Matt Caswell [Thu, 19 Mar 2015 11:35:33 +0000 (11:35 +0000)]
Fix unsigned/signed warnings
Fix some unsigned/signed warnings introduced as part of the fix
for CVE-2015-0293
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 19 Mar 2015 10:16:32 +0000 (10:16 +0000)]
Fix a failure to NULL a pointer freed on error.
Reported by the LibreSSL project as a follow on to CVE-2015-0209
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 17 Mar 2015 17:01:09 +0000 (17:01 +0000)]
Update NEWS file
Update the NEWS file with the latest entries from CHANGES ready for the
release.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 17 Mar 2015 16:56:27 +0000 (16:56 +0000)]
Update CHANGES for release
Update CHANGES fiel with all the latest fixes ready for the release.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 18 Mar 2015 09:48:03 +0000 (09:48 +0000)]
Remove overlapping CHANGES/NEWS entries
Remove entries from CHANGES and NEWS from letter releases that occur *after*
the next point release. Without this we get duplicate entries for the same
issue appearing multiple times.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Emilia Kasper [Wed, 4 Mar 2015 17:05:02 +0000 (09:05 -0800)]
Fix reachable assert in SSLv2 servers.
This assert is reachable for servers that support SSLv2 and export ciphers.
Therefore, such servers can be DoSed by sending a specially crafted
SSLv2 CLIENT-MASTER-KEY.
Also fix s2_srvr.c to error out early if the key lengths are malformed.
These lengths are sent unencrypted, so this does not introduce an oracle.
CVE-2015-0293
This issue was discovered by Sean Burford (Google) and Emilia Käsper of
the OpenSSL development team.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Emilia Kasper [Fri, 27 Feb 2015 15:52:23 +0000 (16:52 +0100)]
PKCS#7: avoid NULL pointer dereferences with missing content
In PKCS#7, the ASN.1 content component is optional.
This typically applies to inner content (detached signatures),
however we must also handle unexpected missing outer content
correctly.
This patch only addresses functions reachable from parsing,
decryption and verification, and functions otherwise associated
with reading potentially untrusted data.
Correcting all low-level API calls requires further work.
CVE-2015-0289
Thanks to Michal Zalewski (Google) for reporting this issue.
Reviewed-by: Steve Henson <steve@openssl.org>
Dr. Stephen Henson [Mon, 9 Mar 2015 23:11:45 +0000 (23:11 +0000)]
Fix ASN1_TYPE_cmp
Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
can be triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.
CVE-2015-0286
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Mon, 23 Feb 2015 02:32:44 +0000 (02:32 +0000)]
Free up ADB and CHOICE if already initialised.
CVE-2015-0287
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Matt Caswell [Thu, 12 Mar 2015 14:09:00 +0000 (14:09 +0000)]
Dead code removal from apps
Some miscellaneous removal of dead code from apps. Also fix an issue with
error handling with pkcs7.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
11abf92259e899f4f7da4a3e80781e84b0fb1a64)
Matt Caswell [Thu, 12 Mar 2015 14:08:21 +0000 (14:08 +0000)]
Remove dead code from crypto
Some miscellaneous removal of dead code from lib crypto.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
b7573c597c1932ef709b2455ffab47348b5c54e5)
Matt Caswell [Thu, 12 Mar 2015 16:42:55 +0000 (16:42 +0000)]
Fix seg fault in s_time
Passing a negative value for the "-time" option to s_time results in a seg
fault. This commit fixes it so that time has to be greater than 0.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
dfef52f6f277327e118fdd0fe34486852c2789b6)
Matt Caswell [Thu, 12 Mar 2015 14:37:26 +0000 (14:37 +0000)]
Add sanity check to PRF
The function tls1_PRF counts the number of digests in use and partitions
security evenly between them. There always needs to be at least one digest
in use, otherwise this is an internal error. Add a sanity check for this.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
668f6f08c62177ab5893fc26ebb67053aafdffc8)
Matt Caswell [Thu, 12 Mar 2015 12:54:44 +0000 (12:54 +0000)]
Fix memset call in stack.c
The function sk_zero is supposed to zero the elements held within a stack.
