Pawel Kowalski [Fri, 24 Nov 2017 10:45:40 +0000 (11:45 +0100)]
Merge tag 'upstream/1.0.2m' into tizen_4.0_base
Upstream version 1.0.2m
Change-Id: I0324687ff87ce098888b7b6918c2f8c2bb4a5e73
Pawel Kowalski [Fri, 24 Nov 2017 10:26:53 +0000 (11:26 +0100)]
Imported Upstream version 1.0.2m
Igor Kotrasinski [Thu, 10 Aug 2017 14:34:45 +0000 (16:34 +0200)]
Fixup PIE compilation flags
Change 'fPIE' to 'fPIC' (the former causes compilation failure on some
architectures).
Change-Id: Icd5930d8bd03715d82f5315cba7ee9a8f4bc6101
Signed-off-by: Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
Igor Kotrasinski [Thu, 10 Aug 2017 10:04:07 +0000 (12:04 +0200)]
Add PIE flags to config
Add flags for Configure script, as it passes them down to compiler and
linker. Fixes openssl binary not building as PIE (for ASLR).
Change-Id: Iaac6de23c28809aed8d5c92e85e5ef56e12b56b1
Signed-off-by: Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
Lukasz Pawelczyk [Mon, 8 May 2017 09:59:43 +0000 (11:59 +0200)]
Merge tag 'upstream/1.0.2k' into tizen_base
Upstream version 1.0.2k
Change-Id: Ibb94241d3263d8efc2c93a6f485049b24aea52f6
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Lukasz Pawelczyk [Thu, 4 May 2017 10:09:54 +0000 (12:09 +0200)]
Imported Upstream version 1.0.2k
Dongsun Lee [Mon, 3 Apr 2017 09:47:10 +0000 (18:47 +0900)]
make debug pakcages to strip binary
Change-Id: I97248db08b47ecdcada7469fc0c16f27654aaf11
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Jiyoung Yun [Mon, 20 Mar 2017 10:37:04 +0000 (19:37 +0900)]
Add -64bit package for .NET i586 build
.NET runtime has a dependency with openssl library.
There is no toolchain for i586 build in .NET runtime,
so to build it for i586,
it needs i586 package which contains x86_64 library.
Signed-off-by: Jiyoung Yun <jy910.yun@samsung.com>
Change-Id: Ib6a6ed21006bf83c5de22bc2d88486f8115dad1b
Kyungwook Tak [Mon, 28 Nov 2016 03:56:07 +0000 (12:56 +0900)]
Add license files to packaging
Change-Id: I073939ffc69ad49810129af5248d333948d9bcfe
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dongsun Lee [Fri, 25 Nov 2016 07:45:23 +0000 (16:45 +0900)]
Change license name from BSD-2.0 to BSD-3-Clause
Change-Id: Id9f411da1e2272abff72472440d23a7ff3a2c65b
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Dongsun Lee [Tue, 11 Oct 2016 02:31:15 +0000 (11:31 +0900)]
Add Apache-2.0 and BSD-2.0 licenses in spec file
- BSD-2.0 : rasz_exp.h, rsaz-svx2.pl, rsaz-x86_64.pl
- Apache-2.0 : ecp_nistp224.c, ecp_nistp256.c, ecp_nistp512.c, ecp_nistputil.c,
ecp_nistz256.c, ecp_nistz256-avx2.pl, ecp_nistz256-x86_64.pl
Change-Id: I6466e9f7a78869737b815cc2dcab2f9297511d59
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Dongsun Lee [Tue, 4 Oct 2016 07:41:11 +0000 (16:41 +0900)]
Merge tag 'upstream/1.0.2j' into tizen_base
Change-Id: I05036caf74c3d9b0b33053458c4a9ec8640dae79
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Dongsun Lee [Tue, 4 Oct 2016 07:39:41 +0000 (16:39 +0900)]
Imported Upstream version 1.0.2j
Change-Id: I57424e369a568144838d2a7b8e2ca3a5737adf58
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Dongsun Lee [Mon, 26 Sep 2016 05:27:31 +0000 (14:27 +0900)]
Merge tag 'upstream/1.0.2i' into tizen_base
Change-Id: I16b1811518d680619ab815e05e75a8c83bc8d0dc
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Dongsun Lee [Mon, 26 Sep 2016 00:05:54 +0000 (09:05 +0900)]
Imported Upstream version 1.0.2i
Change-Id: Ie36b37cac23a47c82793df31244ade44f98093fa
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Kyungwook Tak [Fri, 19 Aug 2016 05:23:27 +0000 (14:23 +0900)]
Restore rpms (openssl, mic, doc) for compatability
Change-Id: I306944c611a4c870d98ee093bfcb3a174e3f41bb
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 28 Jul 2016 11:37:49 +0000 (20:37 +0900)]
Cleanup packaging and spec
Clean up legacy configures which comes from opensuse project.
