| 0823ddc | Matt Caswell | 11 June 2015, 14:20:22 UTC | Prepare for 0.9.8zg release Reviewed-by: Stephen Henson <steve@openssl.org> | 11 June 2015, 14:20:22 UTC |
| ad65679 | Matt Caswell | 10 June 2015, 10:49:31 UTC | Update CHANGES and NEWS Updates to CHANGES and NEWS to take account of the latest security fixes. Reviewed-by: Rich Salz <rsalz@openssl.org> | 11 June 2015, 12:07:49 UTC |
| 582f1f4 | Emilia Kasper | 12 May 2015, 17:00:30 UTC | PKCS#7: Fix NULL dereference with missing EncryptedContent. CVE-2015-1790 Reviewed-by: Rich Salz <rsalz@openssl.org> | 11 June 2015, 12:07:49 UTC |
| fa57f74 | Emilia Kasper | 08 April 2015, 14:56:43 UTC | Fix length checks in X509_cmp_time to avoid out-of-bounds reads. Also tighten X509_cmp_time to reject more than three fractional seconds in the time; and to reject trailing garbage after the offset. CVE-2015-1789 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> | 11 June 2015, 12:07:49 UTC |
| 92f9a8b | Dr. Stephen Henson | 05 June 2015, 11:11:25 UTC | Fix infinite loop in CMS Fix loop in do_free_upto if cmsbio is NULL: this will happen when attempting to verify and a digest is not recognised. Reported by Johannes Bauer. CVE-2015-1792 Reviewed-by: Matt Caswell <matt@openssl.org> | 11 June 2015, 12:07:42 UTC |
| 39bcfb1 | Matt Caswell | 11 June 2015, 00:30:06 UTC | More ssl_session_dup fixes Fix error handling in ssl_session_dup, as well as incorrect setting up of the session ticket. Follow on from CVE-2015-1791. Thanks to LibreSSL project for reporting these issues. Conflicts: ssl/ssl_sess.c Reviewed-by: Tim Hudson <tjh@openssl.org> | 11 June 2015, 09:18:32 UTC |
| 50d3049 | Matt Caswell | 04 June 2015, 13:22:00 UTC | EC_POINT_is_on_curve does not return a boolean The function EC_POINT_is_on_curve does not return a boolean value. It returns 1 if the point is on the curve, 0 if it is not, and -1 on error. Many usages within OpenSSL were incorrectly using this function and therefore not correctly handling error conditions. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 68886be7e2cd395a759fcd41d2cede461b68843d) Conflicts: crypto/ec/ec2_oct.c crypto/ec/ecp_oct.c crypto/ec/ectest.c | 10 June 2015, 09:59:20 UTC |
| 8b4fd12 | Matt Caswell | 10 June 2015, 08:32:34 UTC | Fix Kerberos issue in ssl_session_dup The fix for CVE-2015-1791 introduced an error in ssl_session_dup for Kerberos. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit dcad51bc13c9b716d9a66248bcc4038c071ff158) | 10 June 2015, 09:05:17 UTC |
| 17689e7 | Dr. Stephen Henson | 08 June 2015, 12:23:00 UTC | return correct NID for undefined object Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 0fb9990480919163cc375a2b6c0df1d8d901a77b) | 08 June 2015, 20:47:41 UTC |
| f803a41 | Matt Caswell | 04 June 2015, 10:41:30 UTC | Clean Kerberos pre-master secret Ensure the Kerberos pre-master secret has OPENSSL_cleanse called on it. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 4e3dbe37ca39fa68b6949fbde62f3ec0f0584f7e) | 04 June 2015, 11:46:35 UTC |
| 9759ff0 | Matt Caswell | 19 May 2015, 12:59:47 UTC | Fix off-by-one error in BN_bn2hex A BIGNUM can have the value of -0. The function BN_bn2hex fails to account for this and can allocate a buffer one byte too short in the event of -0 being used, leading to a one byte buffer overrun. All usage within the OpenSSL library is considered safe. Any security risk is considered negligible. With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit c56353071d9849220714d8a556806703771b9269) Conflicts: crypto/bn/bn_print.c | 04 June 2015, 08:33:01 UTC |
| f9603f2 | Richard Levitte | 31 May 2015, 15:47:31 UTC | Add the macro OPENSSL_SYS_WIN64 This is for consistency. Additionally, have its presence define OPENSSL_SYS_WINDOWS as well. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 3f131556d6678bc3754f1e6d98a9a5bfc24e368c) Conflicts: e_os2.h | 02 June 2015, 16:07:55 UTC |
