| 0453163 | Matt Caswell | 16 February 2017, 11:58:19 UTC | Prepare for 1.1.0e release Reviewed-by: Richard Levitte <levitte@openssl.org> | 16 February 2017, 11:58:19 UTC |
| aed2463 | Matt Caswell | 16 February 2017, 09:51:56 UTC | Update CHANGES and NEWS for new release Reviewed-by: Richard Levitte <levitte@openssl.org> | 16 February 2017, 10:11:09 UTC |
| 60747ea | Matt Caswell | 03 February 2017, 14:54:43 UTC | Remove an OPENSSL_assert() and replace with a soft assert and check Following on from CVE-2017-3733, this removes the OPENSSL_assert() check that failed and replaces it with a soft assert, and an explicit check of value with an error return if it fails. Reviewed-by: Richard Levitte <levitte@openssl.org> | 16 February 2017, 09:39:06 UTC |
| 4ad9361 | Matt Caswell | 03 February 2017, 14:06:20 UTC | Don't change the state of the ETM flags until CCS processing Changing the ciphersuite during a renegotiation can result in a crash leading to a DoS attack. ETM has not been implemented in 1.1.0 for DTLS so this is TLS only. The problem is caused by changing the flag indicating whether to use ETM or not immediately on negotiation of ETM, rather than at CCS. Therefore, during a renegotiation, if the ETM state is changing (usually due to a change of ciphersuite), then an error/crash will occur. Due to the fact that there are separate CCS messages for read and write we actually now need two flags to determine whether to use ETM or not. CVE-2017-3733 Reviewed-by: Richard Levitte <levitte@openssl.org> | 16 February 2017, 09:39:06 UTC |
| 9c5a691 | Matt Caswell | 03 February 2017, 11:21:07 UTC | Provide a test for the Encrypt-Then-Mac renegotiation crash Changing the ciphersuite during a renegotiation can result in a crash leading to a DoS attack. ETM has not been implemented in 1.1.0 for DTLS so this is TLS only. This commit provides a test for the issue. CVE-2017-3733 Reviewed-by: Richard Levitte <levitte@openssl.org> | 16 February 2017, 09:39:05 UTC |
| 3bdc1dc | Kazuki Yamaguchi | 26 January 2017, 04:01:30 UTC | Properly zero cipher_data for ChaCha20-Poly1305 on cleanup Fix a typo. Probably this has not been found because EVP_CIPHER_CTX is smaller than EVP_CHACHA_AEAD_CTX and heap overflow does not occur. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2294) (cherry picked from commit a8f957686675194d786b41f6e1f7c48bb85723ec) | 16 February 2017, 01:01:21 UTC |
| b763981 | Andy Polyakov | 15 February 2017, 11:01:09 UTC | crypto/armcap.c: short-circuit processor capability probe in iOS builds. Capability probing by catching SIGILL appears to be problematic on iOS. But since Apple universe is "monocultural", it's actually possible to simply set pre-defined processor capability mask. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2617) (cherry picked from commit 8653e78f4319b23d60239f9557d8c1e1d23be1a5) | 15 February 2017, 22:17:25 UTC |
| c04b143 | Andy Polyakov | 13 February 2017, 17:16:16 UTC | ARMv4 assembly pack: harmonize Thumb-ification of iOS build. Three modules were left behind in a285992763f3961f69a8d86bf7dfff020a08cef9. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2617) (cherry picked from commit c93f06c12f10c07cea935abd78a07a037e27f155) | 15 February 2017, 22:17:12 UTC |
| c9c1a63 | Bernd Edlinger | 15 February 2017, 10:36:17 UTC | Rework error handling of custom_ext_meth_add towards strong exception safety. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2636) (cherry picked from commit ed874fac6399d5064d6eb8fe2022b918aeaf75af) | 15 February 2017, 13:42:20 UTC |
| 19d5e48 | FdaSilvaYY | 06 February 2017, 23:05:06 UTC | Fix a few typos Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2571) (cherry picked from commit 7e12cdb52e3f4beff050caeecf3634870bb9a7c4) | 14 February 2017, 20:55:54 UTC |
| 07bc93f | Guido Vranken | 11 February 2017, 21:41:38 UTC | Remove obsolete comment Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1613) (cherry picked from commit 7c120357e5ef434c8a7d1d1c3ba4f2a33266374e) | 14 February 2017, 20:00:09 UTC |
| 177b422 | Bernd Edlinger | 13 February 2017, 17:36:13 UTC | Use TLSEXT_KEYNAME_LENGTH in tls_decrypt_ticket. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2618) (cherry picked from commit 57b0d651f052ed86528da916397acbcce035fb21) | 14 February 2017, 19:45:08 UTC |
| be31d57 | Guido Vranken | 13 February 2017, 00:36:43 UTC | Prevent allocations of size 0 in sh_init. which are not possible with the default OPENSSL_zalloc, but are possible if the user has installed their own allocator using CRYPTO_set_mem_functions. If the 0-allocations succeeds, the secure heap code will later access (at least) the first byte of that space, which is technically an OOB access. This could lead to problems with some custom allocators that only return a valid pointer for subsequent free()-ing, and do not expect that the pointer is actually dereferenced. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2605) (cherry picked from commit 7f07149d25f8d7e00e9350ff2f064a4d25c1a13d) | 14 February 2017, 19:35:40 UTC |
