- Dec 07, 2016
-
-
Richard Levitte authored
Since there are many parts of UI_process() that can go wrong, it isn't very helpful to only return -1 with no further explanation. With this change, the error message will at least show which part went wrong. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2037) (cherry picked from commit 0a687ab0)
-
- Dec 03, 2016
-
-
Viktor Dukhovni authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 29, 2016
-
-
Matt Caswell authored
Calling SSL_set_accept_state() after DTLSv1_listen() clears the state, so SSL_accept() no longer works. In 1.0.2 calling DTLSv1_listen() would set the accept state automatically. We should still do that. Fixes #1989 Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 5bdcd362)
-
- Nov 25, 2016
-
-
Dr. Stephen Henson authored
This makes S/MIME and CMS signing in MIME format for SHA1 work again. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit a5abd438)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit c6d67f09)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 5ae5dc96)
-
Andy Polyakov authored
GH issue #1916 affects only big-endian platforms. TLS is not affected, because TLS fragment is never big enough. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 76f572ed)
-
Andy Polyakov authored
GH issue #1916 affects only big-endian platforms. TLS is not affected, because TLS fragment is never big enough. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit b47f116b)
-
- Nov 24, 2016
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit a1fd1fb2)
-
- Nov 23, 2016
-
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Nov 22, 2016
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1980) (cherry picked from commit 19cb71ef)
-
- Nov 21, 2016
-
-
Kurt Roeckx authored
b6d5ba1a forgot to update some linux arches. Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #1977 (cherry picked from commit 55ab86e4)
-
Kurt Roeckx authored
Backport of beacb0f0, revert of 122580ef Fixes: #1903 Reviewed-by: Matt Caswell <matt@openssl.org> GH: #1966
-
Kurt Roeckx authored
Reviewed-by: Matt Caswell <matt@openssl.org> GH: #1966
-
- Nov 20, 2016
-
-
Todd Short authored
When configured with "no-mdc2 enable-crypto-mdebug" the evp_test will leak memory due to skipped tests, and error out. Also fix a skip condition Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1946)
-
- Nov 18, 2016
-
-
Beat Bolli authored
In the X509_NAME_get_index_by_NID.pod example, the initialized variable is called "loc", but the one used in the for loop is called "lastpos". Make the names match. CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1949)
-
- Nov 17, 2016
-
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit b6c68982)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 159f6e7e)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit b3795987)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit d922634d)
-
FdaSilvaYY authored
Both strdup or malloc failure should raise an err. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1905) (cherry picked from commit bad6b116)
-
FdaSilvaYY authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1905) (cherry picked from commit 2d13250f)
-
- Nov 16, 2016
-
-
Rob Percival authored
This reflects its position in include/openssl/ct.h. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1548) (cherry picked from commit e1940e9f)
-
Rob Percival authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1548) (cherry picked from commit 765731a8)
-
Rob Percival authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1548) (cherry picked from commit e2635c49)
-
Rob Percival authored
Otherwise, |dec| gets moved past the end of the signature by o2i_SCT_signature and then can't be correctly freed afterwards. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1548) (cherry picked from commit 73ccf3ca)
-
Rob Percival authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1548) (cherry picked from commit 70a06fc1)
-
Rob Percival authored
This gives better code coverage and is more representative of how a user would likely construct an SCT (using the base64 returned by a CT log). Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1548) (cherry picked from commit f7a39a5a)
-
Richard Levitte authored
The rationale is that the linux-x86 is the most likely config target to evolve and should therefore be chosen when possible, while linux-elf is mostly reserved for older Linux machines. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1924) (cherry picked from commit 27a451e3)
-
Richard Levitte authored
'linux-x86' is similar to 'linux-x86_64' but uses -m32 rather than -m64. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1924) (cherry picked from commit 7fbc0bfd)
-
Matt Caswell authored
ssl_test_old was reaching inside the SSL structure and changing the internal BIO values. This is completely unneccessary, and was causing an abort in the test when enabling TLSv1.3. I also removed the need for ssl_test_old to include ssl_locl.h. This required the addition of some missing accessors for SSL_COMP name and id fields. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit e304d3e2)
-
Rich Salz authored
Factorise multiple bn_get_top(group->field) calls Add missing checks on some conditional BN_copy return value Add missing checks on some BN_copy return value Add missing checks on a few bn_wexpand return value Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1626) (cherry picked from commit 78e09b53)
-
- Nov 15, 2016
-
-
Rich Salz authored
Also fix version in libcrypto.num, from backporting new functions. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554) (cherry picked from commit ebcb5368)
-
Rob Percival authored
Checks that the epoch_time_in_ms field of CT_POLICY_EVAL_CTX is initialized to approximately the current time (as returned by time()) by default. This prevents the addition of this field, and its verification during SCT validation, from breaking existing code that calls SCT_validate directly. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554) (cherry picked from commit ebcb5368)
-
Rob Percival authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554) (cherry picked from commit 08e588b7)
-
Rob Percival authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554) (cherry picked from commit 5e086066)
-
Rob Percival authored
As requested in https://github.com/openssl/openssl/pull/1554#issuecomment-246371575 . Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554) (cherry picked from commit c22aa33e)
-
Rob Percival authored
See https://github.com/openssl/openssl/pull/1554#issuecomment-246354677 . Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554) (cherry picked from commit f0f535e9)
-
Rob Percival authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554) (cherry picked from commit e25233d9)
-
Rob Percival authored
Do not call the time "current", as a different time can be provided. For example, a time slightly in the future, to provide tolerance for CT logs with a clock that is running fast. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554) (cherry picked from commit 1871a5aa)
-