| 467daf6 | Matt Caswell | 18 May 2015, 15:27:48 UTC | Fix race condition in NewSessionTicket If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. CVE-2015-1791 This also fixes RT#3808 where a session ID is changed for a session already in the client session cache. Since the session ID is the key to the cache this breaks the cache access. Parts of this patch were inspired by this Akamai change: https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 27c76b9b8010b536687318739c6f631ce4194688) Conflicts: ssl/ssl.h ssl/ssl_err.c | 02 June 2015, 11:51:37 UTC |
| 113d36a | Matt Caswell | 09 March 2015, 16:09:04 UTC | Clear state in DTLSv1_listen This is a backport of commit e83ee04bb7de800cdb71d522fa562e99328003a3 from the master branch (and this has also been applied to 1.0.2). In 1.0.2 this was CVE-2015-0207. For other branches there is no known security issue, but this is being backported as a precautionary measure. The DTLSv1_listen function is intended to be stateless and processes the initial ClientHello from many peers. It is common for user code to loop over the call to DTLSv1_listen until a valid ClientHello is received with an associated cookie. A defect in the implementation of DTLSv1_listen means that state is preserved in the SSL object from one invokation to the next. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit cce3e4adb78a8d3eeb6e0e4efe332fcc5d75f615) | 02 June 2015, 08:17:21 UTC |
| f16093d | Dr. Stephen Henson | 28 May 2015, 14:44:20 UTC | check for error when creating PKCS#8 structure Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 2849707fa65d2803e6d1c1603fdd3fd1fdc4c6cc) | 28 May 2015, 17:03:04 UTC |
| aeff907 | Dr. Stephen Henson | 28 May 2015, 14:45:57 UTC | PEM doc fixes Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit f097f81c891bb1f479426d8ac9c9541390334983) | 28 May 2015, 17:03:03 UTC |
| f3b555a | Matt Caswell | 19 May 2015, 15:03:02 UTC | Fix off-by-one in BN_rand If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte buffer overflow can occur. There are no such instances within the OpenSSL at the moment. Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for discovering and reporting this issue. Reviewed-by: Kurt Roeckx <kurt@openssl.org> | 22 May 2015, 22:48:52 UTC |
| c0de854 | Matt Caswell | 19 May 2015, 14:19:30 UTC | Reject negative shifts for BN_rshift and BN_lshift The functions BN_rshift and BN_lshift shift their arguments to the right or left by a specified number of bits. Unpredicatable results (including crashes) can occur if a negative number is supplied for the shift value. Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 7cc18d8158b5fc2676393d99b51c30c135502107) Conflicts: crypto/bn/bn.h crypto/bn/bn_err.c | 22 May 2015, 22:25:22 UTC |
| 155ca14 | Rich Salz | 12 May 2015, 15:49:32 UTC | Add NULL checks from master The big "don't check for NULL" cleanup requires backporting some of the lowest-level functions to actually do nothing if NULL is given. This will make it easier to backport fixes to release branches, where master assumes those lower-level functions are "safe" This commit addresses those tickets: 3798 3799 3801. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit f34b095fab1569d093b639bfcc9a77d6020148ff) (cherry picked from commit 690d040b2e9df9c6ac19e1aab8f0cd79a84a2ee4) | 13 May 2015, 16:56:38 UTC |
| 303845a | Dr. Stephen Henson | 16 April 2015, 15:43:09 UTC | Fix encoding bug in i2c_ASN1_INTEGER Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as negative. Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and Hanno Böck <hanno@hboeck.de> for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit a0eed48d37a4b7beea0c966caf09ad46f4a92a44) | 18 April 2015, 13:45:38 UTC |