It uses memset to do this. However it calculates the size of each element
as being sizeof(char **) instead of sizeof(char *). This probably doesn't
make much practical difference in most cases, but isn't a portable
assumption.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
7132ac830fa08d9a936e011d7c541b0c52115b33)
Matt Caswell [Thu, 12 Mar 2015 11:25:03 +0000 (11:25 +0000)]
Move malloc fail checks closer to malloc
Move memory allocation failure checks closer to the site of the malloc in
dgst app. Only a problem if the debug flag is set...but still should be
fixed.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
be1477adc97e76f4b83ed8075589f529069bd5d1)
Matt Caswell [Thu, 12 Mar 2015 11:10:47 +0000 (11:10 +0000)]
Add malloc failure checks
Add some missing checks for memory allocation failures in ca app.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
a561bfe944c0beba73551731cb98af70dfee3549)
Andy Polyakov [Sat, 21 Feb 2015 12:51:56 +0000 (13:51 +0100)]
Avoid reading an unused byte after the buffer
Other curves don't have this problem.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit
9fbbdd73c58c29dc46cc314f7165e45e6d43fd60)
Emilia Kasper [Sat, 14 Mar 2015 04:10:13 +0000 (21:10 -0700)]
Fix undefined behaviour in shifts.
Td4 and Te4 are arrays of u8. A u8 << int promotes the u8 to an int first then shifts.
If the mathematical result of a shift (as modelled by lhs * 2^{rhs}) is not representable
in an integer, behaviour is undefined. In other words, you can't shift into the sign bit
of a signed integer. Fix this by casting to u32 whenever we're shifting left by 24.
(For consistency, cast other shifts, too.)
Caught by -fsanitize=shift
Submitted by Nick Lewycky (Google)
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
8b37e5c14f0eddb10c7f91ef91004622d90ef361)
Dr. Stephen Henson [Sun, 1 Mar 2015 15:25:39 +0000 (15:25 +0000)]
additional configuration documentation
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
3d764db7a24e3dca1a3ee57202ce3c818d592141)
Dr. Stephen Henson [Wed, 11 Mar 2015 23:30:52 +0000 (23:30 +0000)]
ASN.1 print fix.
When printing out an ASN.1 structure if the type is an item template don't
fall thru and attempt to interpret as a primitive type.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
5dc1247a7494f50c88ce7492518bbe0ce6f124fa)
Matt Caswell [Wed, 11 Mar 2015 20:50:20 +0000 (20:50 +0000)]
Fix missing return checks in v3_cpols.c
Fixed assorted missing return value checks in c3_cpols.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
c5f2b5336ab72e40ab91e2ca85639f51fa3178c6)
Matt Caswell [Wed, 11 Mar 2015 20:19:08 +0000 (20:19 +0000)]
Fix dsa_pub_encode
The return value from ASN1_STRING_new() was not being checked which could
lead to a NULL deref in the event of a malloc failure. Also fixed a mem
leak in the error path.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
0c7ca4033dcf5398334d4b78a7dfb941c8167a40)
Matt Caswell [Wed, 11 Mar 2015 20:08:16 +0000 (20:08 +0000)]
Fix dh_pub_encode
The return value from ASN1_STRING_new() was not being checked which could
lead to a NULL deref in the event of a malloc failure. Also fixed a mem
leak in the error path.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
6aa8dab2bbfd5ad3cfc0d07fe5d7243635d5b2a2)
Conflicts:
crypto/dh/dh_ameth.c
Matt Caswell [Wed, 11 Mar 2015 19:41:01 +0000 (19:41 +0000)]
Fix asn1_item_print_ctx
The call to asn1_do_adb can return NULL on error, so we should check the
return value before attempting to use it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
34a7ed0c39aa3ab67eea1e106577525eaf0d7a00)
Matt Caswell [Wed, 11 Mar 2015 16:00:01 +0000 (16:00 +0000)]
ASN1_primitive_new NULL param handling
ASN1_primitive_new takes an ASN1_ITEM * param |it|. There are a couple
of conditional code paths that check whether |it| is NULL or not - but
later |it| is deref'd unconditionally. If |it| was ever really NULL then
this would seg fault. In practice ASN1_primitive_new is marked as an
internal function in the public header file. The only places it is ever
used internally always pass a non NULL parameter for |it|. Therefore, change
the code to sanity check that |it| is not NULL, and remove the conditional
checking.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
9e488fd6ab2c295941e91a47ab7bcd346b7540c7)
Matt Caswell [Wed, 11 Mar 2015 15:41:52 +0000 (15:41 +0000)]
Fix EVP_DigestInit_ex with NULL digest
Calling EVP_DigestInit_ex which has already had the digest set up for it
should be possible. You are supposed to be able to pass NULL for the type.