| dff827d | Dr. Stephen Henson | 14 February 2017, 17:18:00 UTC | Make -xcert work again. When a certificate is prepended update the list pointer. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2628) (cherry picked from commit 52f4840cb237cc37cad5eac8328828cf3d3e1049) | 14 February 2017, 17:47:39 UTC |
| 55f0883 | Rich Salz | 14 February 2017, 16:51:22 UTC | Add no-ec build Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2626) (cherry picked from commit b4568b04c7cd425103ac8f1603682e8da2044238) | 14 February 2017, 17:10:46 UTC |
| b37fce5 | Yuchi | 06 February 2017, 00:33:47 UTC | mem leak on error path and error propagation fix Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2559) (cherry picked from commit e0670973d5c0b837eb5a9f1670e47107f466fbc7) | 14 February 2017, 10:27:08 UTC |
| 955286c | Andrea Grandi | 10 February 2017, 10:23:21 UTC | Further improvements to ASYNC_WAIT_CTX_clear_fd Remove call to cleanup function Use only one loop to find previous element Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2581) (cherry picked from commit 219aa86cb04e1bfc9c156fab18da2f767502afb2) | 13 February 2017, 15:45:12 UTC |
| bb5b56a | Andrea Grandi | 03 February 2017, 05:46:17 UTC | Remove fd from the list when the engine clears the wait context before pause This fixes the num of fds added/removed returned by ASYNC_WAIT_CTX_get_changed_fds Previously, the numbers were not consistent with the fds actually written in the buffers since the fds that have been both added and removed are explicitly ignored in the loop. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2581) (cherry picked from commit f89dd6738a0ec2b6cfb05a3cc5fa38843dc27d2f) | 13 February 2017, 15:45:12 UTC |
| 5a0d86c | Andrea Grandi | 26 January 2017, 03:17:54 UTC | Add test to show wrong behavior of ASYNC_WAIT_CTX This happens when a fd is added and then immediately removed from the ASYNC_WAIT_CTX before pausing the job. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2581) (cherry picked from commit f44e63644d29e5908be52b7896d5031a5cf460eb) | 13 February 2017, 15:45:11 UTC |
| ca423a6 | Darren Tucker | 12 February 2017, 23:36:29 UTC | DES keys are not 7 days long. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2604) (cherry picked from commit 4fd7b54dc224930a0ce6dd67b35c598c5072857c) | 13 February 2017, 10:53:24 UTC |
| b67a37b | Richard Levitte | 10 February 2017, 21:50:24 UTC | test_rehash does nothing, have it do something test/recipes/40-test_rehash.t uses test files from certs/demo, which doesn't exist any longer. Have it use PEM files from test/ instead. Because rehash wants only one certificate or CRL per file, we must also filter those PEM files to produce test files with a single object each. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2594) (cherry picked from commit 4bbd8a5daaa810c487f684971c0339a1d7c15da9) | 13 February 2017, 04:07:02 UTC |
| 1d2a18e | Lukasz Pawelczyk | 17 November 2016, 09:31:39 UTC | Restore EVP_CIPH_FLAG_LENGTH_BITS working properly EVP_CIPH_FLAG_LENGTH_BITS flag for CFB1 has been broken with the introduction of the is_partially_overlapping() check that did not take it into the account (treating number of bits passed as bytes). This remedies that and allows this flag to work as intended. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1942) (cherry picked from commit 64846096b18340b9a39ddd29a7a0e23c56f22959) | 10 February 2017, 13:43:27 UTC |
| 263390c | David Benjamin | 09 February 2017, 20:13:13 UTC | Don't read uninitialised data for short session IDs. While it's always safe to read |SSL_MAX_SSL_SESSION_ID_LENGTH| bytes from an |SSL_SESSION|'s |session_id| array, the hash function would do so with without considering if all those bytes had been written to. This change checks |session_id_length| before possibly reading uninitialised memory. Since the result of the hash function was already attacker controlled, and since a lookup of a short session ID will always fail, it doesn't appear that this is anything more than a clean up. In particular, |ssl_get_prev_session| uses a stack-allocated placeholder |SSL_SESSION| as a lookup key, so the |session_id| array may be uninitialised. This was originally found with libFuzzer and MSan in https://boringssl.googlesource.com/boringssl/+/e976e4349d693b4bbb97e1694f45be5a1b22c8c7, then by Robert Swiecki with honggfuzz and MSan here. Thanks to both. Reviewed-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2583) (cherry picked from commit bd5d27c1c6d3f83464ddf5124f18a2cac2cbb37f) | 10 February 2017, 00:37:28 UTC |
