- Dec 02, 2015
-
-
Dr. Stephen Henson authored
When parsing a combined structure pass a flag to the decode routine so on error a pointer to the parent structure is not zeroed as this will leak any additional components in the parent. This can leak memory in any application parsing PKCS#7 or CMS structures. CVE-2015-3195. Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using libFuzzer. PR#4131 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
The feature_test_macros(7) manual tells us that _BSD_SOURCE is deprecated since glibc 2.20 and that the compiler will warn about it being used, unless _DEFAULT_SOURCE is defined as well. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit f9fd3524)
-
- Nov 24, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 63eb10a0)
-
Dr. Stephen Henson authored
Thanks to Guido Vranken <guidovranken@gmail.com> for reporting this issue. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 158e5207) Conflicts: crypto/asn1/asn1_par.c
-
- Oct 10, 2015
-
-
Dr. Stephen Henson authored
PR#4079 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit c69ce935) Conflicts: crypto/evp/e_des3.c
-
- Oct 06, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit e58c4d3c)
-
- Sep 29, 2015
-
-
Ismo Puustinen authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 6f997dc3)
-
- Sep 25, 2015
-
-
Rich Salz authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 1d4ddb4e)
-
- Sep 22, 2015
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 68d53e4f)
-
Rich Salz authored
For all release branches. It adds travis build support. If you don't have a config file it uses the default (because we enabled travis for the project), which uses ruby/rake/rakefiles, and you get confusing "build still failing" messages. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit db9defdf)
-
- Sep 17, 2015
-
-
Matt Caswell authored
In master we have the function OPENSSL_clear_free(x,y), which immediately returns if x == NULL. In <=1.0.2 this function does not exist so we have to do: OPENSSL_cleanse(x, y); OPENSSL_free(x); However, previously, OPENSSL_cleanse did not check that if x == NULL, so the real equivalent check would have to be: if (x != NULL) OPENSSL_cleanse(x, y); OPENSSL_free(x); It would be easy to get this wrong during cherry-picking to other branches and therefore, for safety, it is best to just ensure OPENSSL_cleanse also checks for NULL. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 020d8fc8)
-
- Sep 16, 2015
-
-
Ivo Raisr authored
PR#4035 Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org> (cherry picked from commit 929f6d6f)
-
- Sep 11, 2015
-
-
Dr. Stephen Henson authored
If the field separator isn't specified through -nameopt then use XN_FLAG_SEP_CPLUS_SPC instead of printing nothing and returing an error. PR#2397 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 03706afa)
-
- Sep 01, 2015
-
-
Matt Caswell authored
Builds using no-tlsext in 1.0.0 and 0.9.8 are broken. This commit fixes the issue. The same commit is applied to 1.0.1 and 1.0.2 branches for code consistency. However this commit will not fix no-tlsext in those branches which have always been broken for other reasons. The commit is not applied to master at all, because no-tlsext has been completely removed from that branch. Based on a patch by Marc Branchaud <marcnarc@xiplink.com> Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 9a931208) Conflicts: ssl/ssl_sess.c
-
- Aug 31, 2015
-
-
Richard Levitte authored
Because we recently encourage people to have a .dir-locals.el, it's a good idea to ignore it on a git level. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit d7c02691)
-
Richard Levitte authored
Apparently, emacs sees changes to auto-fill-mode as insecure Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 6dc08048)
-
Richard Levitte authored
This file, when copied to .dir-locals.el in the OpenSSL source top, will make sure that the CC mode style "OpenSSL-II" will be used for all C files. Additionally, I makes sure that tabs are never used as indentation character, regardless of the emacs mode, and that the fill column is 78. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 0927f0d8)
-
Richard Levitte authored
This hopefully conforms closely enough to the current code style. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit d9b3554b)
-
- Aug 16, 2015
-
-
Rich Salz authored
Best hope of keeping current. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 4f46473a)
-
- Aug 01, 2015
-
-
Dirk Wetter authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit e36ce2d9)
-
- Jul 31, 2015
-
-
Loganaden Velvindron authored
From a CloudFlare patch. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 1a586b39)
-
- Jul 30, 2015
-
-
Martin Vejnar authored
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit fa4629b6)
-
- Jul 29, 2015
-
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 932af161)
-
- Jul 13, 2015
-
-
Richard Levitte authored
Fixes GH#330 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit eeb97bce) Conflicts: apps/Makefile
-
- Jul 10, 2015
-
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit da24e6f8)
-
Richard Levitte authored
Instead of piping through tardy, and possibly suffering from bugs in certain versions, use --transform, --owner and --group directly with GNU tar (we already expect that tar variant). Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 27f98436) Conflicts: Makefile.org
-
- Jul 09, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 2a7059c5)
-
- Jul 06, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 5727582c) Conflicts: doc/crypto/X509_NAME_get_index_by_NID.pod
-
- Jul 02, 2015
-
-
Dr. Stephen Henson authored
The PSK identity hint should be stored in the SSL_SESSION structure and not in the parent context (which will overwrite values used by other SSL structures with the same SSL_CTX). Use BUF_strndup when copying identity as it may not be null terminated. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 3c66a669)
-
- Jun 25, 2015
-
-
Dr. Stephen Henson authored
PR#3923 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit ffbf304d)
-
- Jun 16, 2015
-
-
Richard Levitte authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit b4f0d1a4)
-
Richard Levitte authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 30cf9178)
-
- Jun 11, 2015
-
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Updates to CHANGES and NEWS to take account of the latest security fixes. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
CVE-2015-1790 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
Also tighten X509_cmp_time to reject more than three fractional seconds in the time; and to reject trailing garbage after the offset. CVE-2015-1789 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Fix loop in do_free_upto if cmsbio is NULL: this will happen when attempting to verify and a digest is not recognised. Reported by Johannes Bauer. CVE-2015-1792 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
$(PROGS) was mistakenly removed, adding it back. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 5ef5b9ff)
-
Matt Caswell authored
Fix error handling in ssl_session_dup, as well as incorrect setting up of the session ticket. Follow on from CVE-2015-1791. Thanks to LibreSSL project for reporting these issues. Conflicts: ssl/ssl_sess.c Reviewed-by: Tim Hudson <tjh@openssl.org>
-