However currently this seg faults.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
a01087027bd0c5ec053d4eabd972bd942bfcd92f)
Matt Caswell [Wed, 11 Mar 2015 15:31:16 +0000 (15:31 +0000)]
Fix error handling in bn_exp
In the event of an error |rr| could be NULL. Therefore don't assume you can
use |rr| in the error handling code.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
8c5a7b33c6269c3bd6bc0df6b4c22e4fba03b485)
Matt Caswell [Tue, 10 Mar 2015 23:15:15 +0000 (23:15 +0000)]
Fix seg fault in ASN1_generate_v3/ASN1_generate_nconf
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit
ac5a110621ca48f0bebd5b4d76d081de403da29e)
Matt Caswell [Mon, 9 Mar 2015 13:59:58 +0000 (13:59 +0000)]
Cleanse buffers
Cleanse various intermediate buffers used by the PRF (backported version
from master).
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
35fafc4dbc0b3a717ad1b208fe2867e8c64867de)
Conflicts:
ssl/s3_enc.c
Emilia Kasper [Wed, 4 Mar 2015 21:05:53 +0000 (13:05 -0800)]
Harmonize return values in dtls1_buffer_record
Ensure all malloc failures return -1.
Reported by Adam Langley (Google).
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
06c6a2b4a3a6e64303caa256398dd2dc16f9c35a)
Richard Godbee [Sun, 21 Sep 2014 06:14:11 +0000 (02:14 -0400)]
BIO_debug_callback: Fix output on 64-bit machines
BIO_debug_callback() no longer assumes the hexadecimal representation of
a pointer fits in 8 characters.
Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
460e920d8a274e27aab36346eeda6685a42c3314)
Dmitry-Me [Sun, 1 Jun 2014 17:30:52 +0000 (21:30 +0400)]
Fix wrong numbers being passed as string lengths
Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
0b142f022e2c5072295e00ebc11c5b707a726d74)
Dr. Stephen Henson [Mon, 9 Mar 2015 16:58:16 +0000 (16:58 +0000)]
update ordinals
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Sun, 8 Mar 2015 17:31:48 +0000 (17:31 +0000)]
fix warning
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
d6ca1cee8b6efac5906ac66443d1ca67fe689ff8)
Dr. Stephen Henson [Tue, 3 Mar 2015 14:20:23 +0000 (14:20 +0000)]
Cleanse PKCS#8 private key components.
New function ASN1_STRING_clear_free which cleanses an ASN1_STRING
structure before freeing it.
Call ASN1_STRING_clear_free on PKCS#8 private key components.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
a8ae0891d4bfd18f224777aed1fbb172504421f1)
Dr. Stephen Henson [Tue, 24 Feb 2015 16:35:37 +0000 (16:35 +0000)]
Additional CMS documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
e3013932df2d899e8600c305342bc14b682dc0d1)
Kurt Roeckx [Wed, 4 Mar 2015 20:57:52 +0000 (21:57 +0100)]
Remove export ciphers from the DEFAULT cipher list
They are moved to the COMPLEMENTOFDEFAULT instead.
This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
f417997a324037025be61737288e40e171a8218c)
Conflicts:
ssl/ssl_ciph.c
Matt Caswell [Fri, 6 Mar 2015 13:00:47 +0000 (13:00 +0000)]
Update mkerr.pl for new format
Make the output from mkerr.pl consistent with the newly reformatted code.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Kurt Cancemi [Wed, 4 Mar 2015 10:57:45 +0000 (10:57 +0000)]
Use constants not numbers
This patch uses warning/fatal constants instead of numbers with comments for
warning/alerts in d1_pkt.c and s3_pkt.c
RT#3725
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
fd865cadcb603918bdcfcf44e487721c657a1117)
Matt Caswell [Wed, 4 Mar 2015 17:49:51 +0000 (17:49 +0000)]
Unchecked malloc fixes
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
918bb8652969fd53f0c390c1cd909265ed502c7e)
Conflicts:
crypto/bio/bss_dgram.c
Conflicts:
apps/cms.c
apps/s_cb.c
apps/s_server.c
apps/speed.c
crypto/dh/dh_pmeth.c
ssl/s3_pkt.c
Dr. Stephen Henson [Wed, 18 Feb 2015 00:34:59 +0000 (00:34 +0000)]
Check public key is not NULL.
CVE-2015-0288
PR#3708
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
28a00bcd8e318da18031b2ac8778c64147cd54f9)
Dr. Stephen Henson [Mon, 2 Mar 2015 13:26:29 +0000 (13:26 +0000)]
Fix format script.