| 7a31b04 | Matt Caswell | 07 February 2017, 14:17:57 UTC | Fix a typo in the X509_get0_subject_key_id() documentation Fixes a copy&paste error Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2568) (cherry picked from commit fbc9eeaaa32ba1416d6cb2794201f440bbaeb629) | 09 February 2017, 10:39:39 UTC |
| 31041c4 | Rich Salz | 07 February 2017, 16:33:21 UTC | Centralize documentation about config file location Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2569) (cherry picked from commit e9681f8314c64c6802b11997c471bd763de38c8c) | 08 February 2017, 02:12:03 UTC |
| ea9b8d8 | Pauli | 06 February 2017, 19:38:20 UTC | Remove unused variable Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2566) (cherry picked from commit a19a6c8179faa3da0dedaaf2effae385cf7dd65d) | 07 February 2017, 15:27:15 UTC |
| f8b21b9 | Bernd Edlinger | 06 February 2017, 12:37:42 UTC | Fix a crash in EVP_CIPHER_CTX_cleanup due to cipher_data may be NULL or EVP_CTRL_INIT/EVP_CTRL_COPY was not called or failed. If that happens in EVP_CipherInit_ex/EVP_CIPHER_CTX_copy set cipher = NULL, aes_gcm_cleanup should check that gctx != NULL before calling OPENSSL_cleanse. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2562) (cherry picked from commit 273a0218e65f1737cdbb0ef65a5ddebd601e6bef) | 07 February 2017, 09:16:14 UTC |
| 85342b7 | Rich Salz | 05 February 2017, 15:24:54 UTC | Fix parsing of serial# in req Reported by Jakub Wilk. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2556) (cherry picked from commit be4c82aa767998ce2a5717fc895482052373f1b1) | 06 February 2017, 14:54:45 UTC |
| 1b5d6d6 | Rich Salz | 05 February 2017, 15:29:22 UTC | Doc fix Reported by Alexander Köppe Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2557) (cherry picked from commit bb6c5e7f6956c5cd1049136d79e631ca8338fc7b) | 06 February 2017, 14:14:25 UTC |
| 0d17628 | Bernd Edlinger | 02 February 2017, 12:36:10 UTC | Fix a crash with malformed user notice policy numbers Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2352) (cherry picked from commit fe4075f25962dbd302d856c11ac47adb84edc9ca) | 05 February 2017, 00:05:44 UTC |
| 5d0634a | Bernd Edlinger | 31 December 2016, 12:01:11 UTC | Combined patch against OpenSSL_1_1_0-stable branch for the following issues: Fixed a memory leak in ASN1_digest and ASN1_item_digest. Reworked error handling in asn1_item_embed_new. Fixed error handling in int_ctx_new and EVP_PKEY_CTX_dup. Fixed a memory leak in CRYPTO_free_ex_data. Reworked error handing in x509_name_ex_d2i, x509_name_encode and x509_name_canon. Check for null pointer in tls_process_cert_verify. Fixes #2103 #2104 #2105 #2109 #2111 #2115 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2163) | 04 February 2017, 23:58:00 UTC |
| ac16230 | Todd Short | 31 January 2017, 20:32:50 UTC | Majority rules, use session_ctx vs initial_ctx session_ctx and initial_ctx are aliases of each other, and with the opaque data structures, there's no need to keep both around. Since there were more references of session_ctx, replace all instances of initial_ctx with session_ctx. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2340) | 04 February 2017, 23:55:33 UTC |
| 86d9b57 | Dmitry Kostjuchenko | 01 February 2017, 10:51:34 UTC | Grouped data declarations [skip ci] Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1981) (cherry picked from commit bc1dba209533f2033a4de0d93380fc0f485e6f7e) | 03 February 2017, 12:51:06 UTC |
| ddb618d | Dmitry Kostjuchenko | 28 November 2016, 18:16:34 UTC | Removed tab spaces. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1981) (cherry picked from commit 5d5eed4456ebc035893eedbcc4e32a9d065cecb3) | 03 February 2017, 12:51:06 UTC |
| 23e6bf0 | Dmitry Kostjuchenko | 28 November 2016, 17:54:43 UTC | Corrections according the review comments. Updated indentations according project rules, renamed file-local define to the shorter version - USE_RWLOCK, fixed declaration after the if statement in CRYPTO_THREAD_lock_new(). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1981) (cherry picked from commit ec93a2921f6128ac931466ae171fba92a0eab45d) | 03 February 2017, 12:51:05 UTC |
| 90078aa | Dmitry Kostjuchenko | 22 November 2016, 16:37:43 UTC | Compile fix on platforms with missing pthread_rwlock_t. Fix compilation on platforms with missing pthread_rwlock_t implementation by replacing it with pthread_mutex_t. An example of such platform can be Android OS 2.0 - 2.1, API level 5 (Eclair), Android NDK platform - android-5 where pthread_rwlock_t is not implemented and is missing in pthread.h. In case of missing pthread_rwlock_t implementation CRYPTO_RWLOCK will work as exclusive lock in write-only mode of pthread_rwlock_t lock. The implementation based on pthread_mutex_t must be using PTHREAD_MUTEX_RECURSIVE mode to be compatible with recursive behavior of pthread_rwlock_rdlock. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1981) (cherry picked from commit 2accf3f7e013c3d02312afc27cc2edbd1f149db3) | 03 February 2017, 12:51:05 UTC |
