Skip to main content
swh:1:snp:dc2a5002442a00b1c0eda7c65d04ea7455e166cd
sort by:
RevisionAuthorDateMessageCommit Date
323d39e Matt Caswell22 January 2015, 03:30:12 UTCRerun util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:31:48 UTC
ae5c866 Matt Caswell22 January 2015, 03:29:12 UTCRun util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:31:38 UTC
aae3233 Matt Caswell21 January 2015, 23:54:59 UTCMore tweaks for comments due indent issues Conflicts: ssl/ssl_ciph.c ssl/ssl_locl.h Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:29:11 UTC
04f7cbe Matt Caswell21 January 2015, 22:38:06 UTCFix modes.h so that indent doesn't complain Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:29:06 UTC
45bd361 Matt Caswell21 January 2015, 22:03:55 UTCBackport hw_ibmca.c from master due to failed merge Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:29:00 UTC
335d4d0 Matt Caswell21 January 2015, 21:22:49 UTCTweaks for comments due to indent's inability to handle them Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:28:55 UTC
f3b6ee3 Matt Caswell21 January 2015, 19:18:47 UTCMove more comments that confuse indent Conflicts: crypto/dsa/dsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl_locl.h Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:28:49 UTC
a1b20ff Dr. Stephen Henson21 January 2015, 15:32:54 UTCDelete trailing whitespace from output. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:28:43 UTC
628afe6 Dr. Stephen Henson20 January 2015, 18:53:56 UTCAdd -d debug option to save preprocessed files. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:28:38 UTC
defc825 Dr. Stephen Henson20 January 2015, 18:49:04 UTCTest option -nc Add option -nc which sets COMMENTS=true but disables all indent comment reformatting options. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:28:32 UTC
319d5c7 Andy Polyakov21 January 2015, 16:28:45 UTCec/ecp_nistz256.c: further harmonization with latest rules. Conflicts: crypto/ec/ecp_nistz256.c Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:28:26 UTC
3807db9 Matt Caswell21 January 2015, 16:37:58 UTCAdd ecp_nistz256.c to list of files skipped by openssl-format-source Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:28:20 UTC
0f344da Matt Caswell21 January 2015, 16:34:27 UTCManually reformat aes_x86core.c and add it to the list of files skipped by openssl-format-source Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:28:14 UTC
23690f9 Andy Polyakov21 January 2015, 15:51:06 UTCcrypto/ofb128.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:28:08 UTC
9a11440 Andy Polyakov21 January 2015, 15:49:27 UTCmodes/ctr128.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:28:03 UTC
ea09c04 Andy Polyakov21 January 2015, 15:47:51 UTCmodes/cfb128.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:27:58 UTC
e1e7dc5 Andy Polyakov21 January 2015, 15:02:33 UTCec/ecp_nistz256.c: harmonize with latest indent script. Conflicts: crypto/ec/ecp_nistz256.c Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:27:52 UTC
cc4cd82 Matt Caswell21 January 2015, 16:12:59 UTCFix indent comment corruption issue Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:27:47 UTC
d18d367 Matt Caswell21 January 2015, 15:28:57 UTCAmend openssl-format-source so that it give more repeatable output Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:27:41 UTC
065e671 Andy Polyakov21 January 2015, 12:18:42 UTCbn/bn_const.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:27:35 UTC
3bca047 Andy Polyakov21 January 2015, 10:54:03 UTCbn/asm/x86_64-gcc.cL make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:27:29 UTC
78e74b5 Andy Polyakov21 January 2015, 10:50:56 UTCbn/bn_asm.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:27:22 UTC
