- 04 Feb, 2019 2 commits
-
-
batist73 authored
CLA: trivial Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8153)
-
Richard Levitte authored
In the removal of BEGINRAW / ENDRAW, attention to the difference between capital .S and lowercase .s wasn't duly paid. This corrects the error. Fixes #8155 Reviewed-by:
-
- 01 Feb, 2019 5 commits
-
-
Bernd Edlinger authored
The commit 5dc40a83 forgot to add a short description to the CHANGES file. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8140)
-
Michael Tuexen authored
When computing the end-point shared secret, don't take the terminating NULL character into account. Please note that this fix breaks interoperability with older versions of OpenSSL, which are not fixed. Fixes #7956 Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
- 31 Jan, 2019 11 commits
-
-
Bernd Edlinger authored
If the second PUBKEY is malformed there is use after free. Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Additionally avoid undefined behavior with in-place memcpy in X509_CRL_digest. Fixes #8099 Reviewed-by:
-
Richard Levitte authored
Fixes #8129 Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8130)
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
We never used it for anything Reviewed-by:
-
Richard Levitte authored
It was an ugly hack to avoid certain problems that are no more. Also added GENERATE lines for perlasm scripts that didn't have that explicitly. Reviewed-by:
-
Richard Levitte authored
There was a hack specifically for VMS, which involved setting a make variable to indicate that test/libtestutil contains a 'main'. Instead, we use the new attributes 'has_main' to indicate this, and let the VMS build file template fend with it appropriately. Reviewed-by:
-
Richard Levitte authored
VMS doesn't currently support unloading of shared object, and we need to reflect that. Without this, the shlibload test fails Reviewed-by:
-
weinholtendian authored
Previously if -psk was given a bad key it would print "Not a hex number 's_server'". CLA: Trivial Reviewed-by:
Paul Yang <yang.yang@baishancloud.com> Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8113)
-
- 30 Jan, 2019 4 commits
-
-
Petr Vorel authored
instead of duplicity the code. CLA: trivial Signed-off-by:
Petr Vorel <petr.vorel@gmail.com> Reviewed-by:
-
David Benjamin authored
EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS and EVP_PKEY_CTRL_DSA_PARAMGEN_MD are only exposed from EVP_PKEY_CTX_ctrl, which means callers must write more error-prone code (see also issue #1319). Add the missing wrapper macros and document them. Reviewed-by:
-
Matt Caswell authored
The option -twopass to the pkcs12 app is ignored if -passin, -passout or -password is used. We should complain if an attempt is made to use it in combination with those options. Fixes #8107 Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
- 29 Jan, 2019 1 commit
-
-
Matt Caswell authored
If the call the ERR_set_error_data() in ERR_add_error_vdata() fails then a mem leak can occur. This commit checks that we successfully added the error data, and if not frees the buffer. Fixes #8085 Reviewed-by:
-
- 28 Jan, 2019 1 commit
-
-
Richard Levitte authored
It apepars that ANDROID_NDK_HOME is the recommended standard environment variable for the NDK. We retain ANDROID_NDK as a fallback. Fixes #8101 Reviewed-by:
-
- 27 Jan, 2019 7 commits
-
-
Antonio Iacono authored
A CAdES Basic Electronic Signature (CAdES-BES) contains, among other specifications, a collection of Signing Certificate reference attributes, stored in the signedData ether as ESS signing-certificate or as ESS signing-certificate-v2. These are described in detail in Section 5.7.2 of RFC 5126 - CMS Advanced Electronic Signatures (CAdES). This patch adds support for adding ESS signing-certificate[-v2] attributes to CMS signedData. Although it implements only a small part of the RFC, it is sufficient many cases to enable the `openssl cms` app to create signatures which comply with legal requirements of some European States (e.g Italy). Reviewed-by:
-
Ping Yu authored
Reviewed-by:
Ping Yu <ping.yu@intel.com> Signed-off-by:
Steven Linsell <stevenx.linsell@intel.com> (Merged from https://github.com/openssl/openssl/pull/7573)
-
Michael Richardson authored
Reviewed-by:
-
David Asraf authored
When the ret parameter is NULL the generated prime is in rnd variable and not in ret. CLA: trivial Reviewed-by:
Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by:
-
Shigeki Ohtsu authored
Before 1.1.0, this command letter is not sent to a server. CLA: trivial (cherry picked from commit bc180cb4887c2e82111cb714723a94de9f6d2c35) Reviewed-by:
-
Tomas Mraz authored
Reviewed-by:
-
Matthias Kraft authored
Only for SunCC for now. It turns out that some compilers to generate external variants of unused static inline functions, and if they use other external symbols, those need to be present as well. If you then happen to include one of safestack.h or lhash.h without linking with libcrypto, the build fails. Fixes #6912 Signed-off-by:
Matthias Kraft <Matthias.Kraft@softwareag.com> Reviewed-by:
-
- 25 Jan, 2019 1 commit
-
-
Dr. Matthias St. Pierre authored
Fixes #8084 Reviewed-by:
-
- 24 Jan, 2019 4 commits
-
-
Klotz, Tobias authored
Reviewed-by:
-
Matt Caswell authored
Fixes #8050 Reviewed-by:
-
Matt Caswell authored
This commit erroneously kept the DTLS timer running after the end of the handshake. This is not correct behaviour and shold be reverted. This reverts commit f7506416 . Fixes #7998 Reviewed-by:
-
Matt Caswell authored
During a DTLS handshake we may need to periodically handle timeouts in the DTLS timer to ensure retransmits due to lost packets are performed. However, one peer will always complete a handshake before the other. The DTLS timer stops once the handshake has finished so any handshake messages lost after that point will not automatically get retransmitted simply by calling DTLSv1_handle_timeout(). However attempting an SSL_read implies a DTLSv1_handle_timeout() and additionally will process records received from the peer. If those records are themselves retransmits then we know that the peer has not completed its handshake yet and a retransmit of our final flight automatically occurs. Reviewed-by:
-
- 22 Jan, 2019 4 commits
-
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
One variable misssing Fixes #8060 Reviewed-by:
-
Richard Levitte authored
For good measure, we pass down attributes when calling obj2shlib, obj2lib, obj2dso, obj2bin, or in2script. We currently don't use them in our build file templates, but might as well for future use. Reviewed-by:
-
Richard Levitte authored
We have two classes of scripts to be installed, those that are installed as "normal" programs, and those that are installed as "misc" scripts. These classes are installed in different locations, so the build file templates must pay attention. Because we didn't have the tools to indicate what scripts go where, we had these scripts hard coded in the build template files, with the maintenance issues that may cause. Now that we have attributes, those can be used to classify the installed scripts, and have the build file templates simply check the attributes to know what's what. Furthermore, the 'tsget.pl' script exists both as 'tsget.pl' and 'tsget', which is done by installing a symbolic link (or copy). This link name is now given through an attribute, which results in even less hard coding in the Unix Makefile template. Reviewed-by:
-