| d715533 | Bernd Edlinger | 01 February 2017, 18:10:03 UTC | remove test/.rnd on make clean Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2344) (cherry picked from commit 122fa088524571a3b60ebf301873f69afdac8f7a) | 01 February 2017, 19:13:05 UTC |
| dfb109c | Richard Levitte | 01 February 2017, 01:29:46 UTC | bn: fix occurance of negative zero in BN_rshift1() Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 0a2dcb6990dacc94337f746f4f4a6dfac1fbeac4) | 01 February 2017, 02:17:38 UTC |
| 12ac28e | Geoff Thorpe | 06 October 2016, 15:04:56 UTC | bn: fix occurances of negative zero The BIGNUM behaviour is supposed to be "consistent" when going into and out of APIs, where "consistent" means 'top' is set minimally and that 'neg' (negative) is not set if the BIGNUM is zero (which is iff 'top' is zero, due to the previous point). The BN_DEBUG testing (make test) caught the cases that this patch corrects. Note, bn_correct_top() could have been used instead, but that is intended for where 'top' is expected to (sometimes) require adjustment after direct word-array manipulation, and so is heavier-weight. Here, we are just catching the negative-zero case, so we test and correct for that explicitly, in-place. Change-Id: Iddefbd3c28a13d935648932beebcc765d5b85ae7 Signed-off-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1672) (cherry picked from commit 38d1b3cc0271008b8bd130a2c4b442775b028a08) | 01 February 2017, 02:17:37 UTC |
| 0feb220 | Geoff Thorpe | 06 October 2016, 14:02:38 UTC | bn: catch negative zero as an error Change-Id: I5ab72ad0aae9069b47d5b7b7b9e25bd1b7afa251 Signed-off-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1672) (cherry picked from commit 2fc9b36a96ccd77cbd9ecfb3a3cdaa7ad2ca305e) | 01 February 2017, 02:17:37 UTC |
| f8114d7 | Geoff Thorpe | 06 October 2016, 13:25:22 UTC | bn: fix BN_DEBUG + BN_DEBUG_RAND support Couple of updates to make this code work properly again; * use OPENSSL_assert() instead of assert() (and #include <assert.h>) * the circular-dependency-avoidance uses RAND_bytes() (not pseudo) Change-Id: Iefb5a9dd73f71fd81c1268495c54a64378955354 Signed-off-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1672) (cherry picked from commit 0b50ac1a0fe907f4effcf3f2f36dac32523938c5) | 01 February 2017, 02:17:37 UTC |
| ae45175 | Richard Levitte | 29 January 2017, 07:52:02 UTC | Fix faulty free On error, i2o_SCT_signature() and i2o_SCT() free a pointer that may have wandered off from the start of the allocated block (not currently true for i2o_SCT_signature(), but has that potential as the code may change. To avoid this, save away the start of the allocated block and free that instead. Thanks to Guido Vranken for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2323) (cherry picked from commit d85d3c993e322d3e4c3f00be2910faa8c55b40e3) | 29 January 2017, 14:33:44 UTC |
| 1968ea9 | Richard Levitte | 28 January 2017, 23:08:01 UTC | test/evp_test.c: If no algorithm was specified, don't try to check for DES Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2319) (cherry picked from commit 31b69e9a26c5b127ce273bc5834b9e13e5e25556) | 29 January 2017, 00:41:26 UTC |
| b649ffc | Richard Levitte | 28 January 2017, 17:24:40 UTC | Add a couple of test to check CRL fingerprint Reviewed-by: Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2314) (cherry picked from commit 929860d0e6112f5c7766d9ea036c3f8bd8d3d719) | 28 January 2017, 19:08:24 UTC |
| f5c1ee5 | Richard Levitte | 28 January 2017, 17:02:12 UTC | Document what EXFLAG_SET is for in x509v3.h Reviewed-by: Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2314) (cherry picked from commit 2d60c923141e7853c268364f26195343a5e995bf) | 28 January 2017, 19:08:24 UTC |
| b431b09 | Richard Levitte | 28 January 2017, 16:43:17 UTC | X509_CRL_digest() - ensure precomputed sha1 hash before returning it X509_CRL_digest() didn't check if the precomputed sha1 hash was actually present. This also makes sure there's an appropriate flag to check. Reviewed-by: Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2314) (cherry picked from commit 6195848b2eea627c47f74b63eb2ba3dc3d5b6436) | 28 January 2017, 19:08:24 UTC |
| 6f2de02 | Richard Levitte | 28 January 2017, 14:14:07 UTC | Correct pointer to be freed The pointer that was freed in the SSLv2 section of ssl_bytes_to_cipher_list may have stepped up from its allocated position. Use a pointer that is guaranteed to point at the start of the allocated block instead. Reviewed-by: Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2312) (cherry picked from commit 63414e64e66e376654e993ac966e3b2f9d849d3b) | 28 January 2017, 18:08:14 UTC |
| a884c91 | Emilia Kasper | 25 January 2017, 14:32:41 UTC | Travis: run on Trusty with clang 3.9 (1.1.0 branch) See https://github.com/travis-ci/travis-ci/issues/6460 for context on the changes to wine install. Reviewed-by: Richard Levitte <levitte@openssl.org> | 27 January 2017, 10:51:52 UTC |
