- 11 6月, 2019 3 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9123) (cherry picked from commit e98e586b31386af2b2212729da85561a207e7af3)
-
由 Shigeki Ohtsu 提交于
ae3947de changed the callback arg not to have a const parameter. CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9104) (cherry picked from commit 7588660a534a9f154e1e25aa763964d507af8aab)
-
由 Richard Levitte 提交于
So say the docs Fixes #8055 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8368) (cherry picked from commit 69f6b3ceaba493e70e1296880ea6c93e40714f0f)
-
- 10 6月, 2019 1 次提交
-
-
由 Tomas Mraz 提交于
The lookup for ::1 with getaddrinfo() might return error even if the ::1 would work if AI_ADDRCONFIG flag is used. Fixes: #9053 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9108) (cherry picked from commit 3f91ede9aea70774d9b5d509bc76d484ebaff6aa)
-
- 09 6月, 2019 2 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9118)
-
由 Dr. Matthias St. Pierre 提交于
The DEVRANDOM_WAIT feature added a select() call to wait for the `/dev/random` device to become readable before reading from the `/dev/urandom` device. It was introduced in commit 38023b87f037 in order to mitigate the fact that the `/dev/urandom` device does not block until the initial seeding of the kernel CSPRNG has completed, contrary to the behaviour of the `getrandom()` system call. It turned out that this change had negative side effects on performance which were not acceptable. After some discussion it was decided to revert this feature and leave it up to the OS resp. the platform maintainer to ensure a proper initialization during early boot time. Fixes #9078 This partially reverts commit 38023b87f037. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (cherry picked from commit a08714e18131b1998faa0113e5bd4024044654ac) (Merged from https://github.com/openssl/openssl/pull/9118)
-
- 07 6月, 2019 2 次提交
-
-
由 Acheev Bhagat 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9101) (cherry picked from commit bab6046146c4fc8f088c1aaca11598ede7609c04)
-
由 David Makepeace 提交于
[skip ci] Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9102) (cherry picked from commit 87762939b508c7968d3c54d44c1319416c27603e)
-
- 06 6月, 2019 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Fixes #9092 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9093) (cherry picked from commit e6071f29c24cd22ac7857bf88917598265cc90a9)
-
- 04 6月, 2019 3 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
In commit 2b8fa1d5 the version-specific SSL/TLS methods were deprecated. This patch improves the documentation of that change by stating the deprecation more prominently in the manual page and explaining the reason for the deprecation. Fixes #8989 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9001) (cherry picked from commit f308fa2573b0320236cd2c2d73db37c49e3eb779)
-
由 Vitezslav Cizek 提交于
The 4 kB SPACE_SYS_STR_REASONS in crypto/err/err.c isn't enough for some locales. The Russian locales consume 6856 bytes, Ukrainian even 7000. build_SYS_str_reasons() contains an overflow check: if (cnt > sizeof(strerror_pool)) cnt = sizeof(strerror_pool); But since commit 9f15e5b911ba6053e09578f190354568e01c07d7 it no longer works as cnt is incremented once more after the condition. cnt greater than sizeof(strerror_pool) results in an unbounded OPENSSL_strlcpy() in openssl_strerror_r(), eventually causing a crash. When the first received error string was empty or contained only spaces, cur would move in front of the start of the strerror_pool. Also don't call openssl_strerror_r when the pool is full. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8966) (cherry picked from commit fac9200a881a83bef038ebed628ebd409786a1a6)
-
由 Dr. Matthias St. Pierre 提交于
The DEBUG_SAFESTACK preprocessor define is obsolete since 2008 when the non-safestack code was removed by commit 985de863. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9070) (cherry picked from commit d4f63f1c39c3908cd81fda07448144bafb9aba4a)
-
- 03 6月, 2019 3 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8773) (cherry picked from commit a77b4dba237d001073d2d1c5d55c674a196c949f)
-
由 Matt Caswell 提交于
If we receive a KeyUpdate message (update requested) from the peer while we are in the middle of a write, we should defer sending the responding KeyUpdate message until after the current write is complete. We do this by waiting to send the KeyUpdate until the next time we write and there is no pending write data. This does imply a subtle change in behaviour. Firstly the responding KeyUpdate message won't be sent straight away as it is now. Secondly if the peer sends multiple KeyUpdates without us doing any writing then we will only send one response, as opposed to previously where we sent a response for each KeyUpdate received. Fixes #8677 Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8773) (cherry picked from commit feb9e31c40c49de6384dd0413685e9b5a15adc99)
-
由 Shane Lontis 提交于