The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
437b14b533fe7f7408e3ebca6d5569f1d3347b1a)
Matt Caswell [Fri, 27 Feb 2015 16:52:07 +0000 (16:52 +0000)]
Fix d2i_SSL_SESSION for DTLS1_BAD_VER
Some Cisco appliances use a pre-standard version number for DTLS. We support
this as DTLS1_BAD_VER within the code.
This change fixes d2i_SSL_SESSION for that DTLS version.
Based on an original patch by David Woodhouse <dwmw2@infradead.org>
RT#3704
Reviewed-by: Tim Hudson <tjh@openssl.org>
Conflicts:
ssl/ssl_asn1.c
Conflicts:
ssl/dtls1.h
Matt Caswell [Thu, 26 Feb 2015 11:54:58 +0000 (11:54 +0000)]
Fixed missing return value checks.
Added various missing return value checks in tls1_change_cipher_state.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Conflicts:
ssl/t1_enc.c
Matt Caswell [Thu, 26 Feb 2015 11:53:55 +0000 (11:53 +0000)]
Fix missing return value checks.
Fixed various missing return value checks in ssl3_send_newsession_ticket.
Also a mem leak on error.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Conflicts:
ssl/s3_srvr.c
Conflicts:
ssl/s3_srvr.c
Matt Caswell [Fri, 27 Feb 2015 00:02:06 +0000 (00:02 +0000)]
Fix warning with no-ec
This fixes another warning when config'd with no-ec
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Matt Caswell [Thu, 26 Feb 2015 23:52:19 +0000 (23:52 +0000)]
Fix no-ec warning
This is a partial back port of commit
5b430cfc to remove a warning when
compiling with no-ec.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Matt Caswell [Thu, 26 Feb 2015 10:35:50 +0000 (10:35 +0000)]
Fix evp_extra_test.c with no-ec
When OpenSSL is configured with no-ec, then the new evp_extra_test fails to
pass. This change adds appropriate OPENSSL_NO_EC guards around the code.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
a988036259a4e119f6787b4c585f506226330120)
Matt Caswell [Fri, 20 Feb 2015 09:18:29 +0000 (09:18 +0000)]
Fix some minor documentation issues
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Matt Caswell [Tue, 10 Feb 2015 16:21:30 +0000 (16:21 +0000)]
Remove pointless free, and use preferred way of calling d2i_* functions
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Matt Caswell [Tue, 10 Feb 2015 16:08:33 +0000 (16:08 +0000)]
Add dire warnings about the "reuse" capability of the d2i_* functions.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Matt Caswell [Tue, 10 Feb 2015 15:45:56 +0000 (15:45 +0000)]
Provide documentation for i2d_ECPrivateKey and d2i_ECPrivateKey
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Conflicts:
doc/crypto/EC_KEY_new.pod
doc/crypto/EC_POINT_new.pod
Matt Caswell [Mon, 9 Feb 2015 11:38:41 +0000 (11:38 +0000)]
Fix a failure to NULL a pointer freed on error.
Inspired by BoringSSL commit
517073cd4b by Eric Roman <eroman@chromium.org>
CVE-2015-0209
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Matt Caswell [Mon, 9 Feb 2015 09:45:35 +0000 (09:45 +0000)]
Import evp_test.c from BoringSSL. Unfortunately we already have a file
called evp_test.c, so I have called this one evp_extra_test.c
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Conflicts:
crypto/evp/Makefile
test/Makefile
Conflicts:
test/Makefile
crypto/evp/evp_extra_test.c
Dr. Stephen Henson [Tue, 24 Feb 2015 13:52:21 +0000 (13:52 +0000)]
Document -no_explicit
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
384dee51242e950c56b3bac32145957bfbf3cd4b)
Edgar Pek [Sat, 21 Feb 2015 13:56:41 +0000 (14:56 +0100)]
Fix null-pointer dereference
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
bcfa19a8d19506c26b5f8d9d9934ca2aa5f96b43)
Kurt Roeckx [Sat, 21 Feb 2015 13:51:50 +0000 (14:51 +0100)]
Fix memory leak
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
edac5dc220d494dff7ee259dfd84335ffa50e938)
Doug Hogan [Thu, 8 Jan 2015 02:21:01 +0000 (18:21 -0800)]
Avoid a double-free in an error path.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
1549a265209d449b6aefd2b49d7d39f7fbe0689b)
Richard Levitte [Sun, 22 Feb 2015 07:27:36 +0000 (08:27 +0100)]
Restore -DTERMIO/-DTERMIOS on Windows platforms.