| 89d0853 | Dr. Stephen Henson | 25 January 2017, 18:43:13 UTC | Add server signature algorithm bug test. Add a client authentication signature algorithm to simple ssl test and a server signature algorithm. Since we don't do client auth this should have no effect. However if we use client auth signature algorithms by mistake this will abort the handshake with a no shared signature algorithms error. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2297) | 26 January 2017, 17:58:21 UTC |
| 3f60b8f | Dr. Stephen Henson | 26 January 2017, 17:11:14 UTC | Use correct signature algorithm list when sending or checking. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2297) | 26 January 2017, 17:58:21 UTC |
| fa7130e | Matt Caswell | 26 January 2017, 13:11:26 UTC | Prepare for 1.1.0e-dev Reviewed-by: Richard Levitte <levitte@openssl.org> | 26 January 2017, 13:11:26 UTC |
| 8a4d96a | Matt Caswell | 26 January 2017, 13:10:20 UTC | Prepare for 1.1.0d release Reviewed-by: Richard Levitte <levitte@openssl.org> | 26 January 2017, 13:10:20 UTC |
| 09272c5 | Matt Caswell | 24 January 2017, 16:34:40 UTC | Update CHANGES and NEWS for new release Reviewed-by: Richard Levitte <levitte@openssl.org> | 26 January 2017, 11:01:36 UTC |
| a59b90b | Andy Polyakov | 21 January 2017, 20:30:49 UTC | bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqr8x_internal. CVE-2017-3732 Reviewed-by: Rich Salz <rsalz@openssl.org> | 26 January 2017, 10:54:36 UTC |
| 20b69f6 | Richard Levitte | 15 January 2017, 17:20:49 UTC | Document DH_check_params() Reviewed-by: Viktor Dukhovni <viktor@openssl.org> | 26 January 2017, 10:54:36 UTC |
| a39aa18 | Richard Levitte | 30 December 2016, 20:57:28 UTC | Better check of DH parameters in TLS data When the client reads DH parameters from the TLS stream, we only checked that they all are non-zero. This change updates the check to use DH_check_params() DH_check_params() is a new function for light weight checking of the p and g parameters: check that p is odd check that 1 < g < p - 1 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> | 26 January 2017, 10:54:36 UTC |
| 00d9654 | Andy Polyakov | 18 January 2017, 23:20:49 UTC | crypto/evp: harden AEAD ciphers. Originally a crash in 32-bit build was reported CHACHA20-POLY1305 cipher. The crash is triggered by truncated packet and is result of excessive hashing to the edge of accessible memory. Since hash operation is read-only it is not considered to be exploitable beyond a DoS condition. Other ciphers were hardened. Thanks to Robert Święcki for report. CVE-2017-3731 Reviewed-by: Rich Salz <rsalz@openssl.org> | 26 January 2017, 10:54:36 UTC |
| f3a7e57 | Andy Polyakov | 18 January 2017, 23:17:30 UTC | crypto/evp: harden RC4_MD5 cipher. Originally a crash in 32-bit build was reported CHACHA20-POLY1305 cipher. The crash is triggered by truncated packet and is result of excessive hashing to the edge of accessible memory (or bogus MAC value is produced if x86 MD5 assembly module is involved). Since hash operation is read-only it is not considered to be exploitable beyond a DoS condition. Thanks to Robert Święcki for report. CVE-2017-3731 Reviewed-by: Rich Salz <rsalz@openssl.org> | 26 January 2017, 10:54:35 UTC |
| b8552dc | Matt Caswell | 25 January 2017, 15:01:43 UTC | Remove assert from is_partially_overlapping() This function is used to validate application supplied parameters. An assert should be used to check for an error that is internal to OpenSSL. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2275) (cherry picked from commit b153f0921bea38127de0b9440b0487db3004330d) | 25 January 2017, 15:07:37 UTC |
| 38a041a | Matt Caswell | 25 January 2017, 09:26:35 UTC | Adjust in and in_len instead of donelen Don't use the temp variable donelen in the non-aad fragmented code path. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2275) (cherry picked from commit ef055ec536a3c6e698dd9f45b41d57a32366b4fa) | 25 January 2017, 15:07:36 UTC |
| 3258e29 | Matt Caswell | 24 January 2017, 12:57:34 UTC | Fix the overlapping check for fragmented "Update" operations When doing in place encryption the overlapping buffer check can fail incorrectly where we have done a partial block "Update" operation. This fixes things to take account of any pending partial blocks. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2275) (cherry picked from commit 7141ba31969d0b378d08104a51f8f99b9187b9d5) | 25 January 2017, 15:07:36 UTC |
| fd18736 | Matt Caswell | 23 January 2017, 12:45:33 UTC | Update evp_test to make sure passing partial block to "Update" is ok The previous commit fixed a bug where a partial block had been passed to an "Update" function and it wasn't properly handled. We should catch this type of error in evp_test. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2275) (cherry picked from commit 0b96d77a62d8ac9a45ac1dda47560ced676b5b8d) | 25 January 2017, 15:07:36 UTC |
