- Apr 24, 2018
-
-
Matt Caswell authored
In 1.0.2 you could configure automatic ecdh params by using the ECDHParameters config directive and setting it to the value "+Automatic" or just "Automatic". This is no longer required in 1.1.0+ but we still recognise the "+Automatic" keyword for backwards compatibility. However we did not recognise just "Automatic" without the leading "+" which is equally valid. This commit fixes that omission. Fixes #4113 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6036)
-
- Apr 23, 2018
-
-
Billy Brumley authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6009) (cherry picked from commit 39df5152)
-
Nicola Tuveri authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6009) (cherry picked from commit 736b31e5)
-
Nicola Tuveri authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6009) (cherry picked from commit f4675379)
-
Billy Brumley authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6009) (cherry picked from commit a067a870)
-
Nicola Tuveri authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6009) (cherry picked from commit 36bed230)
-
Billy Brumley authored
Co-authored-by: Nicola Tuveri <nic.tuv@gmail.com> Co-authored-by: Cesar Pereida Garcia <cesar.pereidagarcia@tut.fi> Co-authored-by: Sohaib ul Hassan <soh.19.hassan@gmail.com> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6009) (cherry picked from commit 40e48e54)
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6043) (cherry picked from commit 198a2ed7)
-
Richard Levitte authored
On Unix, this doesn't matter, but on other platforms, it may. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6050) (cherry picked from commit 25642ad2)
-
Richard Levitte authored
For 'openssl dhparams', the output file was opened after calculations were made, which is a waste of cycles and time if the output file turns out not to be writable. Fixes #3404 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6051) (cherry picked from commit 10b37541)
-
- Apr 21, 2018
-
-
Bernd Edlinger authored
Back-port of #5911 Fixes: #5899 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6037)
-
- Apr 20, 2018
-
-
Bernd Edlinger authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6028)
-
Bernd Edlinger authored
Casting to the generic function type "void (*)(void)" prevents the warning. Backport of #5816 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6027)
-
Bernd Edlinger authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6026) (cherry picked from commit 0e0f8116)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6021)
-
Matt Caswell authored
DTLS was not correctly returning the number of pending bytes left in a call to SSL_pending(). This makes the detection of truncated packets almost impossible. Fixes #5478 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6021)
-
Matt Caswell authored
We were sending illegal parameter. This isn't correct. The parameters are legal, we just don't have an overlap. A more appropriate alert is handshake failure. Fixes #2919 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6010)
-
- Apr 19, 2018
-
-
Richard Levitte authored
Configurations/90-team.conf isn't for public consumption, so we rename it to 90-team.norelease.conf and make sure 'make dist' and 'make tar' don't include it in the tarball. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6016)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6002)
-
Matt Caswell authored
The X509_STORE_CTX_init() docs explicitly allow a NULL parameter for the X509_STORE. Therefore we shouldn't crash if we subsequently call X509_verify_cert() and no X509_STORE has been set. Fixes #2462 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6002)
-
Matt Caswell authored
If we run the ocsp command line app and the responder returns a non-successful status code then the app should exit with a failure code. Based on an original patch by Tatsuhiro Tsujikawa. Fixes #2387 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5999)
-
Emilia Kasper authored
The behaviour of X509_cmp_time used to be undocumented. The new behaviour, documented in master, is to return only 0, 1, or -1. Make the code in the other branches to adhere to this behaviour too, to reduce confusion. There is nothing to be gained from returning other values. Fixes GH#4954 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4955)
-
Matt Caswell authored
Explicitly state which digests can be used with which algorithms. Fixes #5854 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5995)
-
- Apr 18, 2018
-
-
Rahul Chaudhry authored
