Skip to main content
swh:1:snp:dc2a5002442a00b1c0eda7c65d04ea7455e166cd
sort by:
RevisionAuthorDateMessageCommit Date
686d82a Matt Caswell19 March 2015, 13:38:37 UTCmake update Reviewed-by: Richard Levitte <levitte@openssl.org>19 March 2015, 13:38:37 UTC
8ca79fc Matt Caswell19 March 2015, 11:35:33 UTCFix unsigned/signed warnings Fix some unsigned/signed warnings introduced as part of the fix for CVE-2015-0293 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>19 March 2015, 12:59:31 UTC
a4517be Matt Caswell19 March 2015, 10:16:32 UTCFix a failure to NULL a pointer freed on error. Reported by the LibreSSL project as a follow on to CVE-2015-0209 Reviewed-by: Richard Levitte <levitte@openssl.org>19 March 2015, 12:59:31 UTC
6e24e1c Matt Caswell17 March 2015, 17:01:09 UTCUpdate NEWS file Update the NEWS file with the latest entries from CHANGES ready for the release. Reviewed-by: Richard Levitte <levitte@openssl.org>19 March 2015, 12:59:31 UTC
ffc69bd Matt Caswell17 March 2015, 16:56:27 UTCUpdate CHANGES for release Update CHANGES fiel with all the latest fixes ready for the release. Reviewed-by: Richard Levitte <levitte@openssl.org>19 March 2015, 12:59:31 UTC
82123b5 Matt Caswell18 March 2015, 09:48:03 UTCRemove overlapping CHANGES/NEWS entries Remove entries from CHANGES and NEWS from letter releases that occur *after* the next point release. Without this we get duplicate entries for the same issue appearing multiple times. Reviewed-by: Richard Levitte <levitte@openssl.org>19 March 2015, 12:59:31 UTC
cd56a08 Emilia Kasper04 March 2015, 17:05:02 UTCFix reachable assert in SSLv2 servers. This assert is reachable for servers that support SSLv2 and export ciphers. Therefore, such servers can be DoSed by sending a specially crafted SSLv2 CLIENT-MASTER-KEY. Also fix s2_srvr.c to error out early if the key lengths are malformed. These lengths are sent unencrypted, so this does not introduce an oracle. CVE-2015-0293 This issue was discovered by Sean Burford (Google) and Emilia Käsper of the OpenSSL development team. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>19 March 2015, 12:59:31 UTC
e2acb69 Emilia Kasper27 February 2015, 15:52:23 UTCPKCS#7: avoid NULL pointer dereferences with missing content In PKCS#7, the ASN.1 content component is optional. This typically applies to inner content (detached signatures), however we must also handle unexpected missing outer content correctly. This patch only addresses functions reachable from parsing, decryption and verification, and functions otherwise associated with reading potentially untrusted data. Correcting all low-level API calls requires further work. CVE-2015-0289 Thanks to Michal Zalewski (Google) for reporting this issue. Reviewed-by: Steve Henson <steve@openssl.org>19 March 2015, 12:59:31 UTC
c982285 Dr. Stephen Henson09 March 2015, 23:11:45 UTCFix ASN1_TYPE_cmp Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. CVE-2015-0286 Reviewed-by: Richard Levitte <levitte@openssl.org>19 March 2015, 12:59:31 UTC
b485d97 Dr. Stephen Henson23 February 2015, 02:32:44 UTCFree up ADB and CHOICE if already initialised. CVE-2015-0287 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>18 March 2015, 11:52:27 UTC
636c42d Matt Caswell12 March 2015, 14:09:00 UTCDead code removal from apps Some miscellaneous removal of dead code from apps. Also fix an issue with error handling with pkcs7. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 11abf92259e899f4f7da4a3e80781e84b0fb1a64)17 March 2015, 14:52:46 UTC
28e4f65 Matt Caswell12 March 2015, 14:08:21 UTCRemove dead code from crypto Some miscellaneous removal of dead code from lib crypto. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit b7573c597c1932ef709b2455ffab47348b5c54e5)17 March 2015, 14:52:46 UTC
6a43243 Matt Caswell12 March 2015, 16:42:55 UTCFix seg fault in s_time Passing a negative value for the "-time" option to s_time results in a seg fault. This commit fixes it so that time has to be greater than 0. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit dfef52f6f277327e118fdd0fe34486852c2789b6)17 March 2015, 13:49:32 UTC