| 6af62ee | Matt Caswell | 23 January 2017, 12:44:48 UTC | Properly handle a partial block in OCB mode If we have previously been passed a partial block in an "Update" call then make sure we properly increment the output buffer when we use it. Fixes #2273 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2275) (cherry picked from commit 7c12c7b61c5b37c9dff930ccc68421fb7de00271) | 25 January 2017, 15:07:36 UTC |
| d125734 | Matt Caswell | 23 January 2017, 12:43:59 UTC | Don't use magic numbers in aes_ocb_cipher() Lots of references to 16 replaced by AES_BLOCK_SIZE. Also a few other style tweaks in that function Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2275) (cherry picked from commit 0ba5a9eaa0a6ae7fc25ee70eefc1f4fbdaf09483) | 25 January 2017, 15:07:36 UTC |
| 07cd2f8 | Richard Levitte | 05 October 2016, 10:37:58 UTC | s_client: Better response success check for CONNECT Instead of looking for "200" and "established" (and failing all other 2xx responses or "Established"), let's look for a line that's not a header (i.e. doesn't contain a ':') and where the first space is followed by a '2'. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1664) (cherry picked from commit ec2a0e60652c0e61e90dde367756c5d92cd882d3) | 24 January 2017, 23:41:27 UTC |
| 0e3200b | Andy Polyakov | 23 January 2017, 19:06:26 UTC | Replace div-spoiler hack with simpler code, GH#1027,2253. This is 1.1.0-specific 8f77fab82486c19ab48eee07718e190f76e6ea9a redux. Reviewed-by: Rich Salz <rsalz@openssl.org> | 24 January 2017, 19:06:05 UTC |
| f5eab25 | Todd Short | 09 January 2017, 20:29:42 UTC | Cleanup EVP_CIPH/EP_CTRL duplicate defines Remove duplicate defines from EVP source files. Most of them were in evp.h, which is always included. Add new ones evp_int.h EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK is now always defined in evp.h, so remove conditionals on it Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2201) (cherry picked from commit 9d6fcd4295fef7ebc4232aab85718a99d36cc50a) | 24 January 2017, 17:48:16 UTC |
| 75249be | Bernd Edlinger | 22 December 2016, 12:51:27 UTC | Fix error handling in compute_key, BN_CTX_get can return NULL Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2132) (cherry picked from commit 7928ee4d685b727619555bc1ec0aee805f6fc8c4) | 24 January 2017, 17:26:21 UTC |
| 722d42e | Benjamin Kaduk | 24 January 2017, 16:50:21 UTC | Do not overallocate for tmp.ciphers_raw Well, not as much, at least. Commit 07afdf3c3ac97af4f2b4eec22a97f7230f8227e0 changed things so that for SSLv2 format ClientHellos we store the cipher list in the TLS format, i.e., with two bytes per cipher, to be consistent with historical behavior. However, the space allocated for the array still performed the computation with three bytes per cipher, a needless over-allocation (though a relatively small one, all things considered). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2281) (cherry picked from commit f1429b85c5821e55224e5878da9d0fa420a41f71) | 24 January 2017, 17:05:45 UTC |
| c088325 | Matt Caswell | 24 January 2017, 11:12:03 UTC | Fix SSL_get0_raw_cipherlist() SSL_get0_raw_cipherlist() was a little too "raw" in the case of an SSLv2 compat ClientHello. In 1.0.2 and below, during version negotiation, if we received an SSLv2 compat ClientHello but actually wanted to do SSLv3+ then we would construct a "fake" SSLv3+ ClientHello. This "fake" ClientHello would have its ciphersuite list converted to the SSLv3+ format. It was this "fake" raw list that got saved away to later be returned by a call to SSL_get0_raw_cipherlist(). In 1.1.0+ version negotiation works differently and we process an SSLv2 compat ClientHello directly without the need for an intermediary "fake" ClientHello. This meant that the raw ciphersuite list being saved was in the SSLv2 format. Any caller of this function would not expect that and potentially overread the returned buffer by one byte. Fixes #2189 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2280) (cherry picked from commit 07afdf3c3ac97af4f2b4eec22a97f7230f8227e0) | 24 January 2017, 14:31:43 UTC |
| 0de0fb8 | Kazuki Yamaguchi | 29 December 2016, 15:59:56 UTC | Add missing flags for EVP_chacha20() ChaCha20 code uses its own custom cipher_data. Add EVP_CIPH_CUSTOM_IV and EVP_CIPH_ALWAYS_CALL_INIT so that the key and the iv can be set by different calls of EVP_CipherInit_ex(). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2156) (cherry picked from commit c83680a04aac7a15e6ac48ed732b8322c4c9d49a) | 24 January 2017, 14:22:35 UTC |
