- 14 2月, 2019 3 次提交
-
-
由 Sam Roberts 提交于
set_cipher_list() sets TLSv1.2 (and below) ciphers, and its success or failure should not depend on whether set_ciphersuites() has been used to setup TLSv1.3 ciphers. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7759) (cherry picked from commit 3c83c5ba4f6502c708b7a5f55c98a10e312668da)
-
由 Richard Levitte 提交于
There are times when one might want to use something like DEFINE_STACK_OF in a .c file, because it defines a stack for a type defined in that .c file. Unfortunately, when configuring with `--strict-warnings`, clang aggressively warn about unused functions in such cases, which forces the use of such DEFINE macros to header files. We therefore disable this warning from the `--strict-warnings` definition for clang. (note for the curious: `-Wunused-function` is enabled via `-Wall`) Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8234) (cherry picked from commit f11ffa505f8a9345145a26a05bf77b012b6941bd)
-
由 Michael Haubenwallner 提交于
CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8226) (cherry picked from commit fa63e45262971b9c2a6aeb33db8c52a5a84fc8b5)
-
- 13 2月, 2019 2 次提交
-
-
由 Daniel DeFreez 提交于
CLA: trivial Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NPaul Yang <yang.yang@baishancloud.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8137) (cherry picked from commit b754a8a1590b8c5c9662c8a0ba49573991488b20)
-
由 Andy Polyakov 提交于
ARMv8.3 adds pointer authentication extension, which in this case allows to ensure that, when offloaded to stack, return address is same at return as at entry to the subroutine. The new instructions are nops on processors that don't implement the extension, so that the vetification is backward compatible. Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8205) (cherry picked from commit 9a18aae5f21efc59da8b697ad67d5d37b95ab322)
-
- 11 2月, 2019 4 次提交
-
-
由 Richard Levitte 提交于
This allows the user to override our defaults if needed, and in a consistent manner. Partial fix for #7607 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7624) (cherry picked from commit ca811248d838058c13236a6c3b688e0ac98c02c8)
-
由 Richard Levitte 提交于
Fixes #8091 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8094)
-
由 Tomas Mraz 提交于
If the old openssl versions not supporting the .include directive load a config file with it, they will bail out with error. This change allows using the .include = <filename> syntax which is interpreted as variable assignment by the old openssl config file parser. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8141) (cherry picked from commit 9d5560331d86c6463e965321f774e4eed582ce0b)
-
由 Daniel DeFreez 提交于
CLA: Trivial Reviewed-by: NPaul Yang <yang.yang@baishancloud.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8183) (cherry picked from commit 758229f7d22775d7547e3b3b886b7f6a289c6897)
-
- 08 2月, 2019 4 次提交
-
-
由 Todd Short 提交于
Reviewed-by: NPaul Yang <yang.yang@baishancloud.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8168) (cherry picked from commit 1980ce45d6bdd2b57df7003d6b56b5df560b9064)
-
由 Todd Short 提交于
o2i_ECPublicKey() requires an EC_KEY structure filled with an EC_GROUP. o2i_ECPublicKey() is called by d2i_PublicKey(). In order to fulfill the o2i_ECPublicKey()'s requirement, d2i_PublicKey() needs to be called with an EVP_PKEY with an EC_KEY containing an EC_GROUP. However, the call to EVP_PKEY_set_type() frees any existing key structure inside the EVP_PKEY, thus freeing the EC_KEY with the EC_GROUP that o2i_ECPublicKey() needs. This means you can't d2i_PublicKey() for an EC key... The fix is to check to see if the type is already set appropriately, and if so, not call EVP_PKEY_set_type(). Reviewed-by: NPaul Yang <yang.yang@baishancloud.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8168) (cherry picked from commit 2aa2beb06cc25c1f8accdc3d87b946205becfd86)
-
由 Pauli 提交于
reinstantiating the DRBG. Bug reported by Doug Gibbons. Reviewed-by: NPaul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/8184) (cherry picked from commit b1522fa5ef676b7af0128eab3eee608af3416182)
-
由 Richard Levitte 提交于
The manual says this in its notes: ... and therefore applications using static linking should also call OPENSSL_thread_stop() on each thread. ... Fixes #8171 Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8173) (cherry picked from commit 03cdfe1efaf2a3b5192b8cb3ef331939af7bfeb8)
-
- 07 2月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
Making this a no-op removes a potential infinite loop than can occur in some situations. Fixes #2865 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8167) (cherry picked from commit ef45aa14c5af024fcb8bef1c9007f3d1c115bd85)
-
- 05 2月, 2019 4 次提交
-
-
由 Sam Roberts 提交于
Trim trailing whitespace. It doesn't match OpenSSL coding standards, AFAICT, and it can cause problems with git tooling. Trailing whitespace remains in test data and external source. Backport-of: https://github.com/openssl/openssl/pull/8092Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8134)
-
由 Sam Roberts 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8145) (cherry picked from commit 3499327bad401eb510d76266428923d06c9c7bb7)
-
由 Matthias Kraft 提交于
Fixes #7732 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8158) (cherry picked from commit 66a60003719240399f6596e58c239df0465a4f70)
-
由 batist73 提交于
CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8153) (cherry picked from commit adc7e221f12462c6e10bc7c2c7afaf52490cb292)
-
- 02 2月, 2019 1 次提交
-
-
由 Bernd Edlinger 提交于
The commit 5dc40a83c74be579575a512b30d9c1e0364e6a7b forgot to add a short description to the CHANGES file. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8144) (cherry picked from commit b2aea0e3d9a15e30ebce8b6da213df4a3f346155)
-
- 01 2月, 2019 4 次提交
-
-
由 Michael Tuexen 提交于
