- 05 2月, 2019 1 次提交
-
-
由 Sam Roberts 提交于
Trim trailing whitespace. It doesn't match OpenSSL coding standards, AFAICT, and it can cause problems with git tooling. Trailing whitespace remains in test data and external source. Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8092)
-
- 01 2月, 2019 1 次提交
-
-
由 Michael Tuexen 提交于
When computing the end-point shared secret, don't take the terminating NULL character into account. Please note that this fix breaks interoperability with older versions of OpenSSL, which are not fixed. Fixes #7956 Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7957)
-
- 31 1月, 2019 1 次提交
-
-
由 weinholtendian 提交于
Previously if -psk was given a bad key it would print "Not a hex number 's_server'". CLA: Trivial Reviewed-by: NPaul Yang <yang.yang@baishancloud.com> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8113)
-
- 30 1月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
The option -twopass to the pkcs12 app is ignored if -passin, -passout or -password is used. We should complain if an attempt is made to use it in combination with those options. Fixes #8107 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8114)
-
- 28 1月, 2019 1 次提交
-
-
由 Antonio Iacono 提交于
A CAdES Basic Electronic Signature (CAdES-BES) contains, among other specifications, a collection of Signing Certificate reference attributes, stored in the signedData ether as ESS signing-certificate or as ESS signing-certificate-v2. These are described in detail in Section 5.7.2 of RFC 5126 - CMS Advanced Electronic Signatures (CAdES). This patch adds support for adding ESS signing-certificate[-v2] attributes to CMS signedData. Although it implements only a small part of the RFC, it is sufficient many cases to enable the `openssl cms` app to create signatures which comply with legal requirements of some European States (e.g Italy). Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7893)
-
- 27 1月, 2019 1 次提交
-
-
由 Shigeki Ohtsu 提交于
Before 1.1.0, this command letter is not sent to a server. CLA: trivial (cherry picked from commit bc180cb4887c2e82111cb714723a94de9f6d2c35) Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8081)
-
- 25 1月, 2019 1 次提交
-
-
由 Klotz, Tobias 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7569)
-
- 24 1月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
Fixes #8050 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8065)
-
- 22 1月, 2019 2 次提交
-
-
由 Richard Levitte 提交于
We have two classes of scripts to be installed, those that are installed as "normal" programs, and those that are installed as "misc" scripts. These classes are installed in different locations, so the build file templates must pay attention. Because we didn't have the tools to indicate what scripts go where, we had these scripts hard coded in the build template files, with the maintenance issues that may cause. Now that we have attributes, those can be used to classify the installed scripts, and have the build file templates simply check the attributes to know what's what. Furthermore, the 'tsget.pl' script exists both as 'tsget.pl' and 'tsget', which is done by installing a symbolic link (or copy). This link name is now given through an attribute, which results in even less hard coding in the Unix Makefile template. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7581)
-
由 Richard Levitte 提交于
This means that all PROGRAMS_NO_INST, LIBS_NO_INST, ENGINES_NO_INST and SCRIPTS_NO_INST are changed to be PROGRAM, LIBS, ENGINES and SCRIPTS with the associated attribute 'noinst'. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7581)
-
- 21 1月, 2019 1 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7286)
-
- 18 1月, 2019 1 次提交
-
-
由 Marc 提交于
1) Add two new flags (-proxy_user & -proxy_pass) to s_client to add support for basic (base64) proxy authentication. 2) Add a "Proxy-Connection: Keep-Alive" HTTP header which is a workaround for some broken proxies which otherwise close the connection when entering tunnel mode (eg Squid 2.6). Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7975)
-
- 17 1月, 2019 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7922)
-
- 23 12月, 2018 1 次提交
-
-
由 FdaSilvaYY 提交于
CID 1440002 (#1 of 1): Use after free (USE_AFTER_FREE) Not a deadly error, because error was just before app exit. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7359)
-
- 20 12月, 2018 1 次提交
-
-
由 Rich Salz 提交于