| 1a38987 | Viktor Dukhovni | 16 April 2015, 06:55:35 UTC | Code style: space after 'if' Reviewed-by: Matt Caswell <gitlab@openssl.org> | 16 April 2015, 17:54:47 UTC |
| 5d28381 | Matt Caswell | 10 April 2015, 15:49:33 UTC | Fix ssl_get_prev_session overrun If OpenSSL is configured with no-tlsext then ssl_get_prev_session can read past the end of the ClientHello message if the session_id length in the ClientHello is invalid. This should not cause any security issues since the underlying buffer is 16k in size. It should never be possible to overrun by that many bytes. This is probably made redundant by the previous commit - but you can never be too careful. With thanks to Qinghao Tang for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 5e0a80c1c9b2b06c2d203ad89778ce1b98e0b5ad) Conflicts: ssl/ssl_sess.c | 14 April 2015, 14:02:44 UTC |
| eeda966 | Matt Caswell | 10 April 2015, 16:25:27 UTC | Check for ClientHello message overruns The ClientHello processing is insufficiently rigorous in its checks to make sure that we don't read past the end of the message. This does not have security implications due to the size of the underlying buffer - but still needs to be fixed. With thanks to Qinghao Tang for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit c9642eb1ff79a30e2c7632ef8267cc34cc2b0d79) | 14 April 2015, 13:53:58 UTC |
| c5b0f5c | Dr. Stephen Henson | 02 April 2015, 12:45:14 UTC | Don't set *pval to NULL in ASN1_item_ex_new. While *pval is usually a pointer in rare circumstances it can be a long value. One some platforms (e.g. WIN64) where sizeof(long) < sizeof(ASN1_VALUE *) this will write past the field. *pval is initialised correctly in the rest of ASN1_item_ex_new so setting it to NULL is unecessary anyway. Thanks to Julien Kauffmann for reporting this issue. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit f617b4969a9261b9d7d381670aefbe2cf766a2cb) Conflicts: crypto/asn1/tasn_new.c | 10 April 2015, 18:54:13 UTC |
| 32fbe91 | Richard Levitte | 08 April 2015, 17:26:11 UTC | Have mkerr.pl treat already existing multiline string defs properly Since source reformat, we ended up with some error reason string definitions that spanned two lines. That in itself is fine, but we sometimes edited them to provide better strings than what could be automatically determined from the reason macro, for example: {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"}, However, mkerr.pl didn't treat those two-line definitions right, and they ended up being retranslated to whatever the macro name would indicate, for example: {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "No gost certificate sent by peer"}, Clearly not what we wanted. This change fixes this problem. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 2cfdfe0918f03f8323c9523a2beb2b363ae86ca7) Conflicts: util/mkerr.pl | 08 April 2015, 19:56:03 UTC |
| 246b35a | Dr. Stephen Henson | 22 March 2015, 17:34:56 UTC | Make OCSP response verification more flexible. If a set of certificates is supplied to OCSP_basic_verify use those in addition to any present in the OCSP response as untrusted CAs when verifying a certificate chain. PR#3668 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 4ca5efc2874e094d6382b30416824eda6dde52fe) | 24 March 2015, 12:15:17 UTC |
| 79cc541 | Matt Caswell | 19 March 2015, 13:50:06 UTC | Prepare for 0.9.8zg-dev Reviewed-by: Richard Levitte <levitte@openssl.org> | 19 March 2015, 13:50:06 UTC |
| db8334b | Matt Caswell | 19 March 2015, 13:47:27 UTC | Prepare for 0.9.8zf release Reviewed-by: Richard Levitte <levitte@openssl.org> | 19 March 2015, 13:47:27 UTC |
| fcc5e89 | Matt Caswell | 19 March 2015, 13:47:27 UTC | make update Reviewed-by: Richard Levitte <levitte@openssl.org> | 19 March 2015, 13:47:27 UTC |