The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a
bit too enthusiastically. Windows/DOSish platforms of all sorts get
identified as OPENSSL_SYS_MSDOS, and they get a different treatment
altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the
configuration. The answer is to restore those macro definitions for
the affected configuration targets.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
ba4bdee7184a5cea5bef8739eb360e5c2bc3b52c)
Conflicts:
Configure
Richard Levitte [Thu, 12 Feb 2015 10:41:48 +0000 (11:41 +0100)]
Assume TERMIOS is default, remove TERMIO on all Linux.
The rationale for this move is that TERMIOS is default, supported by
POSIX-1.2001, and most definitely on Linux. For a few other systems,
TERMIO may still be the termnial interface of preference, so we keep
-DTERMIO on those in Configure.
crypto/ui/ui_openssl.c is simplified in this regard, and will define
TERMIOS for all systems except a select few exceptions.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
64e6bf64b36136d487e2fbf907f09612e69ae911)
Conflicts:
Configure
crypto/ui/ui_openssl.c
Rich Salz [Thu, 12 Feb 2015 19:23:28 +0000 (14:23 -0500)]
RT3684: rand_egd needs stddef.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
872f91c4036e35d292d423e751741ba76f8c5594)
Graeme Perrow [Thu, 12 Feb 2015 18:00:42 +0000 (13:00 -0500)]
RT3670: Check return from BUF_MEM_grow_clean
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
b0333e697c008d639c56f48e9148cb8cba957e32)
Eric Dequin [Thu, 12 Feb 2015 15:44:30 +0000 (10:44 -0500)]
Missing OPENSSL_free on error path.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
1d2932de4cefcc200f175863a42c311916269981)
Andy Polyakov [Mon, 9 Feb 2015 14:59:09 +0000 (15:59 +0100)]
Bring objects.pl output even closer to new format.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
849037169d98d070c27d094ac341fc6aca1ed2ca)
Dr. Stephen Henson [Sun, 8 Feb 2015 13:14:05 +0000 (13:14 +0000)]
Fix memory leak reporting.
Free up bio_err after memory leak data has been printed to it.
In int_free_ex_data if ex_data is NULL there is nothing to free up
so return immediately and don't reallocate it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
9c7a780bbebc1b6d87dc38a6aa3339033911a8bb)
Andy Polyakov [Sat, 7 Feb 2015 09:15:32 +0000 (10:15 +0100)]
Harmonize objects.pl output with new format.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
7ce38623194f6df6a846cd01753b63f361c88e57)
Matt Caswell [Thu, 5 Feb 2015 10:19:55 +0000 (10:19 +0000)]
Fix error handling in ssltest
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
ae632974f905c59176fa5f312826f8f692890b67)
Rich Salz [Thu, 5 Feb 2015 14:44:30 +0000 (09:44 -0500)]
Fixed bad formatting in crypto/des/spr.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
7e35f06ea908e47f87b723b5e951ffc55463eb8b)
Dr. Stephen Henson [Wed, 4 Feb 2015 03:31:34 +0000 (03:31 +0000)]
Make objxref.pl output in correct format
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
6922ddee1b7b1bddbe0d59a5bbdcf8ff39343434)
Dr. Stephen Henson [Sun, 1 Feb 2015 13:06:32 +0000 (13:06 +0000)]
Check PKCS#8 pkey field is valid before cleansing.
PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
52e028b9de371da62c1e51b46592517b1068d770)
Richard Levitte [Fri, 30 Jan 2015 03:44:17 +0000 (04:44 +0100)]
dso_vms needs to add the .EXE extension if there is none already
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
be7b1097e28ff6d49f0d4b7ab8b036d6da87ebc6)
Viktor Dkhovni [Fri, 23 Jan 2015 20:39:40 +0000 (15:39 -0500)]
Replace exit() with error return.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Tue, 27 Jan 2015 21:35:55 +0000 (16:35 -0500)]
Revert "Remove engine_rsax and its asm file."
This reverts commit
5226c62b7632dfaf38480919d406307318a7d145.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Matt Caswell [Mon, 26 Jan 2015 23:28:31 +0000 (23:28 +0000)]
Provide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead
functions.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
8507474564f3f743f5daa3468ca97a9b707b3583)
Matt Caswell [Mon, 26 Jan 2015 16:46:49 +0000 (16:46 +0000)]
Remove explicit setting of read_ahead for DTLS. It never makes sense not to
use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs
to be the default.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
f4002412518703d07fee321d4c88ee0bbe1694fe)
Conflicts:
apps/s_client.c
apps/s_server.c
Matt Caswell [Mon, 26 Jan 2015 16:47:36 +0000 (16:47 +0000)]
Make DTLS always act as if read_ahead is set. The actual value of read_ahead
is ignored for DTLS.