c0edd77 Andy Polyakov21 January 2015, 10:45:23 UTCbn/bn_exp.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:27:16 UTC
e4e5457 Matt Caswell21 January 2015, 14:01:16 UTCManually reformat aes_core.c Add aes_core.c to the list of files not processed by openssl-format-source Conflicts: crypto/aes/aes_core.c Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:27:10 UTC
9b21438 Matt Caswell21 January 2015, 13:51:38 UTCAdd obj_dat.h to the list of files that will not be processed by openssl-format-source Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:27:05 UTC
cc6e2a5 Matt Caswell21 January 2015, 12:19:08 UTCFix strange formatting by indent Conflicts: crypto/hmac/hmac.h Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:26:58 UTC
85b120f Andy Polyakov21 January 2015, 10:11:32 UTCmodes/modes_lcl.h: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:26:52 UTC
65a6a1f Matt Caswell21 January 2015, 11:09:58 UTCindent has problems with comments that are on the right hand side of a line. Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Conflicts: crypto/bn/bn.h crypto/ec/ec_lcl.h crypto/rsa/rsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl.h ssl/ssl3.h Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:26:44 UTC
fbdbb28 Andy Polyakov21 January 2015, 09:25:54 UTCmodes/gcm128.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:26:38 UTC
80e1750 Andy Polyakov21 January 2015, 08:11:28 UTCmodes/cts128.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:26:32 UTC
11552dd Andy Polyakov20 January 2015, 22:45:19 UTCcrypto/mem_dbg.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:26:26 UTC
4ce632f Matt Caswell21 January 2015, 09:33:22 UTCMore indent fixes for STACK_OF Conflicts: ssl/s3_lib.c Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:26:15 UTC
7b1ac23 Matt Caswell20 January 2015, 22:54:52 UTCFix indent issue with functions using STACK_OF Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:26:10 UTC
bdc21a1 Matt Caswell20 January 2015, 22:17:03 UTCFix indent issue with engine.h Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:26:04 UTC
39108d5 Matt Caswell20 January 2015, 22:13:39 UTCFix logic to check for indent.pro Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:25:58 UTC
d565023 Andy Polyakov20 January 2015, 14:49:55 UTCcrypto/cryptlib.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:25:52 UTC
96a66a9 Andy Polyakov20 January 2015, 14:22:42 UTCbn/bntest.c: make it indent-friendly. Conflicts: crypto/bn/bntest.c Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:25:45 UTC
20c554c Andy Polyakov20 January 2015, 14:12:07 UTCbn/bn_recp.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:25:39 UTC
d72781b Andy Polyakov20 January 2015, 13:57:46 UTCengines/e_ubsec.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:25:33 UTC
ff397a8 Andy Polyakov20 January 2015, 13:15:44 UTCapps/speed.c: make it indent-friendly. Conflicts: apps/speed.c Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:25:25 UTC
abef2b4 Andy Polyakov20 January 2015, 11:55:04 UTCbn/rsaz_exp.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:25:19 UTC
d2f8517 Matt Caswell14 January 2015, 21:26:14 UTCFix make errors Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:25:13 UTC
27df27d Richard Levitte20 January 2015, 15:18:23 UTCMake the script a little more location agnostic Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:25:06 UTC
4a81e0f Matt Caswell20 January 2015, 12:37:42 UTCProvide script for filtering data initialisers for structs/unions. indent just can't handle it. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:24:59 UTC
24e6a03 Dr. Stephen Henson20 January 2015, 14:12:10 UTCScript fixes. Don't use double newline for headers. Don't interpret ASN1_PCTX as start of an ASN.1 module. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:24:44 UTC
