summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* ms/uplink-x86.pl: make it work.OpenSSL_1_0_0-stableAndy Polyakov2016-02-101-2/+2
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 740b2b9a6cf31b02916a4d18f868e8a95934c083)
* Prepare for 1.0.0u-devMatt Caswell2015-12-035-5/+13
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Prepare for 1.0.0t releaseOpenSSL_1_0_0tMatt Caswell2015-12-034-6/+6
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Update CHANGES and NEWSMatt Caswell2015-12-022-2/+22
| | | | | | Update the CHANGES and NEWS files for the new release. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Free up passed ASN.1 structure if reused.Dr. Stephen Henson2015-12-022-5/+19
| | | | | | | | | | | | | | Change the "reuse" behaviour in ASN1_item_d2i: if successful the old structure is freed and a pointer to the new one used. If it is not successful then the passed structure is untouched. Exception made for primitive types so ssl_asn1.c still works. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> Conflicts: doc/crypto/d2i_X509.pod
* Fix leak with ASN.1 combine.Dr. Stephen Henson2015-12-021-2/+5
| | | | | | | | | | | | | | | | | When parsing a combined structure pass a flag to the decode routine so on error a pointer to the parent structure is not zeroed as this will leak any additional components in the parent. This can leak memory in any application parsing PKCS#7 or CMS structures. CVE-2015-3195. Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using libFuzzer. PR#4131 Reviewed-by: Richard Levitte <levitte@openssl.org>
* _BSD_SOURCE is deprecated, use _DEFAULT_SOURCE insteadRichard Levitte2015-12-021-0/+1
| | | | | | | | | The feature_test_macros(7) manual tells us that _BSD_SOURCE is deprecated since glibc 2.20 and that the compiler will warn about it being used, unless _DEFAULT_SOURCE is defined as well. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit f9fd35248c9a3b1125d9ab82ffb19d62e86533ac)
* Fix uninitialised p error.Dr. Stephen Henson2015-11-241-1/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 63eb10a07ee29a312e50a227f5b3a290b1ad22b4)
* Limit depth of ASN1 parse printing.Dr. Stephen Henson2015-11-241-0/+10
| | | | | | | | | | Thanks to Guido Vranken <guidovranken@gmail.com> for reporting this issue. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 158e5207a794603f5d64ffa95e0247c7808ab445) Conflicts: crypto/asn1/asn1_par.c
* Typo.Dr. Stephen Henson2015-10-111-1/+1
| | | | | | | | | | PR#4079 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit c69ce9351336f5b4a8b33890756b3fd185528210) Conflicts: crypto/evp/e_des3.c
* Don't try and parse boolean type.Dr. Stephen Henson2015-10-061-2/+2
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit e58c4d3cdde7a0a01df2884bfeec31a2b07be22d)
* GH367: use random data if seed too short.Ismo Puustinen2015-09-292-3/+4
| | | | | | Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 6f997dc36504d67d1339ceb6bce4ecba673d8568)
* Change --debug to -d for compat with old releases.Rich Salz2015-09-251-1/+1
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 1d4ddb4e1a088f1333c4bb155c52c7f94e572bca)
* Remove stricts-warnings on 1.0.0 travis.Rich Salz2015-09-221-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 68d53e4f303c0b4926ad109e75ff728db229f497)
* GH398: Add mingw cross-compile, etc.Rich Salz2015-09-221-0/+50
| | | | | | | | | | For all release branches. It adds travis build support. If you don't have a config file it uses the default (because we enabled travis for the project), which uses ruby/rake/rakefiles, and you get confusing "build still failing" messages. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit db9defdfe306e1adf0af7188b187d535eb0268da)
* Make sure OPENSSL_cleanse checks for NULLMatt Caswell2015-09-171-0/+4
| | | | | | | | | | | | | | | | | | | | | In master we have the function OPENSSL_clear_free(x,y), which immediately returns if x == NULL. In <=1.0.2 this function does not exist so we have to do: OPENSSL_cleanse(x, y); OPENSSL_free(x); However, previously, OPENSSL_cleanse did not check that if x == NULL, so the real equivalent check would have to be: if (x != NULL) OPENSSL_cleanse(x, y); OPENSSL_free(x); It would be easy to get this wrong during cherry-picking to other branches and therefore, for safety, it is best to just ensure OPENSSL_cleanse also checks for NULL. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 020d8fc83fe1a94232db1ee1166309e2458a8a18)
