- 27 3月, 2018 7 次提交
-
-
由 Matt Caswell 提交于
If we don't have OID data for an object then we should fail if we are asked to encode the ASN.1 for that OID. Fixes #5723 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5725)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Andy Polyakov 提交于
Comparison was effectively reduced to least significant bits. CVE-2018-0733 Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Constructed types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. Therefore we limit the stack depth. CVE-2018-0739 Credit to OSSFuzz for finding this issue. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5756)
-
- 26 3月, 2018 3 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Bernd Edlinger 提交于
openssl x509 -in server.pem -signkey privkey.pem -out server.pem Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5746)
-
由 Bernd Edlinger 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5744)
-
- 25 3月, 2018 3 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5741)
-
由 Philippe Antoine 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5675)
-
由 Andy Polyakov 提交于
'nmake clean' was leaving some artefacts behind. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 23 3月, 2018 7 次提交
-
-
由 Richard Levitte 提交于
myDSO_dsobyaddr and myDSO_free are only used in a narrow block of code, and can therefore be made local to that block. Otherwise, some compilers may warn that they are unused. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5733)
-
由 Richard Levitte 提交于
These errors were hidden because compiling this file didn't get the macros derived from the dso_scheme attribute, and therefore, some code never got compiled. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5733)
-
由 Richard Levitte 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5733)
-
由 Richard Levitte 提交于
The macros resulting from the dso_scheme attribute were defined for libraries only, but there's a test program that uses the macros as well. The easier way is to move the handling of this macro to crypto/include/internal/dso_conf.h and having the modules that need it include it. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5733)
-
由 Richard Levitte 提交于
.res files weren't treated consistently. They weren't included at all in the build of a shared library, and were named inconsistently; .res sometimes, and .res.o otherwise. Now we standardise it to .res.o, which is the recommended way with GNU tools. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5730)
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5713)
-
由 Bernd Edlinger 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5412)
-
- 22 3月, 2018 15 次提交
-
-
由 Rich Salz 提交于
Add it to apps as well as libraries. Fix the copyright year generation. Thanks to user RTT for pointing this out. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5704)
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4159)
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4159)
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Some platforms, cough-DJGPP, fail to compile claiming that requested alignment is greater than maximum possible. Supposedly original alignment was result of an attempt to utilize AVX2... Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5708)
-
由 Andy Polyakov 提交于
In other words no-sock DJGPP build should suppress syslogging. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5708)
-
由 Andy Polyakov 提交于
At earlier point e_os.h was omitted from a number of headers (in order to emphasize OS neutrality), but this affected o_fopen.c, which is not OS-neutral, and contains some DJGPP-specific code. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5708)
-
由 Pauli 提交于
The strsignal call is not supported by some machines, so avoid its use. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5658)
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #5580
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #5580
-
由 FdaSilvaYY 提交于
Add missing guards around STRP-related fields Remove two unneeded global variables: my 2'cents to #4679 Merge definition and instantiation of srpsrvparm global. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4908)
-
由 Matt Caswell 提交于
Fixes #5711 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5712)
-
由 Philippe Antoine 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5706)
-
由 David Benjamin 提交于
In particular, x and y may be NULL, as used in ecdsa_ossl.c. Make use of this in ecdh_ossl.c as well, to save an otherwise unnecessary temporary. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5532)
-
- 21 3月, 2018 5 次提交
-
-
由 Bernd Edlinger 提交于
Various code-cleanups. Use SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY) insead of handling SSL_ERROR_WANT_READ everywhere. Turn off the linger option on connected sockets to avoid failure. Add BIO_set_conn_mode(conn, BIO_SOCK_NODELAY) to improve thruput. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3952)
-
由 Jack Bates 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2181)
-
由 Matt Caswell 提交于
For DTLS/SCTP we were waiting for a dry event during the call to tls_finish_handshake(). This function just tidies up various internal things, and after it completes the handshake is over. I can find no good reason for waiting for a dry event here, and nothing in RFC6083 suggests to me that we should need to. More importantly though it seems to be wrong. It is perfectly possible for a peer to send app data/alerts/new handshake while we are still cleaning up our handshake. If this happens then we will never get the dry event and so we cannot continue. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5084)
-
由 Matt Caswell 提交于
At a couple of points in a DTLS/SCTP handshake we need to wait for a dry event before continuing. However if an alert has been sent by the peer then we will never receive that dry event and an infinite loop results. This commit changes things so that we attempt to read a message if we are waiting for a dry event but haven't got one yet. This should never succeed, but any alerts will be processed. Fixes #4763 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5084)
-
由 Peter Wu 提交于
Fixes regression from #5667. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5701)
-