| b78c9e4 | Matt Caswell | 19 March 2015, 11:35:33 UTC | Fix unsigned/signed warnings Fix some unsigned/signed warnings introduced as part of the fix for CVE-2015-0293 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> | 19 March 2015, 13:00:45 UTC |
| c380bff | Matt Caswell | 19 March 2015, 10:16:32 UTC | Fix a failure to NULL a pointer freed on error. Reported by the LibreSSL project as a follow on to CVE-2015-0209 Reviewed-by: Richard Levitte <levitte@openssl.org> | 19 March 2015, 13:00:45 UTC |
| 6655ac4 | Richard Levitte | 18 March 2015, 11:06:56 UTC | VMS build fix Reviewed-by: Andy Polyakov <appro@openssl.org> | 19 March 2015, 13:00:45 UTC |
| c7395fb | Matt Caswell | 17 March 2015, 17:01:09 UTC | Update NEWS file Update the NEWS file with the latest entries from CHANGES ready for the release. Reviewed-by: Richard Levitte <levitte@openssl.org> | 19 March 2015, 13:00:45 UTC |
| d53f920 | Matt Caswell | 17 March 2015, 16:56:27 UTC | Update CHANGES for release Update CHANGES fiel with all the latest fixes ready for the release. Conflicts: CHANGES Conflicts: CHANGES Reviewed-by: Richard Levitte <levitte@openssl.org> | 19 March 2015, 13:00:45 UTC |
| 65c588c | Emilia Kasper | 04 March 2015, 17:05:02 UTC | Fix reachable assert in SSLv2 servers. This assert is reachable for servers that support SSLv2 and export ciphers. Therefore, such servers can be DoSed by sending a specially crafted SSLv2 CLIENT-MASTER-KEY. Also fix s2_srvr.c to error out early if the key lengths are malformed. These lengths are sent unencrypted, so this does not introduce an oracle. CVE-2015-0293 This issue was discovered by Sean Burford (Google) and Emilia Käsper of the OpenSSL development team. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> | 19 March 2015, 13:00:45 UTC |
| 544e3e3 | Emilia Kasper | 27 February 2015, 15:52:23 UTC | PKCS#7: avoid NULL pointer dereferences with missing content In PKCS#7, the ASN.1 content component is optional. This typically applies to inner content (detached signatures), however we must also handle unexpected missing outer content correctly. This patch only addresses functions reachable from parsing, decryption and verification, and functions otherwise associated with reading potentially untrusted data. Correcting all low-level API calls requires further work. CVE-2015-0289 Thanks to Michal Zalewski (Google) for reporting this issue. Reviewed-by: Steve Henson <steve@openssl.org> Conflicts: crypto/pkcs7/pk7_doit.c | 19 March 2015, 13:00:45 UTC |
| 497d0b0 | Dr. Stephen Henson | 09 March 2015, 23:11:45 UTC | Fix ASN1_TYPE_cmp Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. CVE-2015-0286 Reviewed-by: Richard Levitte <levitte@openssl.org> | 19 March 2015, 13:00:44 UTC |
| 674341f | Dr. Stephen Henson | 23 February 2015, 02:32:44 UTC | Free up ADB and CHOICE if already initialised. CVE-2015-0287 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> | 18 March 2015, 11:52:58 UTC |
| c58f4f7 | Dr. Stephen Henson | 14 March 2015, 14:10:35 UTC | Tolerate test_sqr errors for FIPS builds. Reviewed-by: Tim Hudson <tjh@openssl.org> | 14 March 2015, 22:21:21 UTC |
| c85c1e0 | Kurt Roeckx | 08 March 2015, 14:11:33 UTC | Disable export and SSLv2 ciphers by default They are moved to the COMPLEMENTOFDEFAULT instead. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> | 14 March 2015, 17:46:31 UTC |
| c2f5de1 | Matt Caswell | 09 March 2015, 13:59:58 UTC | Cleanse buffers Cleanse various intermediate buffers used by the PRF (backported version from master). Conflicts: ssl/s3_enc.c Conflicts: ssl/t1_enc.c Conflicts: ssl/t1_enc.c Reviewed-by: Richard Levitte <levitte@openssl.org> | 11 March 2015, 10:57:14 UTC |