f08731c Matt Caswell12 March 2015, 14:37:26 UTCAdd sanity check to PRF The function tls1_PRF counts the number of digests in use and partitions security evenly between them. There always needs to be at least one digest in use, otherwise this is an internal error. Add a sanity check for this. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 668f6f08c62177ab5893fc26ebb67053aafdffc8)17 March 2015, 13:49:32 UTC
f4b8760 Matt Caswell12 March 2015, 12:54:44 UTCFix memset call in stack.c The function sk_zero is supposed to zero the elements held within a stack. It uses memset to do this. However it calculates the size of each element as being sizeof(char **) instead of sizeof(char *). This probably doesn't make much practical difference in most cases, but isn't a portable assumption. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 7132ac830fa08d9a936e011d7c541b0c52115b33)17 March 2015, 13:49:31 UTC
d3554bf Matt Caswell12 March 2015, 11:25:03 UTCMove malloc fail checks closer to malloc Move memory allocation failure checks closer to the site of the malloc in dgst app. Only a problem if the debug flag is set...but still should be fixed. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit be1477adc97e76f4b83ed8075589f529069bd5d1)17 March 2015, 13:49:31 UTC
3f9117e Matt Caswell12 March 2015, 11:10:47 UTCAdd malloc failure checks Add some missing checks for memory allocation failures in ca app. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit a561bfe944c0beba73551731cb98af70dfee3549)17 March 2015, 13:49:31 UTC
eadc81e Andy Polyakov21 February 2015, 12:51:56 UTCAvoid reading an unused byte after the buffer Other curves don't have this problem. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 9fbbdd73c58c29dc46cc314f7165e45e6d43fd60)14 March 2015, 17:31:54 UTC
a2fcab9 Emilia Kasper14 March 2015, 04:10:13 UTCFix undefined behaviour in shifts. Td4 and Te4 are arrays of u8. A u8 << int promotes the u8 to an int first then shifts. If the mathematical result of a shift (as modelled by lhs * 2^{rhs}) is not representable in an integer, behaviour is undefined. In other words, you can't shift into the sign bit of a signed integer. Fix this by casting to u32 whenever we're shifting left by 24. (For consistency, cast other shifts, too.) Caught by -fsanitize=shift Submitted by Nick Lewycky (Google) Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 8b37e5c14f0eddb10c7f91ef91004622d90ef361)14 March 2015, 04:14:56 UTC
1a09816 Dr. Stephen Henson01 March 2015, 15:25:39 UTCadditional configuration documentation Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 3d764db7a24e3dca1a3ee57202ce3c818d592141)12 March 2015, 13:45:52 UTC
0e978b9 Dr. Stephen Henson11 March 2015, 23:30:52 UTCASN.1 print fix. When printing out an ASN.1 structure if the type is an item template don't fall thru and attempt to interpret as a primitive type. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 5dc1247a7494f50c88ce7492518bbe0ce6f124fa)12 March 2015, 13:45:52 UTC
f06249f Matt Caswell11 March 2015, 20:50:20 UTCFix missing return checks in v3_cpols.c Fixed assorted missing return value checks in c3_cpols.c Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit c5f2b5336ab72e40ab91e2ca85639f51fa3178c6)12 March 2015, 09:33:48 UTC
2407241 Matt Caswell11 March 2015, 20:19:08 UTCFix dsa_pub_encode The return value from ASN1_STRING_new() was not being checked which could lead to a NULL deref in the event of a malloc failure. Also fixed a mem leak in the error path. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 0c7ca4033dcf5398334d4b78a7dfb941c8167a40)12 March 2015, 09:33:48 UTC
3942e7d Matt Caswell11 March 2015, 20:08:16 UTCFix dh_pub_encode The return value from ASN1_STRING_new() was not being checked which could lead to a NULL deref in the event of a malloc failure. Also fixed a mem leak in the error path. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 6aa8dab2bbfd5ad3cfc0d07fe5d7243635d5b2a2) Conflicts: crypto/dh/dh_ameth.c12 March 2015, 09:33:46 UTC