Remove some casts on password callback by adding a wrapper function. Remove level of indent by doing an early-return on failure. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7873)
-
- 18 12月, 2018 1 次提交
-
-
由 Quantomicus 提交于
Fixes #7722 CLA: trivial Signed-off-by: NMateja Milosevic <quantumgleam@gmail.com> Reviewed-by: NPaul Yang <yang.yang@baishancloud.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7915)
-
- 12 12月, 2018 1 次提交
-
-
由 Todd Short 提交于
Based originally on github.com/dfoxfranke/libaes_siv This creates an SIV128 mode that uses EVP interfaces for the CBC, CTR and CMAC code to reduce complexity at the cost of perfomance. The expected use is for short inputs, not TLS-sized records. Add multiple AAD input capacity in the EVP tests. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3540)
-
- 11 12月, 2018 1 次提交
-
-
由 Richard Levitte 提交于
Fixes #7861 Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7866)
-
- 07 12月, 2018 1 次提交
-
-
由 Boris Pismenny 提交于
Signed-off-by: NBoris Pismenny <borisp@mellanox.com> Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NPaul Yang <yang.yang@baishancloud.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5253)
-
- 06 12月, 2018 2 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7765)
-
由 Richard Levitte 提交于
We're strictly use version numbers of the form MAJOR.MINOR.PATCH. Letter releases are things of days past. The most central change is that we now express the version number with three macros, one for each part of the version number: OPENSSL_VERSION_MAJOR OPENSSL_VERSION_MINOR OPENSSL_VERSION_PATCH We also provide two additional macros to express pre-release and build metadata information (also specified in semantic versioning): OPENSSL_VERSION_PRE_RELEASE OPENSSL_VERSION_BUILD_METADATA To get the library's idea of all those values, we introduce the following functions: unsigned int OPENSSL_version_major(void); unsigned int OPENSSL_version_minor(void); unsigned int OPENSSL_version_patch(void); const char *OPENSSL_version_pre_release(void); const char *OPENSSL_version_build_metadata(void); Additionally, for shared library versioning (which is out of scope in semantic versioning, but that we still need): OPENSSL_SHLIB_VERSION We also provide a macro that contains the release date. This is not part of the version number, but is extra information that we want to be able to display: OPENSSL_RELEASE_DATE Finally, also provide the following convenience functions: const char *OPENSSL_version_text(void); const char *OPENSSL_version_text_full(void); The following macros and functions are deprecated, and while currently existing for backward compatibility, they are expected to disappear: OPENSSL_VERSION_NUMBER OPENSSL_VERSION_TEXT OPENSSL_VERSION OpenSSL_version_num() OpenSSL_version() Also, this function is introduced to replace OpenSSL_version() for all indexes except for OPENSSL_VERSION: OPENSSL_info() For configuration, the option 'newversion-only' is added to disable all the macros and functions that are mentioned as deprecated above. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7724)
-
- 22 11月, 2018 1 次提交
-
-
由 Matthew Hodgson 提交于
Fixes #7675 On macOS, if you call `connect()` on a UDP socket you cannot then call `sendto()` with a destination, otherwise it fails with Err#56 ('socket is already connected'). By calling `BIO_ctrl_set_connected()` on the wbio we can tell it that the socket has been connected and make it call `send()` rather than `sendto()`. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7676)
-
- 20 11月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7668)
-
- 19 11月, 2018 1 次提交
-
-
由 Johannes Bauer 提交于
This patch adds the ability to interactively enter passphrases for the pkeyutl application. For example, you could use $ openssl pkeyutl -kdf TLS1-PRF -kdflen 8 -pkeyopt md:md5 -pkeyopt_passin secret -pkeyopt_passin seed To have the "secret" and "seed" values read interactively from keyboard (with hidden input). Alternatively, the pass phrase argument syntax is also supported, e.g.: $ openssl pkeyutl -kdf TLS1-PRF -kdflen 8 -pkeyopt md:md5 -pkeyopt_passin secret:stdin -pkeyopt_passin seed:env:SEEDVAR To have "secret" read from stdin and "seed" from the environment variable SEEDVAR. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5697)
-
- 13 11月, 2018 1 次提交
-
-
由 Viktor Dukhovni 提交于