RT#3657
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa)
Rich Salz [Mon, 26 Jan 2015 15:59:14 +0000 (10:59 -0500)]
Remove engine_rsax and its asm file.
cherry-picked from
db7cb7ab9a5968f32ddbe11c3fba71ccbf4ffa53
This wasn't cleanly cherry-picked, since the build
process changed a bit for 1.0.2.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Mon, 26 Jan 2015 02:15:57 +0000 (21:15 -0500)]
Make OPENSSL_config truly ignore errors.
Per discussion: should not exit. Should not print to stderr.
Errors are ignored. Updated doc to reflect that, and the fact
that this function is to be avoided.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(cherry picked from commit
abdd677125f3a9e3082f8c5692203590fdb9b860)
Kurt Roeckx [Sat, 24 Jan 2015 14:04:53 +0000 (15:04 +0100)]
Fix segfault with empty fields as last in the config.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Thu, 22 Jan 2015 11:44:18 +0000 (11:44 +0000)]
Fix for reformat problems with e_padlock.c
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
d3b7cac41b957704932a0cdbc74d4d48ed507cd0)
Matt Caswell [Thu, 22 Jan 2015 10:42:48 +0000 (10:42 +0000)]
Fix formatting error in pem.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
Conflicts:
crypto/pem/pem.h
Rob Stradling [Thu, 22 Jan 2015 12:18:30 +0000 (12:18 +0000)]
Use inner algorithm when printing certificate.
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
004efdbb41f731d36bf12d251909aaa08704a756)
Matt Caswell [Mon, 5 Jan 2015 11:30:03 +0000 (11:30 +0000)]
Re-align some comments after running the reformat script.
This should be a one off operation (subsequent invokation of the
script should not move them)
This commit is for the 1.0.1 changes
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 23:56:21 +0000 (23:56 +0000)]
Rerun util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 23:55:44 +0000 (23:55 +0000)]
Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 23:54:59 +0000 (23:54 +0000)]
More tweaks for comments due indent issues
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 22:38:06 +0000 (22:38 +0000)]
Fix modes.h so that indent doesn't complain
Conflicts:
crypto/modes/modes.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 22:03:55 +0000 (22:03 +0000)]
Backport hw_ibmca.c from master due to failed merge
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 21:22:49 +0000 (21:22 +0000)]
Tweaks for comments due to indent's inability to handle them
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 19:18:47 +0000 (19:18 +0000)]
Move more comments that confuse indent
Conflicts:
crypto/dsa/dsa.h
demos/engines/ibmca/hw_ibmca.c
ssl/ssl_locl.h
Conflicts:
crypto/bn/rsaz_exp.c
crypto/evp/e_aes_cbc_hmac_sha1.c
crypto/evp/e_aes_cbc_hmac_sha256.c
ssl/ssl_locl.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Wed, 21 Jan 2015 15:32:54 +0000 (15:32 +0000)]
Delete trailing whitespace from output.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Tue, 20 Jan 2015 18:53:56 +0000 (18:53 +0000)]
Add -d debug option to save preprocessed files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Tue, 20 Jan 2015 18:49:04 +0000 (18:49 +0000)]
Test option -nc
Add option -nc which sets COMMENTS=true but disables all indent comment
reformatting options.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 16:37:58 +0000 (16:37 +0000)]
Add ecp_nistz256.c to list of files skipped by openssl-format-source
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 16:34:27 +0000 (16:34 +0000)]
Manually reformat aes_x86core.c and add it to the list of files skipped by
openssl-format-source
Conflicts:
crypto/aes/aes_x86core.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Wed, 21 Jan 2015 15:51:06 +0000 (16:51 +0100)]
crypto/ofb128.c: make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Wed, 21 Jan 2015 15:49:27 +0000 (16:49 +0100)]
modes/ctr128.c: make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Wed, 21 Jan 2015 15:47:51 +0000 (16:47 +0100)]
modes/cfb128.c: make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 16:12:59 +0000 (16:12 +0000)]
Fix indent comment corruption issue
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 15:28:57 +0000 (15:28 +0000)]
Amend openssl-format-source so that it give more repeatable output
Reviewed-by: Tim Hudson <tjh@openssl.org>
projects / openssl.git / log