Fixes #8923 Found using the openssl cms -resign option. This uses an alternate path to do the signing which was not adding the required signed attribute content type. The content type attribute should always exist since it is required is there are any signed attributes. As the signing time attribute is always added in code, the content type attribute is also required. The CMS_si_check_attributes() method adds validity checks for signed and unsigned attributes e.g. The message digest attribute is a signed attribute that must exist if any signed attributes exist, it cannot be an unsigned attribute and there must only be one instance containing a single value. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8944) (cherry picked from commit 19e512a8244a6f527d0194339a8f9fc45468537a)
-
- 01 6月, 2019 1 次提交
-
-
由 David Benjamin 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9050) (cherry picked from commit 8be6a4ed02297f380bbea269f2e1c08a592444bc)
-
- 31 5月, 2019 3 次提交
-
-
由 Retropotenza 提交于
CLA: trivial Fixes #8911 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8866) (cherry picked from commit fdbb3a865575136f3b432690357423c2512831fa)
-
由 Sambit Kumar Dash 提交于
Minor typo. CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8866) (cherry picked from commit 3527cfcf283d2ee2e14e85f8e432eb1bcc687dbe)
-
由 Sambit Kumar Dash 提交于
Method name correction. CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9052) (cherry picked from commit 3c9a8d4a5155e1b02fab63ea97b8131eadda8320)
-
- 30 5月, 2019 2 次提交
-
-
由 agnosticdev 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9041) (cherry picked from commit 03da376ff7504c63a1d00d57cf41bd7b7e93ff65)
-
由 Pauli 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8606) (cherry picked from commit 711a161f03ef9ed7cd149a22bf1203700c103e96)
-
- 29 5月, 2019 4 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
openssl_config_int() returns the uninitialized variable `ret` when compiled with OPENSSL_SYS_UEFI. Fixes #9026 Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9029) (cherry picked from commit f4a96507fb880d5f5a707c138388cb8b5b1ba8c8)
-
由 Iuri Rezende Souza 提交于
CLA: trivial Reviewed-by: NPaul Yang <yang.yang@baishancloud.com> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9021) (cherry picked from commit ea8d07b155d26abb52574a1c1366b662a27ffbed)
-
由 Richard Levitte 提交于
Not all Unixen know the -v option Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9012) (cherry picked from commit 3b8033f3f593ac06aaea5d050960366001ef99f0)
-
由 Richard Levitte 提交于
Use -bnoentry, not -bexpall Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9012) (cherry picked from commit f3d6a3644679d37e791408ff3750d0baa76d1206)
-
- 28 5月, 2019 9 次提交
-
-
由 Tomas Mraz 提交于
The #7408 implemented mandatory digest checking in TLS. However this broke compatibility of DSS support with GnuTLS which supports only SHA1 with DSS. There is no reason why SHA256 would be a mandatory digest for DSA as other digests in SHA family can be used as well. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9015) (cherry picked from commit cd4c83b52423008391b50abcccf18a7d8fcce03b)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9034)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9017)
-
由 Richard Levitte 提交于
OpenSSL 1.1.1's Configure treats the strings in @disablables as regexps, which means that the 'buildtest-c++' option needs a bit of escaping to be interpreted as intended. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9016)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8370) (cherry picked from commit 284d19c2ced0264bd46de61718aa4a60efa8d175)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8370) (cherry picked from commit 26a053d195d5cc8a5cd648da3f05d3ff0e47f776)
-
由 Richard Levitte 提交于
Disabled by default Fixes #8360 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8370) (cherry picked from commit ac4033d658e4dc210ed4552b88069b57532ba3d7)
-
- 27 5月, 2019 3 次提交
-
-
由 Richard Levitte 提交于
We add the extra warning and sanitizer options to check our code, which is entirely in C. We support C++ compilers uniquely for the sake of certain external test suites, and those projects can probably sanitize their own code themselves. [extended tests] Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9013) (cherry picked from commit 3b437400d90fb89ce5e0d74fd79bda9028f185fb)
-
由 Richard Levitte 提交于
The documentation of what a X509_LOOKUP implementation must do was unclear and confusing. Most of all, clarification was needed that it must store away the found objects in the X509_STORE. Fixes #8707 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8755) (cherry picked from commit 19f43f02aa5349034d0a7a60c3a750e046f994b5)
-
由 FdaSilvaYY 提交于
Add a few coverage test case. Fixes #8949 [extended tests] Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8959) (cherry picked from commit 5b3accde606ffe01466426bd59407ffca0690d23)
-
- 24 5月, 2019 3 次提交
-
-
由 voev 提交于
CLA: trivial Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/8979)
-
由 agnosticdev 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8995) (cherry picked from commit 5435a830765a63692b8e1e406142d1602133a5a0)
-
由 Sambit Kumar Dash 提交于
CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8952) (cherry picked from commit 55e09d17d4c84213d372651b0c91bdc9ef786728)
-