| 01320ad | Dr. Stephen Henson | 08 March 2015, 17:01:28 UTC | Fix warnings. Fix compiler warnings (similar to commit 25012d5e79) Reviewed-by: Richard Levitte <levitte@openssl.org> | 08 March 2015, 17:23:40 UTC |
| a065737 | Matt Caswell | 06 March 2015, 13:00:47 UTC | Update mkerr.pl for new format Make the output from mkerr.pl consistent with the newly reformatted code. Reviewed-by: Richard Levitte <levitte@openssl.org> | 06 March 2015, 14:10:30 UTC |
| 241cff6 | Dr. Stephen Henson | 18 February 2015, 00:34:59 UTC | Check public key is not NULL. CVE-2015-0288 PR#3708 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 28a00bcd8e318da18031b2ac8778c64147cd54f9) | 02 March 2015, 15:26:57 UTC |
| 8a8ba07 | Dr. Stephen Henson | 02 March 2015, 13:26:29 UTC | Fix format script. The format script didn't correctly recognise some ASN.1 macros and didn't reformat some files as a result. Fix script and reformat affected files. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 437b14b533fe7f7408e3ebca6d5569f1d3347b1a) Conflicts: crypto/asn1/x_long.c | 02 March 2015, 13:50:01 UTC |
| 1b4a8df | Matt Caswell | 09 February 2015, 11:38:41 UTC | Fix a failure to NULL a pointer freed on error. Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org> CVE-2015-0209 Reviewed-by: Emilia Käsper <emilia@openssl.org> | 25 February 2015, 20:40:38 UTC |
| 6d4655c | Andy Polyakov | 09 February 2015, 14:59:09 UTC | Bring objects.pl output even closer to new format. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 849037169d98d070c27d094ac341fc6aca1ed2ca) | 09 February 2015, 15:07:51 UTC |
| 9eca2cb | Andy Polyakov | 07 February 2015, 09:15:32 UTC | Harmonize objects.pl output with new format. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 7ce38623194f6df6a846cd01753b63f361c88e57) | 09 February 2015, 09:03:30 UTC |
| d7efe7e | Matt Caswell | 05 February 2015, 10:19:55 UTC | Fix error handling in ssltest Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit ae632974f905c59176fa5f312826f8f692890b67) | 06 February 2015, 10:15:22 UTC |
| 49fa6b6 | Rich Salz | 05 February 2015, 14:44:30 UTC | Fixed bad formatting in crypto/des/spr.h Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 7e35f06ea908e47f87b723b5e951ffc55463eb8b) | 05 February 2015, 14:46:24 UTC |
| d64a227 | Dr. Stephen Henson | 01 February 2015, 13:06:32 UTC | Check PKCS#8 pkey field is valid before cleansing. PR:3683 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 52e028b9de371da62c1e51b46592517b1068d770) | 03 February 2015, 14:02:51 UTC |
| 6844c12 | Matt Caswell | 22 January 2015, 11:44:18 UTC | Fix for reformat problems with e_padlock.c Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit d3b7cac41b957704932a0cdbc74d4d48ed507cd0) | 22 January 2015, 14:17:04 UTC |
| ead95e7 | Matt Caswell | 22 January 2015, 10:42:48 UTC | Fix formatting error in pem.h Reviewed-by: Andy Polyakov <appro@openssl.org> Conflicts: crypto/pem/pem.h Conflicts: crypto/pem/pem.h | 22 January 2015, 14:17:02 UTC |
| 02f0c26 | Matt Caswell | 05 January 2015, 11:30:03 UTC | Re-align some comments after running the reformat script. This should be a one off operation (subsequent invokation of the script should not move them) This commit is for the 0.9.8 changes Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:53:07 UTC |
| 6f1f3c6 | Matt Caswell | 22 January 2015, 02:48:18 UTC | Rerun util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:53:02 UTC |
| 40720ce | Matt Caswell | 22 January 2015, 02:47:42 UTC | Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:52:55 UTC |
| 9d03aab | Matt Caswell | 22 January 2015, 02:41:39 UTC | More comment changes required for indent Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:52:49 UTC |
| 117e79d | Matt Caswell | 22 January 2015, 00:57:19 UTC | Yet more changes to comments Conflicts: ssl/t1_enc.c Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:52:44 UTC |
