aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Have [.VMS]openssl_{startup,shutdown}.com depend on respective *.inRichard Levitte2016-05-101-2/+2
| | | | Reviewed-by: Andy Polyakov <appro@openssl.org>
* Fix VMS/openssl_{startup,shutddown}.com.inRichard Levitte2016-05-103-13/+8
| | | | | | They were using the wrong variables. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Configure: adhere to $(CROSS_COMPILE)ranlib.Andy Polyakov2016-05-101-3/+7
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Configure: make it work with Perl 5.10.Andy Polyakov2016-05-101-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* IRIX fixes.Andy Polyakov2016-05-105-43/+13
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add NULL check in i2d_PrivateKey()Richard Levitte2016-05-091-3/+6
| | | | | | | | Originally submitted by Kurt Cancemi <kurt@x64architecture.com> Closes RT#4533 Reviewed-by: Matt Caswell <matt@openssl.org>
* Don't send signature algorithms when client_version is below TLS 1.2.David Benjamin2016-05-092-1/+7
| | | | | | | | | | | | | | | | | | | | Per RFC 5246, Note: this extension is not meaningful for TLS versions prior to 1.2. Clients MUST NOT offer it if they are offering prior versions. However, even if clients do offer it, the rules specified in [TLSEXT] require servers to ignore extensions they do not understand. Although second sentence would suggest that there would be no interop problems in always offering the extension, WebRTC has reported issues with Bouncy Castle on < TLS 1.2 ClientHellos that still include signature_algorithms. See also https://bugs.chromium.org/p/webrtc/issues/detail?id=4223 RT#4390 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Fix BIO_eof() for BIO pairsMatt Caswell2016-05-092-8/+10
| | | | | | | | | BIO_eof() was always returning true when using a BIO pair. It should only be true if the peer BIO is empty and has been shutdown. RT#1215 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix: failed to open config file if not specified when using CA commandsHansruedi Patzen2016-05-091-12/+5
| | | | | | | | | | | | | Issue was introduced in https://github.com/openssl/openssl/commit/a0a82324f965bbcc4faed4e1ee3fcaf81ea52166 This patch fixes an issue which causes the 'openssl ca' commands to fail if '-config' is not specified even if it says so otherwise. Problem is that the default config is not loaded and the conf variable is NULL which causes an exception. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* VMS: support VERBOSE and V in descrip.mmsRichard Levitte2016-05-092-2/+6
| | | | | | | | | With Unixly Makefiles as well as with nmake, make variables are transferred to the shell running the commands as envinronment variables. This principle doesn't apply with MMS, so we must explicitely define VERBOSE as commands when it's needed. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Recognise VERBOSE and V as well as HARNESS_VERBOSEDr. Stephen Henson2016-05-092-5/+9
| | | | | | PR#4462 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Missing credit in CHANGESRich Salz2016-05-091-0/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix error in the loop of ECDHAndrea Grandi2016-05-091-14/+14
| | | | | | | | The tests was incorrectly repeated multiple times when using the async_jobs options Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Free any existing SRTP connection profileMatt Caswell2016-05-091-0/+2
| | | | | | | | When setting a new SRTP connection profile using SSL_CTX_set_tlsext_use_srtp() or SSL_set_tlsext_use_srtp() we should free any existing profile first to avoid a memory leak. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Configurations/windows-makefile.tmpl: expand environments early.Andy Polyakov2016-05-091-2/+6
| | | | | | | | | If environment variables are not explanded early enough, expanded strings are passed with single backslash to C compiler, e.g. C:\Program Files, which effectively results in OpenSSL looking for engines and certificates in C:Program Files. Reviewed-by: Richard Levitte <levitte@openssl.org>
* fix tab-space mixed indentationFdaSilvaYY2016-05-0916-69/+69
| | | | | | | No code change Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* fix checkJ Mohan Rao Arisankala2016-05-091-1/+1
| | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* few missing allocation failure checks and releases on error pathsJ Mohan Rao Arisankala2016-05-096-11/+20
| | | | | | | | - Missing checks for allocation failure. - releasing memory in few missing error paths Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* memset() doesn't take NULL.Ben Laurie2016-05-071-2/+4
| | | | Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Add fuzzing!Ben Laurie2016-05-0713-0/+765
| | | | Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Constify PKCS12_newpass()Dr. Stephen Henson2016-05-063-11/+13
| | | | | | PR#4449 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add documentation of PKCS12_newpass()Jeffrey Walton2016-05-061-0/+94
| | | | | | | PR#4478 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Tidy up PKCS12_newpass() fix memory leaks.Dr. Stephen Henson2016-05-061-37/+36
| | | | | | PR#4466 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Only set CMS parameter when encryptingDr. Stephen Henson2016-05-061-15/+16
