file. If the random number generator is still not initalized on exit, the function RAND_write_file will fail and no .rnd file would be created. Remove RANDFILE from openssl.cnf Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/7217) (cherry picked from commit 0f582209)
-
- Sep 21, 2018
-
-
agnosticdev authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7277) (cherry picked from commit 46d08509)
-
Matt Caswell authored
If using an old style TLSv1.2 PSK callback then the maximum possible PSK len is PSK_MAX_PSK_LEN (256) - not 64. Fixes #7261 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7267) (cherry picked from commit f39a02c6)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/7257) (cherry picked from commit cd6fe29f)
-
Matt Caswell authored
Otherwise the sig algs are reset if SSL_set_SSL_CTX() gets called. Fixes #7244 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/7257) (cherry picked from commit 524006dd)
-
Richard Levitte authored
This module includes bn.h via other headers, so it picks up the definition from there and doesn't need to define them locally (any more?). Worst case scenario, the redefinition may be different and cause all sorts of compile errors. Fixes #7227 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7287) (cherry picked from commit dda5396a)
-
- Sep 20, 2018
-
-
Richard Levitte authored
Fixes #7280 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7281) (cherry picked from commit f52f2c1a)
-
Paul Yang authored
The original issue is #7273 and this commit fixes part of that issue. [skip ci] Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7275)
-
Richard Levitte authored
It turns out to be detrimental on some file systems that may or may not be case sensitive (such as NTFS, which has a case sensitive mode). Fixes #7172 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7172) (cherry picked from commit d3c72e39)
-
Richard Levitte authored
These both indicate that the file descriptor we're trying to use as a terminal isn't, in fact, a terminal. Fixes #7271 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7272) (cherry picked from commit 276bf862)
-
- Sep 19, 2018
-
-
Benjamin Kaduk authored
Historically SSL_CTX_set_ssl_version() has reset the cipher list to the default. Splitting TLS 1.3 ciphers to be tracked separately caused a behavior change, in that TLS 1.3 cipher configuration was preserved across calls to SSL_CTX_set_ssl_version(). To restore commensurate behavior with the historical behavior, set the ciphersuites to the default as well as setting the cipher list to the default. Closes: #7226 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7270) (cherry picked from commit 2340ed27)
-
- Sep 18, 2018
-
-
Dr. Matthias St. Pierre authored
Fixes #7252 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7253) (cherry picked from commit f9a22815)
-
Tobias Nießen authored
This commit reuses a variable instead of reevaluating the expression and updates an outdated comment in the EVP test. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7242) (cherry picked from commit 523fcfb4)
-
- Sep 17, 2018
-
-
David Makepeace authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7236) (cherry picked from commit d474100a)
-
Pauli authored
Specifically, include e_os.h to pick up alloca definition for WIN32. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7234) (cherry picked from commit a825856a)
-
- Sep 16, 2018
-
-
Pauli authored
The latter causes problems when complex.h is #included. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7233) (cherry picked from commit 972f67889b5a10c33dbc3d500cfa65b544e68b46)
-
Pauli authored
coexist. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7233) (cherry picked from commit da5fac72)
-
Matt Eaton authored
Fixed a minor typo while reading the documentation. I agree that this contribution is trivial can be freely used. CLA: trivial Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/7221)
-
Kurt Roeckx authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> GH: #7188 (cherry picked from commit 8e593f0a0dbcb3193548ced3c2e78fbbd201b2db)
-
- Sep 15, 2018
-
-
Richard Levitte authored
It simply isn't available on older versions. Issue submitted by Mark Daniels Fixes #7229 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7230)
-
- Sep 13, 2018
-
-
Paul Yang authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7209)
-
Matt Caswell authored
-early_data is not compatible with -www, -WWW, -HTTP or -rev. Fixes #7200 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7206) (cherry picked from commit 6ef40f1fc08f0c4ffb08438d63eed83eae7eb2b8)
-
Matt Caswell authored
Caused a compilation failure in some environments Fixes #7204 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7205) (cherry picked from commit bc278f30f0b766bfb82426c641dc1d51ace4a994)
-
- Sep 12, 2018
-
-
Dr. Matthias St. Pierre authored
The new DRBG API added the aforementioned #define. However, it is used internally only and having it defined publicly does not serve any purpose except causing potential version compatibility problems. Fixes #7182 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7190) (cherry picked from commit c402e943)
-