| bc91221 | Matt Caswell | 21 January 2015, 23:54:59 UTC | More tweaks for comments due indent issues Conflicts: ssl/ssl_ciph.c Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:52:40 UTC |
| b9006da | Matt Caswell | 21 January 2015, 22:03:55 UTC | Backport hw_ibmca.c from master due to failed merge Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:52:34 UTC |
| d26667b | Matt Caswell | 21 January 2015, 21:22:49 UTC | Tweaks for comments due to indent's inability to handle them Conflicts: ssl/s3_srvr.c Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:52:28 UTC |
| 1327047 | Matt Caswell | 21 January 2015, 19:18:47 UTC | Move more comments that confuse indent Conflicts: crypto/dsa/dsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl_locl.h Conflicts: crypto/bn/rsaz_exp.c crypto/evp/e_aes_cbc_hmac_sha1.c crypto/evp/e_aes_cbc_hmac_sha256.c ssl/ssl_locl.h Conflicts: crypto/ec/ec2_oct.c crypto/ec/ecp_nistp256.c crypto/ec/ecp_nistp521.c crypto/ec/ecp_nistputil.c crypto/ec/ecp_oct.c crypto/modes/gcm128.c ssl/ssl_locl.h Conflicts: apps/apps.c crypto/crypto.h crypto/rand/md_rand.c ssl/d1_pkt.c ssl/ssl.h ssl/ssl_locl.h ssl/ssltest.c ssl/t1_enc.c Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:52:21 UTC |
| 3600d5a | Dr. Stephen Henson | 21 January 2015, 15:32:54 UTC | Delete trailing whitespace from output. Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:52:17 UTC |
| 2b2f5ac | Dr. Stephen Henson | 20 January 2015, 18:53:56 UTC | Add -d debug option to save preprocessed files. Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:52:12 UTC |
| 7d3081c | Dr. Stephen Henson | 20 January 2015, 18:49:04 UTC | Test option -nc Add option -nc which sets COMMENTS=true but disables all indent comment reformatting options. Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:52:05 UTC |
| 9a5d775 | Matt Caswell | 21 January 2015, 16:37:58 UTC | Add ecp_nistz256.c to list of files skipped by openssl-format-source Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:52:00 UTC |
| e29126f | Matt Caswell | 21 January 2015, 16:34:27 UTC | Manually reformat aes_x86core.c and add it to the list of files skipped by openssl-format-source Conflicts: crypto/aes/aes_x86core.c Conflicts: crypto/aes/aes_x86core.c Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:51:54 UTC |
| 175af9d | Matt Caswell | 21 January 2015, 16:12:59 UTC | Fix indent comment corruption issue Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:51:49 UTC |
| 53d6e67 | Matt Caswell | 21 January 2015, 15:28:57 UTC | Amend openssl-format-source so that it give more repeatable output Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:51:43 UTC |
| 4191a11 | Andy Polyakov | 21 January 2015, 12:18:42 UTC | bn/bn_const.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:51:38 UTC |
| f6e4701 | Andy Polyakov | 21 January 2015, 10:54:03 UTC | bn/asm/x86_64-gcc.cL make it indent-friendly. Conflicts: crypto/bn/asm/x86_64-gcc.c Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:51:32 UTC |
| 8618379 | Andy Polyakov | 21 January 2015, 10:50:56 UTC | bn/bn_asm.c: make it indent-friendly. Conflicts: crypto/bn/bn_asm.c Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:51:26 UTC |
| b527959 | Andy Polyakov | 21 January 2015, 10:45:23 UTC | bn/bn_exp.c: make it indent-friendly. Conflicts: crypto/bn/bn_exp.c Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:51:21 UTC |
| 25ca15e | Matt Caswell | 21 January 2015, 14:01:16 UTC | Manually reformat aes_core.c Add aes_core.c to the list of files not processed by openssl-format-source Conflicts: crypto/aes/aes_core.c Conflicts: crypto/aes/aes_core.c Conflicts: crypto/aes/aes_core.c Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:51:15 UTC |