Newly fixed code is based on Tizen 2.4 and spec from upstream.
Change-Id: I44cc9b76855e9651cb666f2bb48d451559da3bce
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 28 Jul 2016 02:44:38 +0000 (11:44 +0900)]
Upgrade upstream version to 1.0.2h
no-ssl2-method option added for not adding any symbol
compare with previous version(1.0.2g) because they're already removed
Change-Id: I89185548c0a04748d93ffcd3740f940e99fefb24
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 28 Jul 2016 02:32:16 +0000 (11:32 +0900)]
Imported Upstream version 1.0.2h
Change-Id: Ica9a30d71f52395a402accf32110b52f46851c11
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dongsun Lee [Wed, 8 Jun 2016 00:35:12 +0000 (09:35 +0900)]
modify mcpu and march flag in case for mcpu=cortex-a15.cortex-a7 or march=armv7ve
Change-Id: I5cf5bae46a34aca5faf9ef049172118b41e542e6
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
sangsu choi [Wed, 20 Apr 2016 06:52:54 +0000 (23:52 -0700)]
Revert "enable SSLV2 about openssl"
This reverts commit
28eaea79ada396f5eaf8c0609943e07ad4f666d5.
Change-Id: I81f0b114d56637216cbd68c55d1fa28d05988bbc
sangsu [Tue, 15 Mar 2016 00:07:06 +0000 (09:07 +0900)]
enable SSLV2 about openssl
Change-Id: I47ba88b5c8ce924e63f438f5474552337580379f
Signed-off-by: sangsu <sangsu.choi@samsung.com>
sangsu [Mon, 7 Mar 2016 06:30:03 +0000 (15:30 +0900)]
Merge branch 'upstream' into tizen_base
Change-Id: I6c175d41a528ea498db65ba5c8114f82881e5e91
Signed-off-by: sangsu <sangsu.choi@samsung.com>
sangsu [Mon, 7 Mar 2016 05:42:53 +0000 (14:42 +0900)]
Imported Upstream version 1.0.2g
Change-Id: I2b5f4248ba97b6abbe363a5da33c953e623e0a7e
Signed-off-by: sangsu <sangsu.choi@samsung.com>
sangsu [Thu, 3 Mar 2016 05:47:58 +0000 (14:47 +0900)]
Add missing license files
Change-Id: I6e9adc80f104a42722fdf0cd95a80648cdc19533
Signed-off-by: sangsu <sangsu.choi@samsung.com>
sangsu [Thu, 3 Mar 2016 05:30:00 +0000 (14:30 +0900)]
Update License in openssl.spec file
Change-Id: Iebe5bde3149fde75b16be390b30ee47cf1640061
Signed-off-by: sangsu <sangsu.choi@samsung.com>
Kyungwook Tak [Thu, 28 Jan 2016 11:08:04 +0000 (20:08 +0900)]
Add no-asm option
Signal handler cannot registered on some target so SIGILL
makes crash when detecting cpu capability. To use HW capability
is dependent on individual product projects.