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* RT3513: req doesn't display attributes using utf8stringisnotnick2016-05-061-0/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* README.PERL: clarify "matching" Perl requirement on Windows.Andy Polyakov2016-05-061-6/+6
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* poly1305/asm/poly1305-x86_64.pl: contain symbols within shared lib.Andy Polyakov2016-05-061-0/+4
| | | | | | We don't need it, but external users might find it handy. Reviewed-by: Richard Levitte <levitte@openssl.org>
* poly1305/asm/poly1305-x86_64.pl: make it cross-compile.Andy Polyakov2016-05-061-4/+4
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* testlib/OpenSSL/Test.pm: address 5.10 warnings.Andy Polyakov2016-05-061-4/+4
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* test/evp_test.c: exercise different combinations of data misalignment.Andy Polyakov2016-05-061-24/+55
| | | | Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Use default ASN.1 for SEED.Dr. Stephen Henson2016-05-051-1/+2
| | | | | | | | | The default ASN.1 handling can be used for SEED. This also makes CMS work with SEED. PR#4504 Reviewed-by: Rich Salz <rsalz@openssl.org>
* typoDr. Stephen Henson2016-05-051-1/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Move 3DES from HIGH to MEDIUMRich Salz2016-05-052-14/+16
| | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Always try to set ASN.1 parameters for CMS.Dr. Stephen Henson2016-05-051-11/+14
| | | | | | | | | | Try to set the ASN.1 parameters for CMS encryption even if the IV length is zero as the underlying cipher should still set the type. This will correctly result in errors if an attempt is made to use an unsupported cipher type. Reviewed-by: Rich Salz <rsalz@openssl.org>
* GH356: Change assert to normal errorSergio Garcia Murillo2016-05-051-2/+3
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Handle no async jobs in libsslMatt Caswell2016-05-056-50/+101
| | | | | | | | | | If the application has limited the size of the async pool using ASYNC_init_thread() then we could run out of jobs while trying to start a libssl io operation. However libssl was failing to handle this and treating it like a fatal error. It should not be fatal...we just need to retry when there are jobs available again. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Document inversion ladder in curve25519Emilia Kasper2016-05-051-11/+42
| | | | | | | | | This demystifies two for-loops that do nothing. They were used to write the ladder in a unified way. Now that the ladder is otherwise commented, remove the dead loops. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Script changed; update the generated file.Rich Salz2016-05-051-1/+0
| | | | Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Improve heartbeats coding styleMatt Caswell2016-05-051-18/+18
| | | | | | | | | Based on an orignal commit by GitHub user BertramScharpf. Rebased and updated to take account of all the updates since this was first raised. GH PR#62 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Tweak generated warning lines.Rich Salz2016-05-051-11/+8
| | | | Reviewed-by: Andy Polyakov <appro@openssl.org>
* remove unused macros in list -disabledJ Mohan Rao Arisankala2016-05-051-6/+0
| | | | | | | | | | list -disabled was checking OPENSSL_NO_SSL/OPENSSL_NO_TLS, which are not used to disable SSL/TLS respectively. Building with these macros wrongly show as SSL/TLS disabled, hence removing this code. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix spellingFdaSilvaYY2016-05-051-7/+7
| | | | | | | Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> GH: #1021
* support embed in ASN.1 printDr. Stephen Henson2016-05-041-0/+11
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Complete the list of names in doc/ssl/SSL_CTX_load_verify_locations.podRichard Levitte2016-05-041-2/+3
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix name length limit check.Dr. Stephen Henson2016-05-041-4/+2
| | | | | | | | | | | | | The name length limit check in x509_name_ex_d2i() includes the containing structure as well as the actual X509_NAME. This will cause large CRLs to be rejected. Fix by limiting the length passed to ASN1_item_ex_d2i() which will then return an error if the passed X509_NAME exceeds the length. RT#4531 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Check return of PEM_write_* functions and report possible errorsRichard Levitte2016-05-041-4/+5
| | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1025)
* DEFINE_STACK_OF(ASN1_UTF8STRING) moved from ts_lcl.h to asn1.hMarek Klein2016-05-042-2/+2
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1020)
* Handle malloc failures in BIO_acceptMatt Caswell2016-05-041-4/+14
| | | | | | | | | The old BIO_accept() function can encounter errors during malloc. We need to ensure we properly clean up if that occurs. GH Issue #817 Reviewed-by: Richard Levitte <levitte@openssl.org>
* reject zero block length in PKCS12 keygenDr. Stephen Henson2016-05-041-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix Blake block lengthDr. Stephen Henson2016-05-042-2/+2
| | | | | | PR#4514 Reviewed-by: Richard Levitte <levitte@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-05 10:18:03 +0000