2679485 Matt Caswell11 March 2015, 19:41:01 UTCFix asn1_item_print_ctx The call to asn1_do_adb can return NULL on error, so we should check the return value before attempting to use it. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 34a7ed0c39aa3ab67eea1e106577525eaf0d7a00)12 March 2015, 09:32:23 UTC
e6dcb08 Matt Caswell11 March 2015, 16:00:01 UTCASN1_primitive_new NULL param handling ASN1_primitive_new takes an ASN1_ITEM * param |it|. There are a couple of conditional code paths that check whether |it| is NULL or not - but later |it| is deref'd unconditionally. If |it| was ever really NULL then this would seg fault. In practice ASN1_primitive_new is marked as an internal function in the public header file. The only places it is ever used internally always pass a non NULL parameter for |it|. Therefore, change the code to sanity check that |it| is not NULL, and remove the conditional checking. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 9e488fd6ab2c295941e91a47ab7bcd346b7540c7)12 March 2015, 09:32:22 UTC
0c8f422 Matt Caswell11 March 2015, 15:41:52 UTCFix EVP_DigestInit_ex with NULL digest Calling EVP_DigestInit_ex which has already had the digest set up for it should be possible. You are supposed to be able to pass NULL for the type. However currently this seg faults. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit a01087027bd0c5ec053d4eabd972bd942bfcd92f)12 March 2015, 09:32:22 UTC
cc27bec Matt Caswell11 March 2015, 15:31:16 UTCFix error handling in bn_exp In the event of an error |rr| could be NULL. Therefore don't assume you can use |rr| in the error handling code. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 8c5a7b33c6269c3bd6bc0df6b4c22e4fba03b485)12 March 2015, 09:32:22 UTC
f5ee521 Matt Caswell10 March 2015, 23:15:15 UTCFix seg fault in ASN1_generate_v3/ASN1_generate_nconf Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit ac5a110621ca48f0bebd5b4d76d081de403da29e)11 March 2015, 11:32:07 UTC
58d8a27 Matt Caswell09 March 2015, 13:59:58 UTCCleanse buffers Cleanse various intermediate buffers used by the PRF (backported version from master). Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 35fafc4dbc0b3a717ad1b208fe2867e8c64867de) Conflicts: ssl/s3_enc.c11 March 2015, 10:49:22 UTC
8b7e469 Emilia Kasper04 March 2015, 21:05:53 UTCHarmonize return values in dtls1_buffer_record Ensure all malloc failures return -1. Reported by Adam Langley (Google). Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 06c6a2b4a3a6e64303caa256398dd2dc16f9c35a)10 March 2015, 20:52:37 UTC
93cb447 Richard Godbee21 September 2014, 06:14:11 UTCBIO_debug_callback: Fix output on 64-bit machines BIO_debug_callback() no longer assumes the hexadecimal representation of a pointer fits in 8 characters. Signed-off-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 460e920d8a274e27aab36346eeda6685a42c3314)10 March 2015, 11:34:27 UTC
521246e Dmitry-Me01 June 2014, 17:30:52 UTCFix wrong numbers being passed as string lengths Signed-off-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 0b142f022e2c5072295e00ebc11c5b707a726d74)09 March 2015, 20:06:30 UTC
ef6d348 Dr. Stephen Henson09 March 2015, 16:58:16 UTCupdate ordinals Reviewed-by: Matt Caswell <matt@openssl.org>09 March 2015, 16:58:16 UTC
a673039 Dr. Stephen Henson08 March 2015, 17:31:48 UTCfix warning Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit d6ca1cee8b6efac5906ac66443d1ca67fe689ff8)08 March 2015, 22:42:23 UTC
cb9d5b7 Dr. Stephen Henson03 March 2015, 14:20:23 UTCCleanse PKCS#8 private key components. New function ASN1_STRING_clear_free which cleanses an ASN1_STRING structure before freeing it. Call ASN1_STRING_clear_free on PKCS#8 private key components. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit a8ae0891d4bfd18f224777aed1fbb172504421f1)08 March 2015, 16:29:42 UTC