| cee0cdb | Bernd Edlinger | 22 December 2016, 19:17:29 UTC | Fix a ssl session leak due to OOM in lh_SSL_SESSION_insert - s == NULL can mean c is a new session *or* lh_insert was unable to create a hash entry. - use lh_SSL_SESSION_retrieve to check for this error condition. - If it happens simply remove the extra reference again. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2138) (cherry picked from commit 38088ce9934a90d4aea486edbff864f3935342e6) | 24 January 2017, 14:06:43 UTC |
| b81aadd | ganesh | 11 November 2016, 03:13:13 UTC | RAND_egd_bytes: No need to check RAND_status on connection error. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1886) (cherry picked from commit c2114afc1622ff0113974b3696e557ea8bf7ffb4) | 24 January 2017, 13:40:45 UTC |
| 03f3575 | ganesh | 10 November 2016, 11:16:43 UTC | Fixed the return code for RAND_egd_bytes. According to the documentation, the return code should be -1 when RAND_status does not return 1. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1886) (cherry picked from commit 3ed93c863374125296954edcbc595599adbd07ea) | 24 January 2017, 13:40:45 UTC |
| 73ff847 | ganesh | 09 November 2016, 15:14:22 UTC | Fixed the return code of RAND_query_egd_bytes when connect fails. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1886) (cherry picked from commit 1381684daf8800487b48a70cd634f433b1d6366f) | 24 January 2017, 13:40:44 UTC |
| 45789c2 | FdaSilvaYY | 16 November 2016, 21:46:25 UTC | Fix use before assignment it was getting the SerialNumber of a previous cert. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2272) (cherry picked from commit 0db1fb3fc13c4b1a2b916efbb374f40579b1398f) | 23 January 2017, 14:32:52 UTC |
| c4fec13 | Matt Caswell | 22 November 2016, 16:55:35 UTC | Extend the test_ssl_new renegotiation tests to include client auth Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1983) | 23 January 2017, 14:09:10 UTC |
| caa2427 | Matt Caswell | 22 November 2016, 16:54:28 UTC | Stop server from expecting Certificate message when not requested In a non client-auth renegotiation where the original handshake *was* client auth, then the server will expect the client to send a Certificate message anyway resulting in a connection failure. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1983) | 23 January 2017, 14:09:10 UTC |
| 8a72eaf | Matt Caswell | 22 November 2016, 16:39:27 UTC | Stop client from sending Certificate message when not requested In a non client-auth renegotiation where the original handshake *was* client auth, then the client will send a Certificate message anyway resulting in a connection failure. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1983) | 23 January 2017, 14:09:10 UTC |
| c25d172 | Matt Caswell | 22 November 2016, 16:23:22 UTC | Fix SSL_VERIFY_CLIENT_ONCE The flag SSL_VERIFY_CLIENT_ONCE is documented as follows: B<Server mode:> only request a client certificate on the initial TLS/SSL handshake. Do not ask for a client certificate again in case of a renegotiation. This flag must be used together with SSL_VERIFY_PEER. B<Client mode:> ignored But the implementation actually did nothing. After the server sends its ServerKeyExchange message, the code was checking s->session->peer to see if it is NULL. If it was set then it did not ask for another client certificate. However s->session->peer will only be set in the event of a resumption, but a ServerKeyExchange message is only sent in the event of a full handshake (i.e. no resumption). The documentation suggests that the original intention was for this to have an effect on renegotiation, and resumption doesn't come into it. The fix is to properly check for renegotiation, not whether there is already a client certificate in the session. As far as I can tell this has been broken for a *long* time. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1983) | 23 January 2017, 14:09:10 UTC |
| f31917a | Matt Caswell | 22 November 2016, 16:16:11 UTC | Add a test to check messsages sent are the ones we expect Repeat for various handshake types Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1983) | 23 January 2017, 14:09:10 UTC |
| 4b684b5 | Matt Caswell | 22 November 2016, 13:43:50 UTC | Support renegotiation in TLSProxy Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1983) | 23 January 2017, 14:09:10 UTC |
| 6bc3bcb | Matt Caswell | 22 November 2016, 16:16:23 UTC | Fix a bug in TLSProxy where zero length messages were not being recorded Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1983) | 23 January 2017, 14:09:10 UTC |
| 7bd011d | Bernd Edlinger | 01 January 2017, 00:43:20 UTC | fix a memory leak in ssl3_generate_key_block fix the error handling in ssl3_change_cipher_state Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2164) (cherry picked from commit a6fd7c1dbef2c3da3c87f1582ae48e4c29aa303c) | 23 January 2017, 10:44:32 UTC |