9d63b5e Richard Levitte20 January 2015, 14:17:02 UTCRun expand before perl, to make sure things are properly aligned Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:24:38 UTC
a45030f Richard Levitte20 January 2015, 14:14:24 UTCForce the use of our indent profile Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:24:32 UTC
45b575a Tim Hudson05 January 2015, 10:17:50 UTCProvide source reformating script. Requires GNU indent to be available. Script written by Tim Hudson, with amendments by Steve Henson, Rich Salz and Matt Caswell Reviewed-by: Matt Caswell <matt@openssl.org>22 January 2015, 09:24:12 UTC
bc2d623 Matt Caswell19 January 2015, 12:42:01 UTCFix source where indent will not be able to cope Conflicts: apps/ciphers.c ssl/s3_pkt.c Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:24:04 UTC
c695ebe Matt Caswell16 January 2015, 09:21:50 UTCAdditional comment changes for reformat of 1.0.2 Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:23:58 UTC
e19d4a9 Matt Caswell05 January 2015, 00:34:00 UTCFurther comment amendments to preserve formatting prior to source reformat (cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5) Conflicts: crypto/x509v3/pcy_tree.c Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:23:50 UTC
6977c7e Tim Hudson28 December 2014, 02:48:40 UTCmark all block comments that need format preserving so that indent will not alter them when reformatting comments (cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960) Conflicts: crypto/bn/bn_lcl.h crypto/bn/bn_prime.c crypto/engine/eng_all.c crypto/rc4/rc4_utl.c crypto/sha/sha.h ssl/kssl.c ssl/t1_lib.c Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:23:04 UTC
43257b9 Richard Levitte13 January 2015, 21:04:58 UTCDefine CFLAGS as cflags on VMS as well Reviewed-by: Matt Caswell <matt@openssl.org>13 January 2015, 23:14:20 UTC
10771e3 Andy Polyakov05 January 2015, 22:40:10 UTCAdd Broadwell performance results. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit b3d7294976c58e0e05d0ee44a0e7c9c3b8515e05)13 January 2015, 20:42:13 UTC
36f694e Matt Caswell13 January 2015, 10:20:12 UTCMake output from openssl version -f consistent with previous versions Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 2d2671790ee12dedd92c97f35b6feb755b8d4374)13 January 2015, 11:28:54 UTC
635ca44 Matt Caswell10 January 2015, 23:36:28 UTCFix warning where BIO_FLAGS_UPLINK was being redefined. This warning breaks the build in 1.0.0 and 0.9.8 Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit b1ffc6ca1c387efad0772c16dfe426afef45dc4f)13 January 2015, 11:24:52 UTC
bd00b8d Matt Caswell09 January 2015, 14:06:36 UTCAvoid deprecation problems in Visual Studio 13 Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 86d21d0b9577322ac5da0114c5fac16eb49b4cef)13 January 2015, 09:47:09 UTC
2194b36 Rich Salz12 January 2015, 17:39:00 UTCAllow multiple IDN xn-- indicators Update the X509v3 name parsing to allow multiple xn-- international domain name indicators in a name. Previously, only allowed one at the beginning of a name, which was wrong. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (cherry picked from commit 31d1d3741f16bd80ec25f72dcdbf6bbdc5664374)12 January 2015, 17:40:29 UTC
e81a836 Kurt Roeckx02 January 2015, 11:27:57 UTCMake build reproducible It contained a date on when it was build. Reviewed-by: Rich Salz <rsalz@openssl.org>10 January 2015, 15:31:27 UTC
cbbb952 Matt Caswell09 January 2015, 23:01:20 UTCFurther windows specific .gitignore entries Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 41c9cfbc4ee7345547fb98cccb8511f082f0910b)09 January 2015, 23:40:41 UTC
04f670c Matt Caswell09 January 2015, 10:19:10 UTCUpdate .gitignore with windows files to be excluded from git Reviewed-by: Tim Hudson <tjh@openssl.org> Conflicts: .gitignore09 January 2015, 11:30:07 UTC