876ed10 Dr. Stephen Henson24 February 2015, 16:35:37 UTCAdditional CMS documentation. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit e3013932df2d899e8600c305342bc14b682dc0d1)08 March 2015, 16:19:38 UTC
bc2e18a Kurt Roeckx04 March 2015, 20:57:52 UTCRemove export ciphers from the DEFAULT cipher list They are moved to the COMPLEMENTOFDEFAULT instead. This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit f417997a324037025be61737288e40e171a8218c) Conflicts: ssl/ssl_ciph.c07 March 2015, 22:08:12 UTC
0440d4e Matt Caswell06 March 2015, 13:00:47 UTCUpdate mkerr.pl for new format Make the output from mkerr.pl consistent with the newly reformatted code. Reviewed-by: Richard Levitte <levitte@openssl.org>06 March 2015, 14:08:42 UTC
183db9a Kurt Cancemi04 March 2015, 10:57:45 UTCUse constants not numbers This patch uses warning/fatal constants instead of numbers with comments for warning/alerts in d1_pkt.c and s3_pkt.c RT#3725 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit fd865cadcb603918bdcfcf44e487721c657a1117)05 March 2015, 09:30:35 UTC
9f11421 Matt Caswell04 March 2015, 17:49:51 UTCUnchecked malloc fixes Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error paths as I spotted them along the way. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 918bb8652969fd53f0c390c1cd909265ed502c7e) Conflicts: crypto/bio/bss_dgram.c Conflicts: apps/cms.c apps/s_cb.c apps/s_server.c apps/speed.c crypto/dh/dh_pmeth.c ssl/s3_pkt.c05 March 2015, 09:22:50 UTC
51527f1 Dr. Stephen Henson18 February 2015, 00:34:59 UTCCheck public key is not NULL. CVE-2015-0288 PR#3708 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 28a00bcd8e318da18031b2ac8778c64147cd54f9)02 March 2015, 15:26:47 UTC
1810b04 Dr. Stephen Henson02 March 2015, 13:26:29 UTCFix format script. The format script didn't correctly recognise some ASN.1 macros and didn't reformat some files as a result. Fix script and reformat affected files. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 437b14b533fe7f7408e3ebca6d5569f1d3347b1a)02 March 2015, 13:43:29 UTC
5c921f1 Matt Caswell27 February 2015, 16:52:07 UTCFix d2i_SSL_SESSION for DTLS1_BAD_VER Some Cisco appliances use a pre-standard version number for DTLS. We support this as DTLS1_BAD_VER within the code. This change fixes d2i_SSL_SESSION for that DTLS version. Based on an original patch by David Woodhouse <dwmw2@infradead.org> RT#3704 Reviewed-by: Tim Hudson <tjh@openssl.org> Conflicts: ssl/ssl_asn1.c Conflicts: ssl/dtls1.h27 February 2015, 20:32:49 UTC
d58a852 Matt Caswell26 February 2015, 11:54:58 UTCFixed missing return value checks. Added various missing return value checks in tls1_change_cipher_state. Reviewed-by: Richard Levitte <levitte@openssl.org> Conflicts: ssl/t1_enc.c27 February 2015, 15:26:06 UTC
323a7e7 Matt Caswell26 February 2015, 11:53:55 UTCFix missing return value checks. Fixed various missing return value checks in ssl3_send_newsession_ticket. Also a mem leak on error. Reviewed-by: Richard Levitte <levitte@openssl.org> Conflicts: ssl/s3_srvr.c Conflicts: ssl/s3_srvr.c27 February 2015, 15:25:05 UTC
0599077 Matt Caswell27 February 2015, 00:02:06 UTCFix warning with no-ec This fixes another warning when config'd with no-ec Reviewed-by: Dr. Stephen Henson <steve@openssl.org>27 February 2015, 08:58:02 UTC
ea65e92 Matt Caswell26 February 2015, 23:52:19 UTCFix no-ec warning This is a partial back port of commit 5b430cfc to remove a warning when compiling with no-ec. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>27 February 2015, 08:57:44 UTC
f3cc3da Matt Caswell26 February 2015, 10:35:50 UTCFix evp_extra_test.c with no-ec When OpenSSL is configured with no-ec, then the new evp_extra_test fails to pass. This change adds appropriate OPENSSL_NO_EC guards around the code. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit a988036259a4e119f6787b4c585f506226330120)26 February 2015, 23:36:47 UTC