| d1d4b4f | Matt Caswell | 21 January 2015, 13:51:38 UTC | Add obj_dat.h to the list of files that will not be processed by openssl-format-source Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:51:09 UTC |
| 2a3e745 | Matt Caswell | 21 January 2015, 12:19:08 UTC | Fix strange formatting by indent Conflicts: crypto/hmac/hmac.h Conflicts: crypto/evp/e_aes_cbc_hmac_sha256.c Conflicts: crypto/ec/ecp_nistp224.c crypto/ec/ecp_nistp256.c crypto/ec/ecp_nistp521.c crypto/ec/ectest.c Conflicts: crypto/asn1/asn1_par.c crypto/evp/e_des3.c crypto/hmac/hmac.h crypto/sparcv9cap.c engines/ccgost/gost94_keyx.c ssl/t1_enc.c Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:51:04 UTC |
| c7c7a43 | Matt Caswell | 21 January 2015, 11:09:58 UTC | indent has problems with comments that are on the right hand side of a line. Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Conflicts: crypto/bn/bn.h crypto/ec/ec_lcl.h crypto/rsa/rsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl.h ssl/ssl3.h Conflicts: crypto/ec/ec_lcl.h ssl/tls1.h Conflicts: crypto/ec/ecp_nistp224.c crypto/evp/evp.h ssl/d1_both.c ssl/ssl.h ssl/ssl_lib.c Conflicts: crypto/bio/bss_file.c crypto/ec/ec_lcl.h crypto/evp/evp.h crypto/store/str_mem.c crypto/whrlpool/wp_block.c crypto/x509/x509_vfy.h ssl/ssl.h ssl/ssl3.h ssl/ssltest.c ssl/t1_lib.c ssl/tls1.h Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:50:57 UTC |
| 5ba9d5b | Andy Polyakov | 20 January 2015, 22:45:19 UTC | crypto/mem_dbg.c: make it indent-friendly. Conflicts: crypto/mem_dbg.c Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:50:52 UTC |
| 883a4d5 | Matt Caswell | 21 January 2015, 09:33:22 UTC | More indent fixes for STACK_OF Conflicts: ssl/s3_lib.c Conflicts: apps/cms.c crypto/x509/x509_lu.c crypto/x509/x509_vfy.h ssl/s3_lib.c Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:50:46 UTC |
| b4f1dbd | Matt Caswell | 20 January 2015, 22:17:03 UTC | Fix indent issue with engine.h Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:50:41 UTC |
| 5741067 | Matt Caswell | 20 January 2015, 22:13:39 UTC | Fix logic to check for indent.pro Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:50:37 UTC |
| dd7ad2c | Andy Polyakov | 20 January 2015, 14:49:55 UTC | crypto/cryptlib.c: make it indent-friendly. Conflicts: crypto/cryptlib.c Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:50:31 UTC |
| 366b193 | Andy Polyakov | 20 January 2015, 14:22:42 UTC | bn/bntest.c: make it indent-friendly. Conflicts: crypto/bn/bntest.c Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:50:26 UTC |
| 402eec1 | Andy Polyakov | 20 January 2015, 14:12:07 UTC | bn/bn_recp.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:50:22 UTC |
| 44759a0 | Andy Polyakov | 20 January 2015, 13:57:46 UTC | engines/e_ubsec.c: make it indent-friendly. Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:50:17 UTC |
| 9b8089b | Andy Polyakov | 20 January 2015, 13:15:44 UTC | apps/speed.c: make it indent-friendly. Conflicts: apps/speed.c Conflicts: apps/speed.c Conflicts: apps/speed.c Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:50:09 UTC |
| 4fd2e6b | Matt Caswell | 14 January 2015, 21:26:14 UTC | Fix make errors Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:50:03 UTC |
| a2a2bba | Richard Levitte | 20 January 2015, 15:18:23 UTC | Make the script a little more location agnostic Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:49:57 UTC |
| b0727cd | Matt Caswell | 20 January 2015, 12:37:42 UTC | Provide script for filtering data initialisers for structs/unions. indent just can't handle it. Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:49:52 UTC |
| d808ebd | Dr. Stephen Henson | 20 January 2015, 14:12:10 UTC | Script fixes. Don't use double newline for headers. Don't interpret ASN1_PCTX as start of an ASN.1 module. Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:49:46 UTC |
