- Mar 08, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by:Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
New function ASN1_STRING_clear_free which cleanses an ASN1_STRING structure before freeing it. Call ASN1_STRING_clear_free on PKCS#8 private key components. Reviewed-by:
Rich Salz <rsalz@openssl.org> (cherry picked from commit a8ae0891)
-
Dr. Stephen Henson authored
Reviewed-by:
-
- Mar 07, 2015
-
-
Kurt Roeckx authored
They are moved to the COMPLEMENTOFDEFAULT instead. This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT. Reviewed-by:
-
- Mar 06, 2015
-
-
Matt Caswell authored
Make the output from mkerr.pl consistent with the newly reformatted code. Reviewed-by:
-
- Mar 05, 2015
-
-
Kurt Cancemi authored
This patch uses warning/fatal constants instead of numbers with comments for warning/alerts in d1_pkt.c and s3_pkt.c RT#3725 Reviewed-by:
-
Matt Caswell authored
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error paths as I spotted them along the way. Reviewed-by:
Tim Hudson <tjh@openssl.org> (cherry picked from commit 918bb865) Conflicts: crypto/bio/bss_dgram.c
-
- Mar 02, 2015
-
-
Dr. Stephen Henson authored
CVE-2015-0288 PR#3708 Reviewed-by:
Matt Caswell <matt@openssl.org> (cherry picked from commit 28a00bcd)
-
Dr. Stephen Henson authored
The format script didn't correctly recognise some ASN.1 macros and didn't reformat some files as a result. Fix script and reformat affected files. Reviewed-by:
-
- Feb 27, 2015
-
-
Matt Caswell authored
Some Cisco appliances use a pre-standard version number for DTLS. We support this as DTLS1_BAD_VER within the code. This change fixes d2i_SSL_SESSION for that DTLS version. Based on an original patch by David Woodhouse <dwmw2@infradead.org> RT#3704 Reviewed-by: -
Matt Caswell authored
Added various missing return value checks in tls1_change_cipher_state. Reviewed-by: -
Matt Caswell authored
Fixed various missing return value checks in ssl3_send_newsession_ticket. Also a mem leak on error. Reviewed-by:
-
- Feb 26, 2015
-
-
Matt Caswell authored
When OpenSSL is configured with no-ec, then the new evp_extra_test fails to pass. This change adds appropriate OPENSSL_NO_EC guards around the code. Reviewed-by:
-
- Feb 25, 2015
-
-
Matt Caswell authored
Updates to include SHA224, SHA256, SHA384 and SHA512. In particular note the restriction on setting md to NULL with regards to thread safety. Reviewed-by:
-
Rainer Jung authored
the extract-names.pl script. RT#3718 Reviewed-by: -
Matt Caswell authored
Reviewed-by:Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org> CVE-2015-0209 Reviewed-by: -
Matt Caswell authored
called evp_test.c, so I have called this one evp_extra_test.c Reviewed-by:
-
- Feb 24, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
- Feb 22, 2015
-
-
Andy Polyakov authored
The typo doesn't affect supported configuration, only unsupported masm. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 15b5d658)
-
Edgar Pek authored
Signed-off-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
Kurt Roeckx authored
Reviewed-by:
-
Doug Hogan authored
Signed-off-by:
-
Richard Levitte authored
The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a bit too enthusiastically. Windows/DOSish platforms of all sorts get identified as OPENSSL_SYS_MSDOS, and they get a different treatment altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the configuration. The answer is to restore those macro definitions for the affected configuration targets. Reviewed-by:
-
Richard Levitte authored
The rationale for this move is that TERMIOS is default, supported by POSIX-1.2001, and most definitely on Linux. For a few other systems, TERMIO may still be the termnial interface of preference, so we keep -DTERMIO on those in Configure. crypto/ui/ui_openssl.c is simplified in this regard, and will define TERMIOS for all systems except a select few exceptions. Reviewed-by:
-
- Feb 13, 2015
-
-
Richard Levitte authored
manually picked from e7b85bc4 Reviewed-by:
Stephen Henson <steve@openssl.org> (cherry picked from commit 774ccae6)
-
- Feb 12, 2015
-
-
Rich Salz authored
Reviewed-by:Andy Polyakov <appro@openssl.org>
-
Graeme Perrow authored
Reviewed-by:
-
Eric Dequin authored
Reviewed-by:
-
- Feb 10, 2015
-
-
Emilia Kasper authored
Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion and result in a negative return value, which the "x509 -checkhost" command-line option incorrectly interpreted as success. Also update X509_check_host docs to reflect reality. Thanks to Sean Burford (Google) for reporting this issue. Reviewed-by:
-
Andy Polyakov authored
obj_xref.h was erroneously restored to pre-reformat state. Reviewed-by:
-
- Feb 09, 2015
-
-
Andy Polyakov authored
Reviewed-by:
-
Dr. Stephen Henson authored
Free up bio_err after memory leak data has been printed to it. In int_free_ex_data if ex_data is NULL there is nothing to free up so return immediately and don't reallocate it. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
- Feb 06, 2015
-
-
Matt Caswell authored
Reviewed-by:
-