1aff39d Matt Caswell20 February 2015, 09:18:29 UTCFix some minor documentation issues Reviewed-by: Emilia Käsper <emilia@openssl.org>25 February 2015, 17:46:20 UTC
eafdbd8 Matt Caswell10 February 2015, 16:21:30 UTCRemove pointless free, and use preferred way of calling d2i_* functions Reviewed-by: Emilia Käsper <emilia@openssl.org>25 February 2015, 17:46:20 UTC
1159e24 Matt Caswell10 February 2015, 16:08:33 UTCAdd dire warnings about the "reuse" capability of the d2i_* functions. Reviewed-by: Emilia Käsper <emilia@openssl.org>25 February 2015, 17:46:20 UTC
b91058d Matt Caswell10 February 2015, 15:45:56 UTCProvide documentation for i2d_ECPrivateKey and d2i_ECPrivateKey Reviewed-by: Emilia Käsper <emilia@openssl.org> Conflicts: doc/crypto/EC_KEY_new.pod doc/crypto/EC_POINT_new.pod25 February 2015, 17:46:20 UTC
8911753 Matt Caswell09 February 2015, 11:38:41 UTCFix a failure to NULL a pointer freed on error. Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org> CVE-2015-0209 Reviewed-by: Emilia Käsper <emilia@openssl.org>25 February 2015, 17:46:20 UTC
08a2df4 Matt Caswell09 February 2015, 09:45:35 UTCImport evp_test.c from BoringSSL. Unfortunately we already have a file called evp_test.c, so I have called this one evp_extra_test.c Reviewed-by: Emilia Käsper <emilia@openssl.org> Conflicts: crypto/evp/Makefile test/Makefile Conflicts: test/Makefile crypto/evp/evp_extra_test.c25 February 2015, 17:40:41 UTC
9cd0617 Dr. Stephen Henson24 February 2015, 13:52:21 UTCDocument -no_explicit Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 384dee51242e950c56b3bac32145957bfbf3cd4b)24 February 2015, 15:28:56 UTC
e347d80 Edgar Pek21 February 2015, 13:56:41 UTCFix null-pointer dereference Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit bcfa19a8d19506c26b5f8d9d9934ca2aa5f96b43)22 February 2015, 12:27:20 UTC
9e7a546 Kurt Roeckx21 February 2015, 13:51:50 UTCFix memory leak Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit edac5dc220d494dff7ee259dfd84335ffa50e938)22 February 2015, 12:27:19 UTC
e224c45 Doug Hogan08 January 2015, 02:21:01 UTCAvoid a double-free in an error path. Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 1549a265209d449b6aefd2b49d7d39f7fbe0689b)22 February 2015, 12:27:19 UTC
e961fa4 Richard Levitte22 February 2015, 07:27:36 UTCRestore -DTERMIO/-DTERMIOS on Windows platforms. The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a bit too enthusiastically. Windows/DOSish platforms of all sorts get identified as OPENSSL_SYS_MSDOS, and they get a different treatment altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the configuration. The answer is to restore those macro definitions for the affected configuration targets. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit ba4bdee7184a5cea5bef8739eb360e5c2bc3b52c) Conflicts: Configure22 February 2015, 08:42:08 UTC
aafdbbc Richard Levitte12 February 2015, 10:41:48 UTCAssume TERMIOS is default, remove TERMIO on all Linux. The rationale for this move is that TERMIOS is default, supported by POSIX-1.2001, and most definitely on Linux. For a few other systems, TERMIO may still be the termnial interface of preference, so we keep -DTERMIO on those in Configure. crypto/ui/ui_openssl.c is simplified in this regard, and will define TERMIOS for all systems except a select few exceptions. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 64e6bf64b36136d487e2fbf907f09612e69ae911) Conflicts: Configure crypto/ui/ui_openssl.c22 February 2015, 08:15:11 UTC
a9ea906 Rich Salz12 February 2015, 19:23:28 UTCRT3684: rand_egd needs stddef.h Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 872f91c4036e35d292d423e751741ba76f8c5594)12 February 2015, 19:24:21 UTC
bb14c2c Graeme Perrow12 February 2015, 18:00:42 UTCRT3670: Check return from BUF_MEM_grow_clean Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit b0333e697c008d639c56f48e9148cb8cba957e32)12 February 2015, 18:01:42 UTC