| 23f5f5b | Richard Levitte | 20 January 2015, 14:17:02 UTC | Run expand before perl, to make sure things are properly aligned Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:49:40 UTC |
| 5e12109 | Richard Levitte | 20 January 2015, 14:14:24 UTC | Force the use of our indent profile Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:49:35 UTC |
| 7ef6c2b | Tim Hudson | 05 January 2015, 10:17:50 UTC | Provide source reformating script. Requires GNU indent to be available. Script written by Tim Hudson, with amendments by Steve Henson, Rich Salz and Matt Caswell Reviewed-by: Matt Caswell <matt@openssl.org> | 22 January 2015, 09:49:20 UTC |
| 00ea17f | Matt Caswell | 19 January 2015, 12:42:01 UTC | Fix source where indent will not be able to cope Conflicts: apps/ciphers.c ssl/s3_pkt.c Conflicts: crypto/ec/ec_curve.c Conflicts: crypto/ec/ec_curve.c ssl/s3_clnt.c ssl/s3_srvr.c ssl/ssl_sess.c Conflicts: apps/ciphers.c crypto/bn/bn.h crypto/ec/ec_curve.c ssl/t1_enc.c ssl/t1_lib.c Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:49:13 UTC |
| 3e8042c | Matt Caswell | 16 January 2015, 09:21:50 UTC | Additional comment changes for reformat of 0.9.8 Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:49:06 UTC |
| 564ccc5 | Matt Caswell | 05 January 2015, 00:34:00 UTC | Further comment amendments to preserve formatting prior to source reformat (cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5) Conflicts: crypto/x509v3/pcy_tree.c Conflicts: apps/apps.c ssl/ssltest.c Conflicts: apps/apps.c crypto/ec/ec2_oct.c crypto/ec/ecp_nistp224.c crypto/ec/ecp_nistp256.c crypto/ec/ecp_nistp521.c ssl/s3_cbc.c ssl/ssl_sess.c ssl/t1_lib.c Conflicts: crypto/bio/b_sock.c crypto/pem/pem.h crypto/x509/x509_vfy.c crypto/x509v3/pcy_tree.c ssl/s3_both.c Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:48:59 UTC |
| b558c8d | Tim Hudson | 28 December 2014, 02:48:40 UTC | mark all block comments that need format preserving so that indent will not alter them when reformatting comments (cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960) Conflicts: crypto/bn/bn_lcl.h crypto/bn/bn_prime.c crypto/engine/eng_all.c crypto/rc4/rc4_utl.c crypto/sha/sha.h ssl/kssl.c ssl/t1_lib.c Conflicts: crypto/rc4/rc4_enc.c crypto/x509v3/v3_scts.c crypto/x509v3/v3nametest.c ssl/d1_both.c ssl/s3_srvr.c ssl/ssl.h ssl/ssl_locl.h ssl/ssltest.c ssl/t1_lib.c Conflicts: crypto/asn1/a_sign.c crypto/bn/bn_div.c crypto/dsa/dsa_asn1.c crypto/ec/ecp_nistp224.c crypto/ec/ecp_nistp256.c crypto/ec/ecp_nistp521.c crypto/ec/ecp_nistputil.c crypto/modes/gcm128.c crypto/opensslv.h ssl/d1_both.c ssl/heartbeat_test.c ssl/s3_clnt.c ssl/s3_srvr.c ssl/ssl_sess.c ssl/t1_lib.c test/testutil.h Conflicts: apps/openssl.c apps/ts.c apps/vms_decc_init.c crypto/aes/aes_core.c crypto/aes/aes_x86core.c crypto/dsa/dsa_ameth.c crypto/ec/ec2_mult.c crypto/evp/evp.h crypto/objects/objects.h crypto/rsa/rsa_pss.c crypto/stack/safestack.h crypto/ts/ts.h crypto/ts/ts_rsp_verify.c crypto/whrlpool/wp_dgst.c crypto/x509v3/v3_ncons.c e_os2.h engines/ccgost/gost89.c engines/ccgost/gost_ctl.c engines/ccgost/gost_keywrap.c engines/ccgost/gost_keywrap.h engines/ccgost/gost_sign.c ssl/kssl.c ssl/s3_srvr.c Reviewed-by: Tim Hudson <tjh@openssl.org> | 22 January 2015, 09:48:44 UTC |
| ba442a7 | Matt Caswell | 15 January 2015, 15:08:48 UTC | Prepare for 0.9.8zf-dev Reviewed-by: Stephen Henson <steve@openssl.org> | 15 January 2015, 15:08:48 UTC |
| e8ccaee | Matt Caswell | 15 January 2015, 15:05:59 UTC | Prepare for 0.9.8ze release Reviewed-by: Stephen Henson <steve@openssl.org> | 15 January 2015, 15:05:59 UTC |
| 60431d0 | Matt Caswell | 15 January 2015, 15:05:59 UTC | make update Reviewed-by: Stephen Henson <steve@openssl.org> | 15 January 2015, 15:05:59 UTC |