5cee723 Matt Caswell08 January 2015, 19:05:43 UTCFix build failure on Windows due to undefined cflags identifier Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 5c5e7e1a7eb114cf136e1ae4b6a413bc48ba41eb)08 January 2015, 19:24:09 UTC
7c6a3cf Matt Caswell07 January 2015, 14:18:13 UTCA memory leak can occur in dtls1_buffer_record if either of the calls to ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a malloc failure, whilst the latter will fail if attempting to add a duplicate record to the queue. This should never happen because duplicate records should be detected and dropped before any attempt to add them to the queue. Unfortunately records that arrive that are for the next epoch are not being recorded correctly, and therefore replays are not being detected. Additionally, these "should not happen" failures that can occur in dtls1_buffer_record are not being treated as fatal and therefore an attacker could exploit this by sending repeated replay records for the next epoch, eventually causing a DoS through memory exhaustion. Thanks to Chris Mueller for reporting this issue and providing initial analysis and a patch. Further analysis and the final patch was performed by Matt Caswell from the OpenSSL development team. CVE-2015-0206 Reviewed-by: Dr Stephen Henson <steve@openssl.org> (cherry picked from commit 652ff0f4796eecd8729b4690f2076d1c7ccb2862)08 January 2015, 15:46:42 UTC
be3fb8d Dr. Stephen Henson23 October 2014, 19:36:17 UTCUnauthenticated DH client certificate fix. Fix to prevent use of DH client certificates without sending certificate verify message. If we've used a client certificate to generate the premaster secret ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is never called. We can only skip the certificate verify message in ssl3_get_cert_verify if the client didn't send a certificate. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2015-0205 Reviewed-by: Matt Caswell <matt@openssl.org>08 January 2015, 15:46:42 UTC
fb73f12 Matt Caswell03 January 2015, 00:54:35 UTCFollow on from CVE-2014-3571. This fixes the code that was the original source of the crash due to p being NULL. Steve's fix prevents this situation from occuring - however this is by no means obvious by looking at the code for dtls1_get_record. This fix just makes things look a bit more sane. Reviewed-by: Dr Stephen Henson <steve@openssl.org>08 January 2015, 15:46:19 UTC
25d738c Dr. Stephen Henson03 January 2015, 00:45:13 UTCFix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. CVE-2014-3571 Reviewed-by: Matt Caswell <matt@openssl.org>08 January 2015, 11:20:29 UTC
49446ea Andy Polyakov05 January 2015, 14:20:54 UTCFix for CVE-2014-3570 (with minor bn_asm.c revamp). Reviewed-by: Emilia Kasper <emilia@openssl.org> (cherry picked from commit 56df92efb6893abe323307939425957ce878c8f0)08 January 2015, 11:20:29 UTC
f33ab61 Dr. Stephen Henson07 January 2015, 17:36:17 UTCfix error discrepancy Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 4a4d4158572fd8b3dc641851b8378e791df7972d)07 January 2015, 18:10:38 UTC
2d63d0c Andy Polyakov05 January 2015, 21:56:47 UTCFix irix-cc build. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit e464403d0bda2f1f74eb68582e4988e591c32433)07 January 2015, 17:41:17 UTC
cfb5d6c Richard Levitte07 January 2015, 01:15:35 UTCVMS fixups for 1.0.2 Reviewed-by: Rich Salz <rsalz@openssl.org>07 January 2015, 01:15:35 UTC
a936ba1 Dr. Stephen Henson06 January 2015, 21:12:15 UTCuse correct credit in CHANGES Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 4138e3882556c762d77eb827b8be98507cde48df)06 January 2015, 22:41:27 UTC
ed736dd Emilia Kasper06 January 2015, 14:41:04 UTCOnly inherit the session ID context in SSL_set_SSL_CTX if the existing context was also inherited (matches that of the existing SSL_CTX). Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit ac8e9cbe14b59dacfe4ac52bc5ff06f8003e9b01)06 January 2015, 22:10:03 UTC