| 408eb66 | Bernd Edlinger | 10 January 2017, 08:22:05 UTC | Check the exit code from the server process Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2205) (cherry picked from commit 57a19206b5aad7ca67f0d5ebae05af2799609819) | 23 January 2017, 10:31:37 UTC |
| aaec49f | Richard Levitte | 18 January 2017, 15:19:26 UTC | Fix DSA parameter generation control error When setting the digest parameter for DSA parameter generation, the signature MD was set instead of the parameter generation one. Fortunately, that's also the one that was used for parameter generation, but it ultimately meant the parameter generator MD and the signature MD would always be the same. Fixes github issue #2016 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2250) (cherry picked from commit 8a05c4d3b5a1bfb9193ea24e71735e11de7168d2) | 20 January 2017, 07:30:35 UTC |
| 3493641 | Markus Triska | 18 January 2017, 23:07:20 UTC | correct 3 mistakes CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2257) (cherry picked from commit 424baabdf5af540bda4a69122d274b071d804390) | 19 January 2017, 17:46:16 UTC |
| df0d9c6 | Rich Salz | 16 January 2017, 19:30:59 UTC | Skip ECDH tests for SSLv3 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1597) (cherry picked from commit 4f326dd8998d5b33f72b11432f110e0f2cfcb92b) | 18 January 2017, 17:27:05 UTC |
| 8accb70 | Rich Salz | 19 September 2016, 17:09:58 UTC | If client doesn't send curves list, don't assume all. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1597) (cherry picked from commit 3e37351834c203421b7f492dd83d5e5872e17778) | 18 January 2017, 17:25:16 UTC |
| bb2efac | FdaSilvaYY | 08 November 2016, 18:21:51 UTC | Clean dead macros and defines ... mostly related to some old discarded modules . Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1906) (cherry picked from commit 31a51151fc163a7f5f4d07dff9478be50e4b5707) | 18 January 2017, 14:20:42 UTC |
| 17f4d25 | FdaSilvaYY | 10 November 2016, 22:28:10 UTC | Clean one unused variable, plus an useless one. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1906) (cherry picked from commit 2191dc846a85ce82925cb06b4dd8649da7fc403c) | 18 January 2017, 14:20:42 UTC |
| c9c36ee | Markus Triska | 18 January 2017, 00:40:36 UTC | Correct reference to SSL_get_peer_cert_chain(). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> CLA: trivial (Merged from https://github.com/openssl/openssl/pull/2247) (cherry picked from commit 1f164c6fadd0eef0aa0997c51639a11276bf9072) | 18 January 2017, 13:21:49 UTC |
| 87f7c47 | EasySec | 17 January 2017, 16:21:55 UTC | Fix list -disabled for blake2 alg Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2241) (cherry picked from commit 487d3a726a1970e84853434561d88cb4ac212d15) | 17 January 2017, 19:00:18 UTC |
| b3e07a5 | xemdetia | 16 January 2017, 19:41:03 UTC | Fix man3 reference to CRYPTO_secure_used CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2238) (cherry picked from commit ef3f621ed572fefe768f26989c16264496d24f69) | 16 January 2017, 21:35:05 UTC |
| 98bdd43 | Kurt Roeckx | 15 January 2017, 23:04:31 UTC | Add missing braces. Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #2234 (cherry picked from commit c4a60150914fc260c3fc2854e13372c870bdde76) | 16 January 2017, 03:51:03 UTC |
| c565e99 | Kurt Roeckx | 14 January 2017, 15:10:25 UTC | Fix undefined behaviour when printing the X509 and CRL version Found by oss-fuzz Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #2231 (cherry picked from commit c2ce477f1f3c0a98802fb087b0cf4b0a99ea2b1d) | 15 January 2017, 21:22:44 UTC |
| 39ff4d7 | Kurt Roeckx | 15 January 2017, 11:33:45 UTC | Fix VC warnings about unary minus to an unsigned type. Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #2230 (cherry picked from commit 68d4bcfd0651c7ea5d37ca52abc0d2e6e6b3bd20) | 15 January 2017, 21:22:42 UTC |
| b17d15f | Kurt Roeckx | 14 January 2017, 14:58:42 UTC | Fix undefined behaviour when printing the X509 serial Found by afl Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #2230 (cherry picked from commit 244d7b288f2b9ab7f6a2dbf068eccd6e20d9eef6) | 15 January 2017, 21:22:40 UTC |
| ba2efdc | Richard Levitte | 12 January 2017, 22:13:17 UTC | Clarify what RUN_ONCE returns RUN_ONCE really just returns 0 on failure or whatever the init function returned. By convention, however, the init function must return 0 on failure and 1 on success. This needed to be clarified. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2225) (cherry picked from commit 37b8f1e21c56996644afa38816f575b05eb483ae) | 13 January 2017, 12:10:59 UTC |
| 08c2da0 | Richard Levitte | 13 January 2017, 11:03:16 UTC | Fix no-ocsp The use of EXFLAG_SET requires the inclusion of openssl/x509v3.h. openssl/ocsp.h does that, except when OCSP is disabled. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2227) (cherry picked from commit d62210af2e169d0818c65ff9f20ab5276693b2bf) | 13 January 2017, 11:14:13 UTC |