a1331af Eric Dequin12 February 2015, 15:44:30 UTCMissing OPENSSL_free on error path. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 1d2932de4cefcc200f175863a42c311916269981)12 February 2015, 16:15:39 UTC
e48e862 Andy Polyakov09 February 2015, 14:59:09 UTCBring objects.pl output even closer to new format. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 849037169d98d070c27d094ac341fc6aca1ed2ca)09 February 2015, 15:02:44 UTC
66aacf3 Dr. Stephen Henson08 February 2015, 13:14:05 UTCFix memory leak reporting. Free up bio_err after memory leak data has been printed to it. In int_free_ex_data if ex_data is NULL there is nothing to free up so return immediately and don't reallocate it. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 9c7a780bbebc1b6d87dc38a6aa3339033911a8bb)09 February 2015, 13:01:28 UTC
97ac0d8 Andy Polyakov07 February 2015, 09:15:32 UTCHarmonize objects.pl output with new format. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 7ce38623194f6df6a846cd01753b63f361c88e57)09 February 2015, 08:59:38 UTC
f8e662e Matt Caswell05 February 2015, 10:19:55 UTCFix error handling in ssltest Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit ae632974f905c59176fa5f312826f8f692890b67)06 February 2015, 10:10:49 UTC
468e04b Rich Salz05 February 2015, 14:44:30 UTCFixed bad formatting in crypto/des/spr.h Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 7e35f06ea908e47f87b723b5e951ffc55463eb8b)05 February 2015, 14:45:48 UTC
ac7d33d Dr. Stephen Henson04 February 2015, 03:31:34 UTCMake objxref.pl output in correct format Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 6922ddee1b7b1bddbe0d59a5bbdcf8ff39343434)04 February 2015, 13:35:49 UTC
6b7c68e Dr. Stephen Henson01 February 2015, 13:06:32 UTCCheck PKCS#8 pkey field is valid before cleansing. PR:3683 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 52e028b9de371da62c1e51b46592517b1068d770)03 February 2015, 14:02:25 UTC
81ce20e Richard Levitte30 January 2015, 03:44:17 UTCdso_vms needs to add the .EXE extension if there is none already Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit be7b1097e28ff6d49f0d4b7ab8b036d6da87ebc6)30 January 2015, 04:03:14 UTC
324a977 Viktor Dkhovni23 January 2015, 20:39:40 UTCReplace exit() with error return. Reviewed-by: Tim Hudson <tjh@openssl.org>27 January 2015, 21:36:25 UTC
69aeb99 Rich Salz27 January 2015, 21:35:55 UTCRevert "Remove engine_rsax and its asm file." This reverts commit 5226c62b7632dfaf38480919d406307318a7d145. Reviewed-by: Andy Polyakov <appro@openssl.org>27 January 2015, 21:35:55 UTC
53e652a Matt Caswell26 January 2015, 23:28:31 UTCProvide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead functions. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 8507474564f3f743f5daa3468ca97a9b707b3583)27 January 2015, 14:35:13 UTC
131d3fd Matt Caswell26 January 2015, 16:46:49 UTCRemove explicit setting of read_ahead for DTLS. It never makes sense not to use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs to be the default. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit f4002412518703d07fee321d4c88ee0bbe1694fe) Conflicts: apps/s_client.c apps/s_server.c27 January 2015, 14:35:11 UTC
1895583 Matt Caswell26 January 2015, 16:47:36 UTCMake DTLS always act as if read_ahead is set. The actual value of read_ahead is ignored for DTLS. RT#3657 Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa)27 January 2015, 14:33:32 UTC
5226c62 Rich Salz26 January 2015, 15:59:14 UTCRemove engine_rsax and its asm file. cherry-picked from db7cb7ab9a5968f32ddbe11c3fba71ccbf4ffa53 This wasn't cleanly cherry-picked, since the build process changed a bit for 1.0.2. Reviewed-by: Andy Polyakov <appro@openssl.org>26 January 2015, 16:01:30 UTC
491f3e4 Rich Salz26 January 2015, 02:15:57 UTCMake OPENSSL_config truly ignore errors. Per discussion: should not exit. Should not print to stderr. Errors are ignored. Updated doc to reflect that, and the fact that this function is to be avoided. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (cherry picked from commit abdd677125f3a9e3082f8c5692203590fdb9b860)26 January 2015, 02:15:57 UTC