c7c2a56 Dr. Stephen Henson06 January 2015, 20:55:38 UTCuse correct function name Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit cb62ab4b17818fe66d2fed0a7fe71969131c811b)06 January 2015, 21:04:38 UTC
129344a Dr. Stephen Henson06 January 2015, 20:29:28 UTCRT3662: Allow leading . in nameConstraints Change by SteveH from original by John Denker (in the RT) Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 77ff1f3b8bfaa348956c5096a2b829f2e767b4f1)06 January 2015, 20:33:41 UTC
be6e766 Martin Brejcha16 November 2014, 17:04:40 UTCFix memory leak. Fix memory leak by freeing up saved_message.data if it is not NULL. PR#3489 Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 41cd41c4416f545a18ead37e09e437c75fa07c95)06 January 2015, 16:49:36 UTC
8dc461e Matt Caswell06 January 2015, 15:32:01 UTCRemove blank line from start of cflags character array in buildinf.h Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit b691154e18c0367643696db3cf73debe9ddfa9ae)06 January 2015, 15:35:15 UTC
4b4c1fc Dr. Stephen Henson23 October 2014, 16:09:57 UTCOnly allow ephemeral RSA keys in export ciphersuites. OpenSSL clients would tolerate temporary RSA keys in non-export ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which enabled this server side. Remove both options as they are a protocol violation. Thanks to Karthikeyan Bhargavan for reporting this issue. (CVE-2015-0204) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>06 January 2015, 12:45:10 UTC
1cfd7cf Andy Polyakov06 January 2015, 11:13:36 UTCCHANGES: mention "universal" ARM support. This is re-commit without unrelated modification. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 0548505f4cbd49b9724fab28881e096f9d951e6f)06 January 2015, 11:15:40 UTC
2996157 Andy Polyakov06 January 2015, 11:12:15 UTCRevert "CHANGES: mention "universal" ARM support." This reverts commit caeed719fe3fd619415755f245ab8a904978d99d. Reviewed-by: Matt Caswell <matt@openssl.org>06 January 2015, 11:12:15 UTC
caeed71 Andy Polyakov06 January 2015, 10:10:01 UTCCHANGES: mention "universal" ARM support. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 4fec91506975f62a2f93be71a46acc7fae7eef45)06 January 2015, 10:21:12 UTC
f4868c9 Andy Polyakov07 November 2014, 21:48:22 UTCRemove inconsistency in ARM support. This facilitates "universal" builds, ones that target multiple architectures, e.g. ARMv5 through ARMv7. See commentary in Configure for details. Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit c1669e1c205dc8e695fb0c10a655f434e758b9f7)06 January 2015, 10:14:23 UTC
4aaf1e4 Dr. Stephen Henson24 October 2014, 11:30:33 UTCECDH downgrade bug fix. Fix bug where an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2014-3572 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit b15f8769644b00ef7283521593360b7b2135cb63)05 January 2015, 23:34:57 UTC
d96c249 Dr. Stephen Henson05 January 2015, 16:50:31 UTCupdate ordinals Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 31c65a7bc0de7ff1446645d41af388893362f579)05 January 2015, 16:51:41 UTC
d9b277e Adam Langley05 January 2015, 16:28:33 UTCEnsure that the session ID context of an SSL* is updated when its SSL_CTX is updated. From BoringSSL commit https://boringssl.googlesource.com/boringssl/+/a5dc545bbcffd9c24cebe65e9ab5ce72d4535e3a Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 61aa44ca99473f9cabdfb2d3b35abd0b473437d1)05 January 2015, 16:33:02 UTC
aace6db Dr. Stephen Henson14 December 2014, 23:14:15 UTCConstify ASN1_TYPE_cmp add X509_ALGOR_cmp. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 4c52816d35681c0533c25fdd3abb4b7c6962302d)05 January 2015, 14:54:38 UTC