Change-Id: I8d96eee86601755f2aa6cd05dfb57669eb815427
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Mon, 28 Dec 2015 06:03:49 +0000 (15:03 +0900)]
Merge upgrade commit (v1.0.2e) into tizen_base
Change-Id: If254724f73f6f886a7991afdd4782036278484ee
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 18 Dec 2015 05:13:27 +0000 (14:13 +0900)]
Upgrade Upstream version 1.0.2e
Change-Id: If6afd73ecd5ef4548b9389eca6e53946aac3b9f2
sangwan.kwon [Fri, 18 Dec 2015 02:39:57 +0000 (11:39 +0900)]
Imported Upstream version 1.0.2e
Change-Id: Ib2b4a8546eecf9f4d4a80d8f91b48dbf50bff173
Kyungwook Tak [Thu, 17 Dec 2015 14:02:17 +0000 (23:02 +0900)]
Remove /etc/ssl/certs dir from rpm files
ca-certificates package handles all of system certificates resource
Change-Id: Ifa25a170486dbccf34902096687d2f72673b64dd
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 15 Dec 2015 02:41:38 +0000 (11:41 +0900)]
Move library path to default libdir
Change-Id: I70356e1ef2e74b817bd4008dc4e68473ed29d843
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 12 Oct 2015 06:50:14 +0000 (15:50 +0900)]
Fix diff between upstream and tizen
Change-Id: I30681b310869557c60a2d8ab3b76d999c9c2fa97
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 12 Oct 2015 06:49:10 +0000 (15:49 +0900)]
Upgrade upstream version to 1.0.2d
Change-Id: I68b01267078a01007964c693440489151bc8ba2f
Yury Usishchev [Tue, 6 Oct 2015 11:05:17 +0000 (14:05 +0300)]
Imported Upstream version 1.0.2d
Change-Id: I565a3e3ac5176f83139175faa2d2a11a334e8908
Signed-off-by: Yury Usishchev <y.usishchev@samsung.com>
Kyungwook Tak [Mon, 31 Aug 2015 07:19:30 +0000 (16:19 +0900)]
Upgrade openssl version to 1.0.1p
Change-Id: I4adbd2d17c72f228aea1396678f1e11a67b63bdc
Kyungwook Tak [Mon, 31 Aug 2015 07:15:21 +0000 (16:15 +0900)]
Imported Upstream version 1.0.1p
Change-Id: I297624cdcb5d68a3442cdf4666722e66ce7a264b
kyungwook tak [Wed, 25 Mar 2015 09:51:48 +0000 (18:51 +0900)]
Upgrade openssl version to 1.0.1m
Conflicts:
ssl/ssl_lib.c
Change-Id: Ib400e515e742c87075578ed5e7ff82ccf4f195af
Signed-off-by: kyungwook tak <k.tak@samsung.com>
kyungwook tak [Wed, 25 Mar 2015 02:18:14 +0000 (11:18 +0900)]
Imported Upstream version 1.0.1m
Change-Id: Ifa60e86d772dade7afe158c8899e6d36c5561bba
kyungwook tak [Thu, 12 Mar 2015 04:10:43 +0000 (13:10 +0900)]
Upgrade openssl version to 1.0.1l
Change-Id: Ia57c845afb0e9f2eb99fdb167441ef0b6157b50c
kyungwook tak [Thu, 12 Mar 2015 02:36:31 +0000 (11:36 +0900)]
Imported Upstream version 1.0.1l
Change-Id: I99680d38528c4117e59bb5377cc54820b22b93a2
Janusz Kozerski [Wed, 22 Oct 2014 09:48:50 +0000 (11:48 +0200)]
Move openssl version from 1.0.1h to 1.0.1j
for CVE-2014-3513 CVE-2014-3567 CVE-2014-3566 (SSLv3 POODLE)
CVE-2014-3568 fixes
Change-Id: I7f10ab3e6459da4553c298c2ed26db0dc3623d0e