184693f Kurt Roeckx24 January 2015, 14:04:53 UTCFix segfault with empty fields as last in the config. Reviewed-by: Tim Hudson <tjh@openssl.org>24 January 2015, 14:04:53 UTC
925bfca Matt Caswell22 January 2015, 11:44:18 UTCFix for reformat problems with e_padlock.c Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit d3b7cac41b957704932a0cdbc74d4d48ed507cd0)22 January 2015, 14:22:19 UTC
90a5adf Matt Caswell22 January 2015, 10:42:48 UTCFix formatting error in pem.h Reviewed-by: Andy Polyakov <appro@openssl.org> Conflicts: crypto/pem/pem.h22 January 2015, 14:22:19 UTC
73f8982 Rob Stradling22 January 2015, 12:18:30 UTCUse inner algorithm when printing certificate. Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 004efdbb41f731d36bf12d251909aaa08704a756)22 January 2015, 14:10:02 UTC
cda8845 Matt Caswell05 January 2015, 11:30:03 UTCRe-align some comments after running the reformat script. This should be a one off operation (subsequent invokation of the script should not move them) This commit is for the 1.0.1 changes Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:39:01 UTC
4705085 Matt Caswell21 January 2015, 23:56:21 UTCRerun util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:38:49 UTC
10621ef Matt Caswell21 January 2015, 23:55:44 UTCRun util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:38:39 UTC
e498b83 Matt Caswell21 January 2015, 23:54:59 UTCMore tweaks for comments due indent issues Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:38:30 UTC
2e4d15f Matt Caswell21 January 2015, 22:38:06 UTCFix modes.h so that indent doesn't complain Conflicts: crypto/modes/modes.h Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:38:24 UTC
3b0e0d1 Matt Caswell21 January 2015, 22:03:55 UTCBackport hw_ibmca.c from master due to failed merge Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:38:18 UTC
f7b3640 Matt Caswell21 January 2015, 21:22:49 UTCTweaks for comments due to indent's inability to handle them Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:38:11 UTC
0f6c965 Matt Caswell21 January 2015, 19:18:47 UTCMove more comments that confuse indent Conflicts: crypto/dsa/dsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl_locl.h Conflicts: crypto/bn/rsaz_exp.c crypto/evp/e_aes_cbc_hmac_sha1.c crypto/evp/e_aes_cbc_hmac_sha256.c ssl/ssl_locl.h Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:38:04 UTC
4651718 Dr. Stephen Henson21 January 2015, 15:32:54 UTCDelete trailing whitespace from output. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:37:59 UTC
fbfad23 Dr. Stephen Henson20 January 2015, 18:53:56 UTCAdd -d debug option to save preprocessed files. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:37:54 UTC
68085a7 Dr. Stephen Henson20 January 2015, 18:49:04 UTCTest option -nc Add option -nc which sets COMMENTS=true but disables all indent comment reformatting options. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:37:48 UTC
bc974f8 Matt Caswell21 January 2015, 16:37:58 UTCAdd ecp_nistz256.c to list of files skipped by openssl-format-source Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:37:43 UTC
72d7ed6 Matt Caswell21 January 2015, 16:34:27 UTCManually reformat aes_x86core.c and add it to the list of files skipped by openssl-format-source Conflicts: crypto/aes/aes_x86core.c Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:37:36 UTC
2655f56 Andy Polyakov21 January 2015, 15:51:06 UTCcrypto/ofb128.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:37:31 UTC
3af30a7 Andy Polyakov21 January 2015, 15:49:27 UTCmodes/ctr128.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:37:26 UTC
e060570 Andy Polyakov21 January 2015, 15:47:51 UTCmodes/cfb128.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:37:20 UTC
1ac02e4 Matt Caswell21 January 2015, 16:12:59 UTCFix indent comment corruption issue Reviewed-by: Tim Hudson <tjh@openssl.org>22 January 2015, 09:37:15 UTC
back to top