- 17 1月, 2018 4 次提交
-
-
由 Paul Yang 提交于
Because the related PR/commits are merged in 2018... Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4976)
-
由 Paul Yang 提交于
To avoid check failure, make dummy RETURN VALUES sections in the docs which have no real functions decribed inside... Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4976)
-
由 Paul Yang 提交于
All missing sections are added. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4976)
-
由 Matt Caswell 提交于
I received this error from a TLSProxy test: Failed to start up server (localhost,4443): Transport endpoint is not connected So, extend the timeout before we give up trying to connect to the server. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5088)
-
- 16 1月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
Commit 9f944291 changed the semantics of BN_copy() to additionally copy the BN_FLG_CONSTTIME flag if it is set. This turns out to be ill advised as it has unintended consequences. For example calling BN_mod_inverse_no_branch() can sometimes return a result with the flag set and sometimes not as a result. This can lead to later failures if we go down code branches that do not support constant time, but check for the presence of the flag. The original commit was made due to an issue in BN_MOD_CTX_set(). The original PR fixed the problem in that function, but it was changed in review to fix it in BN_copy() instead. The solution seems to be to revert the BN_copy() change and go back to the originally proposed way. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5080)
-
由 Dr. Matthias St. Pierre 提交于
Fixes #5076 Since do_rand_drbg_init() allocates three locks, it needs to ensure that OPENSSL_init_crypto() is called, otherwise these resources are not cleaned up properly. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5083)
-
- 15 1月, 2018 5 次提交
-
-
由 Richard Levitte 提交于
The same kind of failure that has already been observed on the s_client can sometimes also be observed on s_server, so we need to add the same kind of 50ms delay as was previously added on s_client. Ref: git commit cb2e10f2: Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5079)
-
由 Richard Levitte 提交于
Only when building the main shared libraries Fixes #5075 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5077)
-
由 Richard Levitte 提交于
This was identified for Windows almost two years ago for VC and msys/mingw. It seems that Cygwin suffers from the same issue, and since Cygwin doesn't define OPENSSL_SYS_WINDOWS, we need to make a special case to have a 50ms pause before closing the TLS connection. Ref: git commit cb2e10f2Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5074)
-
由 Bernd Edlinger 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5072)
-
由 Bernd Edlinger 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5072)
-
- 13 1月, 2018 1 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5071)
-
- 12 1月, 2018 1 次提交
-
-
由 Pauli 提交于
This to avoid a clash with a #defined symbol on Solaris from time.h. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5064)
-
- 11 1月, 2018 2 次提交
-
-
由 Patrick Schlangen 提交于
The data argument of SSL_dane_tlsa_add is used read-only, so it should be const. Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5056)
-
由 Dr. Matthias St. Pierre 提交于
- Avoid creating repeated year ranges <current_year>-<current_year> for documents which were added in the current year. - Use extended regular expressions for better readability (less quoting) - Use a shebang line which is more portable Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5044)
-
- 10 1月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
In the case of a protocol version alert being sent by a peer the record version number may not be what we are expecting. In DTLS records with an unexpected version number are silently discarded. This probably isn't appropriate for alerts, so we tolerate a mismatch in the minor version number. This resolves an issue reported on openssl-users where an OpenSSL server chose DTLS1.0 but the client was DTLS1.2 only and sent a protocol_version alert with a 1.2 record number. This was silently ignored by the server. Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5018)
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5047)
-
- 09 1月, 2018 13 次提交
-
-
由 Todd Short 提交于
Found with gcc 4.8.4 Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5045)
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5038)
-
由 David von Oheimb 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4994)
-
由 Christian Heimes 提交于
Closes: https://github.com/openssl/openssl/issues/4897Signed-off-by: NChristian Heimes <christian@python.org> Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4898)
-
由 Tomas Mraz 提交于
This avoids situations where third party client is unable to recognize that the client certificate was issued by the same CA with name differring only by case or insignificant characters. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4731)
-
由 Patrick Steuer 提交于
In man1/engine.pod and man3/ENGINE_add.pod Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4956)
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4958)
-
由 Jacob Hoffman-Andrews 提交于
Many of the sub-commands under apps/ accept cipher or digest arguments like "-sha256". These are implemented using a catchall flag that runs the result through opt_md() or opt_cipher(). That means any unrecognized flag, including typos, gets sent to those two functions, producing confusing error messages like below: $ ./apps/openssl req -x590 req: Unrecognized digest x590 req: Use -help for summary. This change switches these two functions to say "Unrecognized flag X" instead. The new message deliberately leaves off the "-" from the flag name, because there are some cases where opt_md() and opt_cipher() are passed a flag value instead (for instance, openssl ca -md). I think the new message is generic enough that it can serve both cases with improved clarity. CLA: trivial Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4972)
-
由 EasySec 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5000)
-
由 pass86 提交于
CLA: trivial Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5029)
-
由 Noah Robbin 提交于
Extract the RSA key using EVP_PKEY_get0. Type is checked externally to be either EVP_PKEY_RSA_PSS or EVP_PKEY_RSA. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4389)
-
由 Noah Robbin 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4389)
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5036)
-
- 08 1月, 2018 10 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
usage: openssl-update-copyright [-h|--help] [file|directory] ... Updates the year ranges of all OpenSSL copyright statements in the given files or directories. (Directories are traversed recursively.) Only copyright statements containing the string 'The OpenSSL Project' are affected. The copyright time range is adjusted to include the current year. If only a single year was specified, it is replaced by a time range starting at that year and ending at the current year. All '(c)' and '(C)' signs are preserved. Signed-off-by: NDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5027)
-
由 Richard Levitte 提交于
So far, we've placed all extra library related flags together, ending up in the make variable EX_LIBS. This turns out to be problematic, as for example, some compilers don't quite agree with something like this: cc -o foo foo.o -L/whatever -lsomething They prefer this: cc -L/whatever -o foo foo.o -lsomething IBM's compiler on OS/390 is such a compiler that we know of, and we have previously handled that as a previous case. The answer here is to make a more general solution, where linking options are divided in two parts, where one ends up in LDFLAGS and the other in EX_LIBS (they corresponds to what is called LDFLAGS and LDLIBS in the GNU world) Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5033)
-
由 Richard Levitte 提交于
The uClinux targets included some attributes that would result in circular references of CFLAGS and LDCLAGS. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5034)
-
由 Rich Salz 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5030)
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5031)
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4634)
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4634)
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4634)
-
由 Andy Polyakov 提交于
SPARC ISA doesn't have provisions to back up 128-bit multiplications and additions. And so multiplications are done with library calls and carries with comparisons and conditional moves. As result base 2^51 code is >40% slower... Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Andy Polyakov 提交于
[and improve formatting] Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5001)
-