Signed-off-by: Janusz Kozerski <j.kozerski@samsung.com>
John L. Whiteman [Fri, 20 Jun 2014 20:05:34 +0000 (13:05 -0700)]
Move openssl version from 1.0.1g to 1.0.1h
for CVE-2014-0224, CVE-2014-0221, CVE-2014-0195,
CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 fixes
Change-Id: Ifa69d7a46f9a000d0ee8cf4da86e3e1d7113cfdc
Signed-off-by: John L. Whiteman <john.l.whiteman@intel.com>
Michael Demeter [Thu, 10 Apr 2014 18:20:00 +0000 (11:20 -0700)]
Move openssl version to 1.0.1g for CVE-2014-160 (Heartbleed)
Change-Id: Ia8dc1aada13143a27be097574f985414b998159f
Signed-off-by: Michael Demeter <michael.demeter@intel.com>
Ryan Ware [Tue, 13 Aug 2013 23:15:32 +0000 (16:15 -0700)]
Move to OpenSSL 1.0.1e from 1.0.1c.
Alexandru Cornea [Mon, 1 Jul 2013 18:05:50 +0000 (21:05 +0300)]
resetting manifest requested domain to floor
Anas Nashif [Fri, 22 Mar 2013 18:03:34 +0000 (11:03 -0700)]
Fixed package groups
Anas Nashif [Mon, 18 Mar 2013 19:47:58 +0000 (12:47 -0700)]
Fixed package group
Anas Nashif [Mon, 18 Mar 2013 15:28:22 +0000 (08:28 -0700)]
Fixed package groups
Anas Nashif [Wed, 28 Nov 2012 23:36:03 +0000 (15:36 -0800)]
enable md2
Anas Nashif [Wed, 28 Nov 2012 16:35:51 +0000 (08:35 -0800)]
do not run tests for now
Anas Nashif [Wed, 28 Nov 2012 16:32:17 +0000 (08:32 -0800)]
remove patches
Anas Nashif [Wed, 28 Nov 2012 16:28:27 +0000 (08:28 -0800)]
enable md2
Anas Nashif [Mon, 5 Nov 2012 21:57:24 +0000 (13:57 -0800)]
add packaging
Ryan Ware [Tue, 13 Aug 2013 23:04:16 +0000 (16:04 -0700)]
Imported Upstream version 1.0.1e
Matt Caswell [Wed, 15 Oct 2014 12:54:46 +0000 (13:54 +0100)]
Prepare for 1.0.1j release
Reviewed-by: Stephen Henson <steve@openssl.org>
Matt Caswell [Wed, 15 Oct 2014 11:27:03 +0000 (12:27 +0100)]
Updates to NEWS
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
Matt Caswell [Wed, 15 Oct 2014 09:40:29 +0000 (10:40 +0100)]
Add updates to CHANGES file
Reviewed-by: Bodo Möller <bodo@openssl.org>
Geoff Thorpe [Wed, 15 Oct 2014 07:25:50 +0000 (03:25 -0400)]
Fix no-ssl3 configuration option
CVE-2014-3568
Reviewed-by: Emilia Kasper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Wed, 15 Oct 2014 00:53:55 +0000 (01:53 +0100)]
Fix for session tickets memory leak.
CVE-2014-3567
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
5dc6070a03779cd524f0e67f76c945cb0ac38320)
Matt Caswell [Wed, 15 Oct 2014 00:23:07 +0000 (01:23 +0100)]
Fix SRTP compile issues for windows
Related to CVE-2014-3513
This fix was developed by the OpenSSL Team
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 15 Oct 2014 00:20:38 +0000 (01:20 +0100)]
Fix for SRTP Memory Leak
CVE-2014-3513
This issue was reported to OpenSSL on 26th September 2014, based on an origi
issue and patch developed by the LibreSSL project. Further analysis of the i
was performed by the OpenSSL team.