SSL_get_signature_nid() -- local signature algorithm SSL_get_signature_type_nid() -- local signature algorithm key type SSL_get_peer_tmp_key() -- Peer key-exchange public key SSL_get_tmp_key -- local key exchange public key Aliased pre-existing SSL_get_server_tmp_key(), which was formerly just for clients, to SSL_get_peer_tmp_key(). Changed internal calls to use the new name. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 10 11月, 2018 1 次提交
-
-
由 Mansour Ahmadi 提交于
Reviewed-by: NPaul Yang <yang.yang@baishancloud.com> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7427)
-
- 02 11月, 2018 2 次提交
-
-
由 Richard Levitte 提交于
The documentation says some commands care, but the code says differently. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7440)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7541)
-
- 29 10月, 2018 1 次提交
-
-
由 Richard Levitte 提交于
Believe it or not, the VMS C compiler is remarking on this Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7194)
-
- 19 10月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
An unknown PSK identity could be because its actually a session resumption attempt. Sessions resumptions and external PSKs are indistinguishable so the callbacks need to fail gracefully if they don't recognise the identity. Fixes #7433 Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7434)
-
- 17 10月, 2018 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Commit ffb46830 introduced the 'rand_serial' option. When it is used, the 'serialfile' does not get initialized, i.e. it remains a NULL pointer. This causes a crash when the NULL pointer is passed to the rotate_serial() call. This commit fixes the crash and unifies the pointer checking before calling the rotate_serial() and save_serial() commands. Fixes #7412 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7417)
-
- 13 10月, 2018 1 次提交
-
-
由 Tomas Mraz 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7377)
-
- 09 10月, 2018 1 次提交
-
-
由 Benjamin Kaduk 提交于
Historically (i.e., OpenSSL 1.0.x), the openssl applications would allow for empty subject attributes to be passed via the -subj argument, e.g., `opensl req -subj '/CN=joe/O=/OU=local' ...`. Commit db4c08f0 applied a badly needed rewrite to the parse_name() helper function that parses these strings, but in the process dropped a check that would skip attributes with no associated value. As a result, such strings are now treated as hard errors and the operation fails. Restore the check to skip empty attribute values and restore the historical behavior. Document the behavior for empty subject attribute values in the corresponding applications' manual pages. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7349)
-
- 02 10月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Free memory allocated in the parent process that is not needed in the child. We also free it in the parent. Technically this isn't really required since we end up calling exit() soon afterwards - but to prevent false positives we free it anyway. Fixes a Coverity issue. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7335)
-
- 01 10月, 2018 1 次提交
-
-
由 Richard Levitte 提交于
Related to #6696 Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6702)
-
- 23 9月, 2018 1 次提交
-
-
由 Bernd Edlinger 提交于
It's a bit annoying, since some commands try to read a .rnd file, and print an error message if the file does not exist. But previously a .rnd file was created on exit, and that does no longer happen. Fixed by continuing in app_RAND_load_conf regardless of the error in RAND_load_file. If the random number generator is still not initalized on exit, the function RAND_write_file will fail and no .rnd file would be created. Remove RANDFILE from openssl.cnf Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/7217)
-
- 22 9月, 2018 1 次提交
-
-
由 agnosticdev 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7277)
-
- 13 9月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
-early_data is not compatible with -www, -WWW, -HTTP or -rev. Fixes #7200 Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7206)
-
- 12 9月, 2018 1 次提交
-
-
由 Pauli 提交于
Add support for HMAC over any evp supported digest. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6945)
-
- 11 9月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
If sizeof(int) != sizeof(size_t) this may not work correctly. Fixes a Coverity issue. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7168)
-