* Make no-psk compile without warnings.Ivo Raisr2015-09-161-1/+4
| | | | | | | | PR#4035 Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org> (cherry picked from commit 929f6d6f55275b17cfdd5c405ef403bce87c9aef)
* Use default field separator.Dr. Stephen Henson2015-09-112-2/+7
| | | | | | | | | | If the field separator isn't specified through -nameopt then use XN_FLAG_SEP_CPLUS_SPC instead of printing nothing and returing an error. PR#2397 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 03706afa30aeb4407287171a9d6f9a765395d0a2)
* Fix building with OPENSSL_NO_TLSEXT.Matt Caswell2015-09-021-2/+2
| | | | | | | | | | | | | | | | | Builds using no-tlsext in 1.0.0 and 0.9.8 are broken. This commit fixes the issue. The same commit is applied to 1.0.1 and 1.0.2 branches for code consistency. However this commit will not fix no-tlsext in those branches which have always been broken for other reasons. The commit is not applied to master at all, because no-tlsext has been completely removed from that branch. Based on a patch by Marc Branchaud <marcnarc@xiplink.com> Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 9a931208d7fc8a3596dda005cdbd6439938f01b0) Conflicts: ssl/ssl_sess.c
* Ignore .dir-locals.elRichard Levitte2015-09-011-0/+1
| | | | | | | | Because we recently encourage people to have a .dir-locals.el, it's a good idea to ignore it on a git level. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit d7c02691a5e6f2716759eacb6f48c39f15ee57c8)
* Remove auto-fill-modeRichard Levitte2015-08-311-2/+0
| | | | | | | Apparently, emacs sees changes to auto-fill-mode as insecure Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 6dc08048d93ff35de882878f190ae49aa698b5d2)
* Add an example .dir-locals.elRichard Levitte2015-08-312-0/+19
| | | | | | | | | | | | | This file, when copied to .dir-locals.el in the OpenSSL source top, will make sure that the CC mode style "OpenSSL-II" will be used for all C files. Additionally, I makes sure that tabs are never used as indentation character, regardless of the emacs mode, and that the fill column is 78. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 0927f0d822b1e0f55cb7d8bacf9004ad3495514b)
* Add emacs CC mode style for OpenSSLRichard Levitte2015-08-311-0/+60
| | | | | | | This hopefully conforms closely enough to the current code style. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit d9b3554b2d9724bc2d1621a026ddaf0223e2d191)
* Move FAQ to the web.Rich Salz2015-08-161-1039/+2
| | | | | | | Best hope of keeping current. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 4f46473a86c9e3741203b22d4d401a3763583494)
* GH336: Return an exit code if report failsDirk Wetter2015-08-011-0/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit e36ce2d986a5edbd33d6d176fb95c8046fae9725)
* Clear BN-mont values when free'ing it.Loganaden Velvindron2015-07-311-3/+3
| | | | | | | From a CloudFlare patch. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 1a586b3942de1c0bd64203d09385d5e74f499d8d)
* RT3774: double-free in DSAMartin Vejnar2015-07-291-0/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit fa4629b6a2518d202fd051f228c3d8770682b3be)
* Tweak README about rt and bug reporting.Rich Salz2015-07-291-13/+19
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 932af1617e277904bcca6e47729a420bba39785b)
* Remove extra '; \' in apps/MakefileRichard Levitte2015-07-131-1/+1
| | | | | | | | | | Fixes GH#330 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit eeb97bce751296b2e04a92d00c0d0a792ba61834) Conflicts: apps/Makefile
* Set numeric IDs for tar as wellRichard Levitte2015-07-101-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit da24e6f8a05ea657684094e04c1a54efa04c2962)
* Stop using tardyRichard Levitte2015-07-101-14/+17
| | | | | | | | | | | | Instead of piping through tardy, and possibly suffering from bugs in certain versions, use --transform, --owner and --group directly with GNU tar (we already expect that tar variant). Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 27f98436b9a84b94fbdd8e32960504634ae44cc0) Conflicts: Makefile.org
* Sort @sstacklst correctly.Dr. Stephen Henson2015-07-091-1/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 2a7059c56f885a3fa0842e886f5178def8e5481d)
* document -2 return valueDr. Stephen Henson2015-07-061-0/+7
| | | | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 5727582cf51e98e5e0faa435e7da2c8929533c0d) Conflicts: doc/crypto/X509_NAME_get_index_by_NID.pod
* Fix PSK handling.Dr. Stephen Henson2015-07-022-15/+4
| | | | | | | | | | | The PSK identity hint should be stored in the SSL_SESSION structure and not in the parent context (which will overwrite values used by other SSL structures with the same SSL_CTX). Use BUF_strndup when copying identity as it may not be null terminated. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 3c66a669dfc7b3792f7af0758ea26fe8502ce70c)
* Don't output bogus errors in PKCS12_parseDr. Stephen Henson2015-06-251-0/+2
| | | | | | | PR#3923 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit ffbf304d4832bd51bb0618f8ca5b7c26647ee664)
* Make preprocessor error into real preprocessor errorRichard Levitte2015-06-161-1/+1
| | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit b4f0d1a4a89b964dba80036a6348ca0a1913c526)
* Remove one extraneous parenthesisRichard Levitte2015-06-161-1/+1
| | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 30cf91784bfde82622f79d87d17d20ce73329532)
* Prepare for 1.0.0t-devMatt Caswell2015-06-115-5/+13
| | | | Reviewed-by: Stephen Henson <steve@openssl.org>
* Prepare for 1.0.0s releaseOpenSSL_1_0_0sMatt Caswell2015-06-114-6/+6
| | | | Reviewed-by: Stephen Henson <steve@openssl.org>
* Update CHANGES and NEWSMatt Caswell2015-06-112-2/+70
| | | | | | Updates to CHANGES and NEWS to take account of the latest security fixes. Reviewed-by: Rich Salz <rsalz@openssl.org>
* PKCS#7: Fix NULL dereference with missing EncryptedContent.Emilia Kasper2015-06-111-1/+15
| | | | | | CVE-2015-1790 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix length checks in X509_cmp_time to avoid out-of-bounds reads.Emilia Kasper2015-06-111-10/+47
| | | | | | | | | | Also tighten X509_cmp_time to reject more than three fractional seconds in the time; and to reject trailing garbage after the offset. CVE-2015-1789 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix infinite loop in CMSDr. Stephen Henson2015-06-111-1/+1
| | | | | | | | | Fix loop in do_free_upto if cmsbio is NULL: this will happen when attempting to verify and a digest is not recognised. Reported by Johannes Bauer. CVE-2015-1792 Reviewed-by: Matt Caswell <matt@openssl.org>
* Correction of make depend merge errorRichard Levitte2015-06-111-1/+1
| | | | | | | $(PROGS) was mistakenly removed, adding it back. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 5ef5b9ffa91ad6061c42291564a1dc786300ebdd)
* More ssl_session_dup fixesMatt Caswell2015-06-111-33/+34
| | | | | | | | | | | | Fix error handling in ssl_session_dup, as well as incorrect setting up of the session ticket. Follow on from CVE-2015-1791. Thanks to LibreSSL project for reporting these issues. Conflicts: ssl/ssl_sess.c Reviewed-by: Tim Hudson <tjh@openssl.org>
* EC_POINT_is_on_curve does not return a booleanMatt Caswell2015-06-106-16/+23
| | | | | | | | | | | | | | | | | The function EC_POINT_is_on_curve does not return a boolean value. It returns 1 if the point is on the curve, 0 if it is not, and -1 on error. Many usages within OpenSSL were incorrectly using this function and therefore not correctly handling error conditions. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 68886be7e2cd395a759fcd41d2cede461b68843d) Conflicts: crypto/ec/ec2_oct.c crypto/ec/ecp_oct.c crypto/ec/ectest.c
* Fix Kerberos issue in ssl_session_dupMatt Caswell2015-06-101-1/+1
| | | | | | | | The fix for CVE-2015-1791 introduced an error in ssl_session_dup for Kerberos. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit dcad51bc13c9b716d9a66248bcc4038c071ff158)
* return correct NID for undefined objectDr. Stephen Henson2015-06-081-0/+3
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 0fb9990480919163cc375a2b6c0df1d8d901a77b)
* Remove misleading commentMatt Caswell2015-06-041-2/+0
| | | | | | | | | | Remove a comment that suggested further clean up was required. DH_free() performs the necessary cleanup. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit f3d889523ee84f1e87e4da0d59e2702a4bee7907)
* Clean premaster_secret for GOSTMatt Caswell2015-06-041-0/+1
| | | | | | | | | | | | Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit b7ee4815f2452c854cc859e8dda88f2673cdddea) Conflicts: ssl/s3_srvr.c
View Lorry Controller Status