The fix was developed by the OpenSSL team.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Bodo Moeller [Wed, 15 Oct 2014 12:47:39 +0000 (14:47 +0200)]
Fix SSL_R naming inconsistency.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Wed, 15 Oct 2014 09:10:08 +0000 (11:10 +0200)]
aesni-x86_64.pl: make ECB subroutine Windows ABI compliant.
RT: 3553
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit
69d5747f90136aa026a96204f26ab39549dfc69b)
Tim Hudson [Thu, 25 Sep 2014 06:04:35 +0000 (08:04 +0200)]
Add constant_time_locl.h to HEADERS,
so the Win32 compile picks it up correctly.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Thu, 25 Sep 2014 04:47:23 +0000 (06:47 +0200)]
Add the constant time test to the VMS build and tests
Reviewed-by: Tim Hudson <tjh@openssl.org>
Conflicts:
test/maketests.com
test/tests.com
Richard Levitte [Wed, 24 Sep 2014 20:59:37 +0000 (22:59 +0200)]
Include "constant_time_locl.h" rather than "../constant_time_locl.h".
The different -I compiler parameters will take care of the rest...
Reviewed-by: Tim Hudson <tjh@openssl.org>
Richard Levitte [Mon, 16 Jun 2014 11:24:04 +0000 (13:24 +0200)]
Spaces were added in some strings for better readability. However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces
Reviewed-by: Tim Hudson <tjh@openssl.org>
Richard Levitte [Wed, 6 Aug 2014 02:37:27 +0000 (04:37 +0200)]
Adjust VMS build to Unix build. Most of all, make it so the disabled
algorithms MD2 and RC5 don't get built.
Also, disable building the test apps in crypto/des and crypto/pkcs7, as
they have no support at all.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Richard Levitte [Wed, 18 Jun 2014 11:41:54 +0000 (13:41 +0200)]
Make sure test/tests.com exit gracefully, even when openssl.exe wasn't properly built.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Richard Levitte [Wed, 6 Aug 2014 01:54:57 +0000 (03:54 +0200)]
Update the VMS build according to the latest unixly build. Partly provided by Zoltan Arpadffy <arpadffy@polarhome.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Richard Levitte [Sat, 14 Jun 2014 13:13:44 +0000 (15:13 +0200)]
Make sure that disabling the MAYLOSEDATA3 warning is only done when the compiler supports it. Otherwise, there are warnings about it lacking everywhere, which is quite tedious to read through while trying to check for other warnings.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Bodo Moeller [Wed, 15 Oct 2014 02:05:42 +0000 (04:05 +0200)]
Support TLS_FALLBACK_SCSV.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Fri, 10 Oct 2014 12:18:09 +0000 (13:18 +0100)]
Preserve digests for SNI.
SSL_set_SSL_CTX is normally called for SNI after ClientHello has
received and the digest to use for each certificate has been decided.
The original ssl->cert contains the negotiated digests and is now
copied to the new ssl->cert.
PR: 3560
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Fri, 3 Oct 2014 22:48:49 +0000 (23:48 +0100)]
Removed duplicate definition of PKCS7_type_is_encrypted
Patch supplied by Matthieu Patou <mat@matws.net>, and modified to also
remove duplicate definition of PKCS7_type_is_digest.
PR#3551
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
e0fdea3e49e7454aa76bd5ecf3a3747641354c68)
Dr. Stephen Henson [Thu, 25 Sep 2014 22:28:48 +0000 (23:28 +0100)]
Add additional DigestInfo checks.
Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.
Note: this is a precautionary measure, there is no known attack
which can exploit this.
