summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Additional CMS documentation.Dr. Stephen Henson2015-03-082-4/+47
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit e3013932df2d899e8600c305342bc14b682dc0d1)
* Remove export ciphers from the DEFAULT cipher listKurt Roeckx2015-03-074-7/+13
| | | | | | | | | | | They are moved to the COMPLEMENTOFDEFAULT instead. This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit f417997a324037025be61737288e40e171a8218c) Conflicts: ssl/ssl_ciph.c
* Update mkerr.pl for new formatMatt Caswell2015-03-061-66/+66
| | | | | | Make the output from mkerr.pl consistent with the newly reformatted code. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Use constants not numbersKurt Cancemi2015-03-052-4/+4
| | | | | | | | | | This patch uses warning/fatal constants instead of numbers with comments for warning/alerts in d1_pkt.c and s3_pkt.c RT#3725 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit fd865cadcb603918bdcfcf44e487721c657a1117)
* Unchecked malloc fixesMatt Caswell2015-03-0516-10/+118
| | | | | | | | | | | | | | | | | | | Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error paths as I spotted them along the way. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 918bb8652969fd53f0c390c1cd909265ed502c7e) Conflicts: crypto/bio/bss_dgram.c Conflicts: apps/cms.c apps/s_cb.c apps/s_server.c apps/speed.c crypto/dh/dh_pmeth.c ssl/s3_pkt.c
* Check public key is not NULL.Dr. Stephen Henson2015-03-021-0/+2
| | | | | | | | CVE-2015-0288 PR#3708 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 28a00bcd8e318da18031b2ac8778c64147cd54f9)
* Fix format script.Dr. Stephen Henson2015-03-023-99/+121
| | | | | | | | | The format script didn't correctly recognise some ASN.1 macros and didn't reformat some files as a result. Fix script and reformat affected files. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 437b14b533fe7f7408e3ebca6d5569f1d3347b1a)
* Fix d2i_SSL_SESSION for DTLS1_BAD_VERMatt Caswell2015-02-272-1/+4
| | | | | | | | | | | | | | | | | | | Some Cisco appliances use a pre-standard version number for DTLS. We support this as DTLS1_BAD_VER within the code. This change fixes d2i_SSL_SESSION for that DTLS version. Based on an original patch by David Woodhouse <dwmw2@infradead.org> RT#3704 Reviewed-by: Tim Hudson <tjh@openssl.org> Conflicts: ssl/ssl_asn1.c Conflicts: ssl/dtls1.h
* Fixed missing return value checks.Matt Caswell2015-02-271-8/+17
| | | | | | | | | Added various missing return value checks in tls1_change_cipher_state. Reviewed-by: Richard Levitte <levitte@openssl.org> Conflicts: ssl/t1_enc.c
* Fix missing return value checks.Matt Caswell2015-02-271-30/+48
| | | | | | | | | | | | | Fixed various missing return value checks in ssl3_send_newsession_ticket. Also a mem leak on error. Reviewed-by: Richard Levitte <levitte@openssl.org> Conflicts: ssl/s3_srvr.c Conflicts: ssl/s3_srvr.c
* Fix warning with no-ecMatt Caswell2015-02-271-2/+8
| | | | | | This fixes another warning when config'd with no-ec Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Fix no-ec warningMatt Caswell2015-02-271-3/+10
| | | | | | | This is a partial back port of commit 5b430cfc to remove a warning when compiling with no-ec. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Fix evp_extra_test.c with no-ecMatt Caswell2015-02-261-0/+6
| | | | | | | | When OpenSSL is configured with no-ec, then the new evp_extra_test fails to pass. This change adds appropriate OPENSSL_NO_EC guards around the code. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit a988036259a4e119f6787b4c585f506226330120)
* Fix some minor documentation issuesMatt Caswell2015-02-252-6/+4
| | | | Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Remove pointless free, and use preferred way of calling d2i_* functionsMatt Caswell2015-02-251-7/+1
| | | | Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Add dire warnings about the "reuse" capability of the d2i_* functions.Matt Caswell2015-02-251-5/+13
| | | | Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Provide documentation for i2d_ECPrivateKey and d2i_ECPrivateKeyMatt Caswell2015-02-251-0/+67
| | | | | | | | Reviewed-by: Emilia Käsper <emilia@openssl.org> Conflicts: doc/crypto/EC_KEY_new.pod doc/crypto/EC_POINT_new.pod
* Fix a failure to NULL a pointer freed on error.Matt Caswell2015-02-251-3/+3
| | | | | | | | Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org> CVE-2015-0209 Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Import evp_test.c from BoringSSL. Unfortunately we already have a fileMatt Caswell2015-02-253-5/+508
| | | | | | | | | | | | | | called evp_test.c, so I have called this one evp_extra_test.c Reviewed-by: Emilia Käsper <emilia@openssl.org> Conflicts: crypto/evp/Makefile test/Makefile Conflicts: test/Makefile crypto/evp/evp_extra_test.c
* Document -no_explicitDr. Stephen Henson2015-02-241-2/+8
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 384dee51242e950c56b3bac32145957bfbf3cd4b)
* Fix null-pointer dereferenceEdgar Pek2015-02-221-2/+2
| | | | | | Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit bcfa19a8d19506c26b5f8d9d9934ca2aa5f96b43)
* Fix memory leakKurt Roeckx2015-02-221-0/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit edac5dc220d494dff7ee259dfd84335ffa50e938)
* Avoid a double-free in an error path.Doug Hogan2015-02-221-0/+1
| | | | | | Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 1549a265209d449b6aefd2b49d7d39f7fbe0689b)
* Restore -DTERMIO/-DTERMIOS on Windows platforms.Richard Levitte2015-02-221-5/+5
| | | | | | | | | | | | | | | The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a bit too enthusiastically. Windows/DOSish platforms of all sorts get identified as OPENSSL_SYS_MSDOS, and they get a different treatment altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the configuration. The answer is to restore those macro definitions for the affected configuration targets. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit ba4bdee7184a5cea5bef8739eb360e5c2bc3b52c) Conflicts: Configure