When computing the end-point shared secret, don't take the terminating NULL character into account. Please note that this fix breaks interoperability with older versions of OpenSSL, which are not fixed. Fixes #7956 Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7957) (cherry picked from commit 09d62b336d9e2a11b330d45d4f0f3f37cbb0d674)
-
由 Bernd Edlinger 提交于
If the second PUBKEY is malformed there is use after free. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8122) (cherry picked from commit 5dc40a83c74be579575a512b30d9c1e0364e6a7b)
-
由 Bernd Edlinger 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8116) (cherry picked from commit 53649022509129bce8036c8fb4978dbce9432a86)
-
由 Bernd Edlinger 提交于
Additionally avoid undefined behavior with in-place memcpy in X509_CRL_digest. Fixes #8099 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8112) (cherry picked from commit a727627922b8a9ec6628ffaa2054b4b3833d674b)
-
- 31 1月, 2019 4 次提交
-
-
由 Richard Levitte 提交于
Fixes #8129 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8130) (cherry picked from commit 62b563b9df161a992fde18a0cb0d1a0969158412)
-
由 Richard Levitte 提交于
VMS doesn't currently support unloading of shared object, and we need to reflect that. Without this, the shlibload test fails Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8131) (cherry picked from commit d1dd5d6f4c2f13478aa45557b4546febd51f0cb3)
-
由 weinholtendian 提交于
Previously if -psk was given a bad key it would print "Not a hex number 's_server'". CLA: Trivial Reviewed-by: NPaul Yang <yang.yang@baishancloud.com> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8113) (cherry picked from commit e57120128fa4e2afa4bda5022a77f73a1e3a0b27)
-
由 Petr Vorel 提交于
instead of duplicity the code. CLA: trivial Signed-off-by: NPetr Vorel <petr.vorel@gmail.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8127) (cherry picked from commit c4734493d7da404b1747195a805c8d536dbe6910)
-
- 30 1月, 2019 2 次提交
-
-
由 Matt Caswell 提交于
The option -twopass to the pkcs12 app is ignored if -passin, -passout or -password is used. We should complain if an attempt is made to use it in combination with those options. Fixes #8107 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8114) (cherry picked from commit 40b64553f577716cb4898895f5fd4530a6266c75)
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8111) (cherry picked from commit 522b11e969cbdc82eca369512275f227080a86fa)
-
- 29 1月, 2019 2 次提交
-
-
由 Matt Caswell 提交于
If the call the ERR_set_error_data() in ERR_add_error_vdata() fails then a mem leak can occur. This commit checks that we successfully added the error data, and if not frees the buffer. Fixes #8085 Reviewed-by: NPaul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/8105) (cherry picked from commit fa6b1ee1115c1e5e3a8286d833dcbaa2c1ce2b77)
-
由 Richard Levitte 提交于
It apepars that ANDROID_NDK_HOME is the recommended standard environment variable for the NDK. We retain ANDROID_NDK as a fallback. Fixes #8101 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8103) (cherry picked from commit 6e826c471b7f0431391a4e9f9484f6ea2833774a)
-
- 27 1月, 2019 5 次提交
-
-
由 Michael Richardson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7960) (cherry picked from commit 61e033308b1c004bd808352fb1d786547dcdf62b)
-
由 David Asraf 提交于
When the ret parameter is NULL the generated prime is in rnd variable and not in ret. CLA: trivial Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8076) (cherry picked from commit 3d43f9c809e42b960be94f2f4490d6d14e063486)
-
由 Shigeki Ohtsu 提交于
Before 1.1.0, this command letter is not sent to a server. CLA: trivial (cherry picked from commit bc180cb4887c2e82111cb714723a94de9f6d2c35) Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8081) (cherry picked from commit 5478e2100260b8d6f9df77de875f37763d8eeec6)
-
由 Tomas Mraz 提交于
Reviewed-by: NPaul Yang <yang.yang@baishancloud.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8082) (cherry picked from commit d7bcbfd0828616f33008e711eabc6ec00b32e87b)
-
由 Matthias Kraft 提交于
Only for SunCC for now. It turns out that some compilers to generate external variants of unused static inline functions, and if they use other external symbols, those need to be present as well. If you then happen to include one of safestack.h or lhash.h without linking with libcrypto, the build fails. Fixes #6912 Signed-off-by: NMatthias Kraft <Matthias.Kraft@softwareag.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8087) (cherry picked from commit 6638b2214761b5f30300534e0fe522448113c6cf)
-
- 25 1月, 2019 2 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Fixes #8084 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8086) (cherry picked from commit 2c75f03b39de2fa7d006bc0f0d7c58235a54d9bb)
-
由 Klotz, Tobias 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7569) (cherry picked from commit 5c8b7b4caa0faedb69277063a7c6b3a8e56c6308)
-
- 24 1月, 2019 2 次提交
-
-
由 Matt Caswell 提交于
This commit erroneously kept the DTLS timer running after the end of the handshake. This is not correct behaviour and shold be reverted. This reverts commit f7506416. Fixes #7998 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8047) (cherry picked from commit bcc1f3e2baa9caa83a0a94bd19fb37488ef3ee57)
-
由 Matt Caswell 提交于
During a DTLS handshake we may need to periodically handle timeouts in the DTLS timer to ensure retransmits due to lost packets are performed. However, one peer will always complete a handshake before the other. The DTLS timer stops once the handshake has finished so any handshake messages lost after that point will not automatically get retransmitted simply by calling DTLSv1_handle_timeout(). However attempting an SSL_read implies a DTLSv1_handle_timeout() and additionally will process records received from the peer. If those records are themselves retransmits then we know that the peer has not completed its handshake yet and a retransmit of our final flight automatically occurs. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8047) (cherry picked from commit 80c455d5ae405e855391e298a2bf8a24629dd95d)
-