- 29 1月, 2019 1 次提交
-
-
由 Richard Levitte 提交于
It apepars that ANDROID_NDK_HOME is the recommended standard environment variable for the NDK. We retain ANDROID_NDK as a fallback. Fixes #8101 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8103) (cherry picked from commit 6e826c471b7f0431391a4e9f9484f6ea2833774a)
-
- 27 1月, 2019 5 次提交
-
-
由 Michael Richardson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7960) (cherry picked from commit 61e033308b1c004bd808352fb1d786547dcdf62b)
-
由 David Asraf 提交于
When the ret parameter is NULL the generated prime is in rnd variable and not in ret. CLA: trivial Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8076) (cherry picked from commit 3d43f9c809e42b960be94f2f4490d6d14e063486)
-
由 Shigeki Ohtsu 提交于
Before 1.1.0, this command letter is not sent to a server. CLA: trivial (cherry picked from commit bc180cb4887c2e82111cb714723a94de9f6d2c35) Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8081) (cherry picked from commit 5478e2100260b8d6f9df77de875f37763d8eeec6)
-
由 Tomas Mraz 提交于
Reviewed-by: NPaul Yang <yang.yang@baishancloud.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8082) (cherry picked from commit d7bcbfd0828616f33008e711eabc6ec00b32e87b)
-
由 Matthias Kraft 提交于
Only for SunCC for now. It turns out that some compilers to generate external variants of unused static inline functions, and if they use other external symbols, those need to be present as well. If you then happen to include one of safestack.h or lhash.h without linking with libcrypto, the build fails. Fixes #6912 Signed-off-by: NMatthias Kraft <Matthias.Kraft@softwareag.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8087) (cherry picked from commit 6638b2214761b5f30300534e0fe522448113c6cf)
-
- 25 1月, 2019 2 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Fixes #8084 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8086) (cherry picked from commit 2c75f03b39de2fa7d006bc0f0d7c58235a54d9bb)
-
由 Klotz, Tobias 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7569) (cherry picked from commit 5c8b7b4caa0faedb69277063a7c6b3a8e56c6308)
-
- 24 1月, 2019 2 次提交
-
-
由 Matt Caswell 提交于
This commit erroneously kept the DTLS timer running after the end of the handshake. This is not correct behaviour and shold be reverted. This reverts commit f7506416. Fixes #7998 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8047) (cherry picked from commit bcc1f3e2baa9caa83a0a94bd19fb37488ef3ee57)
-
由 Matt Caswell 提交于
During a DTLS handshake we may need to periodically handle timeouts in the DTLS timer to ensure retransmits due to lost packets are performed. However, one peer will always complete a handshake before the other. The DTLS timer stops once the handshake has finished so any handshake messages lost after that point will not automatically get retransmitted simply by calling DTLSv1_handle_timeout(). However attempting an SSL_read implies a DTLSv1_handle_timeout() and additionally will process records received from the peer. If those records are themselves retransmits then we know that the peer has not completed its handshake yet and a retransmit of our final flight automatically occurs. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8047) (cherry picked from commit 80c455d5ae405e855391e298a2bf8a24629dd95d)
-
- 22 1月, 2019 1 次提交
-
-
由 Matt Eaton 提交于
Minor typo fix to `adjustment` in the line: "In such case you have to pass matching target name to Configure and shouldn't use -D__ANDROID_API__=N. PATH adjustment becomes simpler, $ANDROID_NDK/bin:$PATH suffices." Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8054) (cherry picked from commit 52bcd4afc84d75f9d22866a3cefaf9ae4e9ff997)
-
- 21 1月, 2019 3 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7286) (cherry picked from commit ac454d8d4663e2fcf8a8437fab8aefd883091c37)
-
由 Bernd Edlinger 提交于
If this fails try out if mfspr268 works. Use OPENSSL_ppccap=0x20 for enabling mftb, OPENSSL_ppccap=0x40 for enabling mfspr268, and OPENSSL_ppccap=0 for enabling neither. Fixes #8012 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8043) (cherry picked from commit c8f370485c43729db44b680e41e875ddd7f3108c)
-
由 Corey Minyard 提交于