* Assume TERMIOS is default, remove TERMIO on all Linux.Richard Levitte2015-02-222-89/+83
| | | | | | | | | | | | | | | | | The rationale for this move is that TERMIOS is default, supported by POSIX-1.2001, and most definitely on Linux. For a few other systems, TERMIO may still be the termnial interface of preference, so we keep -DTERMIO on those in Configure. crypto/ui/ui_openssl.c is simplified in this regard, and will define TERMIOS for all systems except a select few exceptions. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 64e6bf64b36136d487e2fbf907f09612e69ae911) Conflicts: Configure crypto/ui/ui_openssl.c
* RT3684: rand_egd needs stddef.hRich Salz2015-02-121-0/+1
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 872f91c4036e35d292d423e751741ba76f8c5594)
* RT3670: Check return from BUF_MEM_grow_cleanGraeme Perrow2015-02-121-1/+5
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit b0333e697c008d639c56f48e9148cb8cba957e32)
* Missing OPENSSL_free on error path.Eric Dequin2015-02-121-0/+1
| | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 1d2932de4cefcc200f175863a42c311916269981)
* Bring objects.pl output even closer to new format.Andy Polyakov2015-02-091-2/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 849037169d98d070c27d094ac341fc6aca1ed2ca)
* Fix memory leak reporting.Dr. Stephen Henson2015-02-092-4/+6
| | | | | | | | | | Free up bio_err after memory leak data has been printed to it. In int_free_ex_data if ex_data is NULL there is nothing to free up so return immediately and don't reallocate it. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 9c7a780bbebc1b6d87dc38a6aa3339033911a8bb)
* Harmonize objects.pl output with new format.Andy Polyakov2015-02-091-17/+26
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 7ce38623194f6df6a846cd01753b63f361c88e57)
* Fix error handling in ssltestMatt Caswell2015-02-061-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit ae632974f905c59176fa5f312826f8f692890b67)
* Fixed bad formatting in crypto/des/spr.hRich Salz2015-02-051-176/+151
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 7e35f06ea908e47f87b723b5e951ffc55463eb8b)
* Make objxref.pl output in correct formatDr. Stephen Henson2015-02-041-16/+21
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 6922ddee1b7b1bddbe0d59a5bbdcf8ff39343434)
* Check PKCS#8 pkey field is valid before cleansing.Dr. Stephen Henson2015-02-031-1/+2
| | | | | | PR:3683 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 52e028b9de371da62c1e51b46592517b1068d770)
* dso_vms needs to add the .EXE extension if there is none alreadyRichard Levitte2015-01-301-1/+15
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit be7b1097e28ff6d49f0d4b7ab8b036d6da87ebc6)
* Replace exit() with error return.Viktor Dkhovni2015-01-271-2/+2
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Revert "Remove engine_rsax and its asm file."Rich Salz2015-01-276-3/+2220
| | | | | | This reverts commit 5226c62b7632dfaf38480919d406307318a7d145. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Provide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_aheadMatt Caswell2015-01-273-3/+63
| | | | | | | functions. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 8507474564f3f743f5daa3468ca97a9b707b3583)
* Remove explicit setting of read_ahead for DTLS. It never makes sense not toMatt Caswell2015-01-272-18/+0
| | | | | | | | | | | | use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs to be the default. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit f4002412518703d07fee321d4c88ee0bbe1694fe) Conflicts: apps/s_client.c apps/s_server.c
* Make DTLS always act as if read_ahead is set. The actual value of read_aheadMatt Caswell2015-01-271-1/+2
| | | | | | | | | is ignored for DTLS. RT#3657 Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa)
* Remove engine_rsax and its asm file.Rich Salz2015-01-266-2220/+3
| | | | | | | | cherry-picked from db7cb7ab9a5968f32ddbe11c3fba71ccbf4ffa53 This wasn't cleanly cherry-picked, since the build process changed a bit for 1.0.2. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Make OPENSSL_config truly ignore errors.Rich Salz2015-01-252-34/+14
| | | | | | | | | | | Per discussion: should not exit. Should not print to stderr. Errors are ignored. Updated doc to reflect that, and the fact that this function is to be avoided. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (cherry picked from commit abdd677125f3a9e3082f8c5692203590fdb9b860)
* Fix segfault with empty fields as last in the config.Kurt Roeckx2015-01-242-0/+5
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Fix for reformat problems with e_padlock.cMatt Caswell2015-01-221-29/+91
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit d3b7cac41b957704932a0cdbc74d4d48ed507cd0)
* Fix formatting error in pem.hMatt Caswell2015-01-221-5/+10
| | | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Conflicts: crypto/pem/pem.h
* Use inner algorithm when printing certificate.Rob Stradling2015-01-221-1/+1
| | | | | | | Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 004efdbb41f731d36bf12d251909aaa08704a756)
* Re-align some comments after running the reformat script.OpenSSL_1_0_1-post-reformatMatt Caswell2015-01-2275-1332/+1337
| | | | | | | | | This should be a one off operation (subsequent invokation of the script should not move them) This commit is for the 1.0.1 changes Reviewed-by: Tim Hudson <tjh@openssl.org>
* Rerun util/openssl-format-source -v -c .OpenSSL_1_0_1-post-auto-reformatMatt Caswell2015-01-2210-25/+19
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Run util/openssl-format-source -v -c .Matt Caswell2015-01-221067-279778/+279671
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
View Lorry Controller Status