Branch to global symbol results in reference to PLT, and when compiling for THUMB-2 - in a R_ARM_THM_JUMP19 relocation. Some linkers don't support this relocation (ld.gold), while others can end up truncating the relocation to fit (ld.bfd). Convert this branch through PLT into a direct branch that the assembler can resolve locally. See https://github.com/android-ndk/ndk/issues/337 for background. The current workaround is to disable poly1305 optimization assembly, which is not optimal and can be reverted after this patch: https://github.com/freedesktop/gstreamer-cerbero/commit/beab607d2b1ff23c41b7e01aa9c64be5e247d1e6 CLA: trivial Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5949) (cherry picked from commit 5bb1cd22)
-
Matt Caswell authored
Fixes #5934 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5993)
-
- Apr 17, 2018
-
-
Matt Caswell authored
If SSL_set_bio() is called with a NULL wbio after a failed connection then this can trigger an assertion failure. This should be valid behaviour and the assertion is in fact invalid and can simply be removed. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5966) (cherry picked from commit bd7775e1)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5987) (cherry picked from commit 2bdeffef)
-
Matt Caswell authored
We cannot provide a certificate status on a resumption so we should ignore this extension in that case. Fixes #1662 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5897)
-
Dr. Matthias St. Pierre authored
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/5977)
-
- Apr 16, 2018
-
-
Dr. Matthias St. Pierre authored
Fixes #5961 This reverts commit d8adfdcd . The macros OPENSSL_MAKE_VERSION() and OPENSSL_VERSION_AT_LEAST() contain errors and don't work as designed. Apart from that, their introduction should be held back until a decision has been mad about the future versioning scheme. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5968)
-
Billy Brumley authored
RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set. CVE-2018-0737 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Apr 14, 2018
-
-
Matthias Kraft authored
Implemented a stripped down dladdr()-implementation using AIX' own loadquery()-function. Following the SGI example in the same code, the DL_info only has the dli_fname member. As the scope of dlfcn_pathbyaddr() is the filename, this implementation does not consider archive members, which can be dlopen()ed in AIX. Added DATA segment checking to catch ptrgl virtual addresses. Added test case for DSO_dsobyaddr(), but only for DSO_DLFCN. Added PIC-flag to aix*-cc build targets. Signed-off-by: Matthias Kraft <makr@gmx.eu> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5626)
-
- Apr 13, 2018
-
-
Richard Levitte authored
There is a test to check that 'genrsa' doesn't accept absurdly low number of bits. Apart from that, this test is designed to check the working functionality of 'openssl genrsa', so instead of having a hard coded lower limit on the size key, let's figure out what it is. Partially fixes #5751 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5754)
-
Richard Levitte authored
The documentation erroneously stated that one can change the default configuration file name. Fixes #5939 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5941) (cherry picked from commit 0320e8e2)
-
- Apr 12, 2018
-
-
Richard Levitte authored
X509_get_default_cert_dir_env() returns the default environment variable to check for certificate directories. X509_get_default_cert_dir() returns the default configured certificate directory. Use these instead of hard coding our own values, and thereby be more integrated with the rest of OpenSSL. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5937) (cherry picked from commit 362ff3c3)
-
Richard Levitte authored
Fixes #5902 Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5937) (cherry picked from commit adaf3cfa)
-
Daniel Bevenius authored
This is a minor update which hopefully makes these particular lines read a little easier. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5938) (cherry picked from commit 0652e8a7)
-
Rich Salz authored
The wrong "set" field was incremented in the wrong place and would create a new RDN, not a multi-valued RDN. RDN inserts would happen after not before. Prepending an entry to an RDN incorrectly created a new RDN Anything which built up an X509_NAME could get a messed-up structure, which would then be "wrong" for anyone using that name. Thanks to Ingo Schwarze for extensive debugging and the initial fix (documented in GitHub issue #5870). Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5882) (cherry picked from commit bbf27cd5)
-
- Apr 09, 2018
-
-
Andy Polyakov authored
The warning reads "[cast] may cause misaligned access". Even though this can be application-supplied pointer, misaligned access shouldn't happen, because structure type is "encoded" into data itself, and application would customarily pass correctly aligned pointer. But there is no harm in resolving the warning... Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5894) (cherry picked from commit 55bd917b)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-