If you use a BIO and set up your own buffer that is not freed, the memory bio will leak the BIO_BUF_MEM object it allocates. The trouble is that the BIO_BUF_MEM is allocated and kept around, but it is not freed if BIO_NOCLOSE is set. The freeing of BIO_BUF_MEM was fairly confusing, simplify things so mem_buf_free only frees the memory buffer and free the BIO_BUF_MEM in mem_free(), where it should be done. Alse add a test for a leak in the memory bio Setting a memory buffer caused a leak. Signed-off-by: NCorey Minyard <minyard@acm.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8051) (cherry picked from commit c6048af23c577bcf85f15122dd03b65f959c9ecb)
-
- 17 1月, 2019 3 次提交
-
-
由 David Benjamin 提交于
The RSAZ code requires the input be fully-reduced. To be consistent with the other codepaths, move the BN_nnmod logic before the RSAZ check. This fixes an oft-reported fuzzer bug. https://github.com/google/oss-fuzz/issues/1761Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7187) (cherry picked from commit 3afd537a3c2319f68280804004e9bf2e798a43f7)
-
由 Richard Levitte 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7922) (cherry picked from commit 9b10986d7742a5105ac8c5f4eba8b103caf57ae9)
-
由 Richard Levitte 提交于
Having a weak getauxval() and only depending on GNU C without looking at the library we build against meant that it got picked up where not really expected. So we change this to check for the glibc version, and since we know it exists from that version, there's no real need to make it weak. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/8028) (cherry picked from commit 5f40dd158cbfa0a3bd86c32f7a77fec8754bb245)
-
- 16 1月, 2019 1 次提交
-
-
由 Richard Levitte 提交于
It turns out that AT_SECURE may be defined through other means than our inclusion of sys/auxv.h, so to be on the safe side, we define our own guard and use that to determine if getauxval() should be used or not. Fixes #7932 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7933) (cherry picked from commit aefb980c45134d84f1757de1a9c61d699c8a7e33)
-
- 15 1月, 2019 4 次提交
-
-
由 Matt Caswell 提交于
We don't use this information so we shouldn't fetch it. As noted in the comments in #8005. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8020) (cherry picked from commit ea09abc80892920ee5db4de82bed7a193b5896f0)
-
由 Matt Caswell 提交于
Fixes #8005 Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8020) (cherry picked from commit 7fe0ed75e3e7760226a0a3a5a86cf3887004f6e4)
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8019) (cherry picked from commit d63bde7827b0be1172f823baf25309b54aa87e0f)
-
由 Matt Caswell 提交于
Spotted by OSTIF audit Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8019) (cherry picked from commit 0a5bda639f8fd59e15051cf757708e3b94bcf399)
-
- 09 1月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
We were setting a limit of SSL3_RT_MAX_PLAIN_LENGTH on the size of the ClientHello. AFAIK there is nothing in the standards that requires this limit. The limit goes all the way back to when support for extensions was first added for TLSv1.0. It got converted into a WPACKET max size in 1.1.1. Most likely it was originally added to avoid the complexity of having to grow the init_buf in the middle of adding extensions. With WPACKET this is irrelevant since it will grow automatically. This issue came up when an attempt was made to send a very large certificate_authorities extension in the ClientHello. We should just remove the limit. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7424) (cherry picked from commit 7835e97b6ff5cd94a10c5aeac439f4aa145a77b2)
-
- 08 1月, 2019 3 次提交
-
-
由 FdaSilvaYY 提交于
5. check_return: Calling EVP_EncodeUpdate without checking return value (as is done elsewhere 4 out of 5 times). Fix CID 1371695, 1371698: Resource leak in test/evp_test.c - leaked_storage: Variable edata going out of scope leaks the storage it points to. - leaked_storage: Variable encode_ctx going out of scope leaks the storage it points to Fix CID 1430437, 1430426, 1430429 : Dereference before null check in test/drbg_cavs_test.c check_after_deref: Null-checking drbg suggests that it may be null, but it has already been dereferenced on all paths leading to the check Fix CID 1440765: Dereference before null check in test/ssltestlib.c check_after_deref: Null-checking ctx suggests that it may be null, but it has already been dereferenced on all paths leading to the check. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7993) (cherry picked from commit 760e2d60e62511a6fb96f547f6730d05eb5f47ec)