85cfc18 Dr. Stephen Henson20 December 2014, 15:09:50 UTCFix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). CVE-2014-8275 Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 684400ce192dac51df3d3e92b61830a6ef90be3e)05 January 2015, 14:36:06 UTC
6ee7de1 Matt Caswell22 December 2014, 11:34:24 UTCAdditional fix required for no-srtp to work RT3638 Reviewed-by: Emilia Käsper <emilia@openssl.org>05 January 2015, 14:28:40 UTC
7b0194d Piotr Sikora22 December 2014, 11:15:51 UTCFix building with no-srtp RT3638 Reviewed-by: Emilia Käsper <emilia@openssl.org> Conflicts: ssl/t1_lib.c05 January 2015, 14:28:40 UTC
bfaf796 Emilia Kasper05 January 2015, 12:46:26 UTCAdd a clang build target for linux-x86_64 This change documents the world as-is, by turning all warnings on, and then turning warnings that trigger off again. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>05 January 2015, 13:10:33 UTC
c02e2d6 Andy Polyakov04 January 2015, 20:29:50 UTCecp_nistz256-x86_64.pl: fix occasional failures. RT: 3607 Reviewed-by: Adam Langley <agl@google.com> Reviewed-by: Emilia Kasper <emilia@openssl.org> (cherry picked from commit 9e557ab2624d5c5e8d799c123f5e8211664d8845)04 January 2015, 22:22:06 UTC
9f49067 Rich Salz04 January 2015, 19:51:04 UTCRT2914: NULL check missing in X509_name_canon Check for NULL return from X509_NAME_ENTRY_new() Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 2c60925d1ccc0b96287bdc9acb90198e7180d642)04 January 2015, 19:52:01 UTC
5396c11 Dr. Stephen Henson02 January 2015, 23:09:39 UTCUpdate SGC flag comment. Since SGC has been removed from OpenSSL 1.0.2 the SSL3_FLAGS_SGC_RESTART_DONE is no longer used. However the #define is retained for compatibility. Reviewed-by: Matt Caswell <matt@openssl.org>02 January 2015, 23:12:37 UTC
cf95b2d Dr. Stephen Henson24 October 2014, 01:36:13 UTCRemove MS SGC MS Server gated cryptography is obsolete and dates from the time of export restrictions on strong encryption and is only used by ancient versions of MSIE. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 63eab8a620944a990ab3985620966ccd9f48d681)02 January 2015, 23:01:38 UTC
47606dd Dr. Stephen Henson05 December 2014, 13:39:14 UTCClear existing extension state. When parsing ClientHello clear any existing extension state from SRP login and SRTP profile. Thanks to Karthikeyan Bhargavan for reporting this issue. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 4f605ccb779e32a770093d687e0554e0bbb137d3) Conflicts: ssl/t1_lib.c02 January 2015, 22:27:40 UTC
c30c876 Dominik Neubauer04 March 2014, 21:22:29 UTCtypo in s_client Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Geoff Thorpe <geoff@openssl.org>31 December 2014, 10:19:03 UTC
73bda31 Kurt Roeckx16 December 2014, 11:35:21 UTCMake "run" volatile RT#3629 Reviewed-by: Richard Levitte <levitte@openssl.org>30 December 2014, 15:54:56 UTC
dc00fb9 Thorsten Glaser22 May 2009, 16:28:05 UTCDocument openssl dgst -hmac option Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org>30 December 2014, 15:53:48 UTC
06c3e65 Kurt Roeckx23 December 2013, 18:06:34 UTCdlfcn: always define _GNU_SOURCE We need this for the freebsd kernel with glibc as used in the Debian kfreebsd ports. There shouldn't be a problem defining this on systems not using glibc. Reviewed-by: Richard Levitte <levitte@openssl.org>30 December 2014, 15:53:48 UTC
5984c7e Kurt Roeckx07 December 2014, 21:25:39 UTCFix memory leak in the apps The BIO_free() allocated ex_data again that we already freed. Reviewed-by: Richard Levitte <levitte@openssl.org>30 December 2014, 15:53:48 UTC
beef278 Alok Menghrajani01 December 2014, 03:21:31 UTCImproves certificates HOWTO * adds links to various related documents. * fixes a few typos. * rewords a few sentences. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 67472bd82bed9d5e481b0d75926aab93618902be)22 December 2014, 15:26:03 UTC
back to top