-
由 Viktor Dukhovni 提交于
1. In addition to overriding the default application name, one can now also override the configuration file name and flags passed to CONF_modules_load_file(). 2. By default we still keep going when configuration file processing fails. But, applications that want to be strict about initialization errors can now make explicit flag choices via non-null OPENSSL_INIT_SETTINGS that omit the CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far been both undocumented and unused). 3. In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG if the options already include OPENSSL_INIT_NO_LOAD_CONFIG. 4. Don't set up atexit() handlers when called with opts equal to OPENSSL_INIT_BASE_ONLY (this flag should only be used alone). Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7969)
-
由 Viktor Dukhovni 提交于
Some Travis builds appear to fail because generated objects get 2019 copyrights now, and the diff complains. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7969)
-
- 07 1月, 2019 3 次提交
-
-
由 Matt Caswell 提交于
This was complicated by the fact that we were using this extension for our duplicate extension handling tests. In order to add tests for cryptopro bug the duplicate extension handling tests needed to change first. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7984) (cherry picked from commit 9effc496ad8a9b0ec737c69cc0fddf610a045ea4)
-
由 Matt Caswell 提交于
The cryptopro extension is supposed to be unsolicited and appears in the ServerHello only. Additionally it is unofficial and unregistered - therefore we should really treat it like any other unknown extension if we see it in the ClientHello. Fixes #7747 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7984) (cherry picked from commit 23fed8ba0ec895e1b2a089cae380697f15170afc)
-
由 Dr. Matthias St. Pierre 提交于
This looks like a copy&paste error from req.pod to x509.pod. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7995) (cherry picked from commit 67ee899cb51d3e3d7b5f00b878f8f82a097b93f0)
-
- 06 1月, 2019 2 次提交
-
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7985) (cherry picked from commit 673e0bbbe4b9cbd19a247c0b18c171bb0421915a)
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7979) (cherry picked from commit 87bbbfb1e4fc2035e8f9ec1d6313a41c410a3218)
-
- 05 1月, 2019 7 次提交
-
-
由 Matt Caswell 提交于
This enables cleanup to happen on DLL unload instead of at process exit. [extended tests] Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7983)
-
由 Matt Caswell 提交于
This option prevents OpenSSL from pinning itself in memory. Fixes #7598 [extended tests] Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7983)
-
由 Matt Caswell 提交于
Test that atexit handlers get called properly at process exit, unless we have explicitly asked for them not to be. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7983)
-
由 Matt Caswell 提交于
The whole point of shlibloadtest is to test dynamically loading and unloading the library. If we link shlibloadtest against libcrypto then that might mask potential issues. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7983)
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7983)
-
由 Matt Caswell 提交于
We have a number of instances where there are multiple "init" functions for a single CRYPTO_ONCE variable, e.g. to load config automatically or to not load config automatically. Unfortunately the RUN_ONCE mechanism was not correctly giving the right return value where an alternative init function was being used. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7983)
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7983)
-
- 03 1月, 2019 2 次提交
-
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7971) (cherry picked from commit 9c5ef4ea486f675f33592b34775c3e453f60ee69)
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7971) (cherry picked from commit d072eea2e39c4444ecce3598556053a4c552d9a2)
-