Thanks to Brian Smith for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Emilia Kasper [Thu, 25 Sep 2014 11:39:21 +0000 (13:39 +0200)]
Add missing tests
Accidentally omitted from commit
455b65dfab0de51c9f67b3c909311770f2b3f801
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit
fdc35a9d3e8cf4cfd9330d5df9883f42cf5648ad)
Dr. Stephen Henson [Sat, 20 Sep 2014 00:00:55 +0000 (01:00 +0100)]
Use correct function name: CMS_add1_signer()
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
5886354dcca4f8445ed35b6995a035b75409590c)
Andy Polyakov [Wed, 24 Sep 2014 22:42:26 +0000 (00:42 +0200)]
crypto/bn/bn_nist.c: work around MSC ARM compiler bug.
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit
8b07c005fe006044d0e4a795421447deca3c9f2c)
Emilia Kasper [Fri, 5 Sep 2014 12:47:33 +0000 (14:47 +0200)]
RT3425: constant-time evp_enc
Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
4aac102f75b517bdb56b1bcfd0a856052d559f6e)
Conflicts:
crypto/evp/evp_enc.c
(cherry picked from commit
738911cde68b2b3706e502cf8daf5b14738f2f42)
Emilia Kasper [Thu, 4 Sep 2014 11:04:42 +0000 (13:04 +0200)]
RT3067: simplify patch
(Original commit
adb46dbc6dd7347750df2468c93e8c34bcb93a4b)
Use the new constant-time methods consistently in s3_srvr.c
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit
455b65dfab0de51c9f67b3c909311770f2b3f801)
Adam Langley [Wed, 24 Apr 2013 18:45:44 +0000 (14:45 -0400)]
This change alters the processing of invalid, RSA pre-master secrets so
that bad encryptions are treated like random session keys in constant
time.
(cherry picked from commit
adb46dbc6dd7347750df2468c93e8c34bcb93a4b)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Emilia Kasper [Thu, 28 Aug 2014 17:43:49 +0000 (19:43 +0200)]
RT3066: rewrite RSA padding checks to be slightly more constant time.
Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1
This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Conflicts:
crypto/rsa/rsa_oaep.c
Tim Hudson [Sun, 21 Sep 2014 11:54:31 +0000 (21:54 +1000)]
Fixed error introduced in commit
f2be92b94dad3c6cbdf79d99a324804094cf1617
that fixed PR#3450 where an existing cast masked an issue when i was changed
from int to long in that commit
Picked up on z/linux (s390) where sizeof(int)!=sizeof(long)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
b5ff559ff90124c6fd53bbb49dae5edb4e821e0a)
Rich Salz [Wed, 10 Sep 2014 15:43:45 +0000 (11:43 -0400)]
RT2560: missing NULL check in ocsp_req_find_signer
If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit
b2aa38a980e9fbf158aafe487fb729c492b241fb)
Erik Auerswald [Wed, 27 Aug 2014 02:50:34 +0000 (22:50 -0400)]
RT3301: Discard too-long heartbeat requests
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
af4c6e348e4bad6303e7d214cdcf2536487aabe4)
Adam Langley [Fri, 20 Jun 2014 19:00:00 +0000 (12:00 -0700)]
psk_client_callback, 128-byte id bug.
Fix a bug in handling of 128 byte long PSK identity in
psk_client_callback.
OpenSSL supports PSK identities of up to (and including) 128 bytes in
length. PSK identity is obtained via the psk_client_callback,
implementors of which are expected to provide a NULL-terminated
identity. However, the callback is invoked with only 128 bytes of
storage thus making it impossible to return a 128 byte long identity and
the required additional NULL byte.
This CL fixes the issue by passing in a 129 byte long buffer into the
psk_client_callback. As a safety precaution, this CL also zeroes out the
buffer before passing it into the callback, uses strnlen for obtaining
the length of the identity returned by the callback, and aborts the
handshake if the identity (without the NULL terminator) is longer than
128 bytes.
(Original patch amended to achieve strnlen in a different way.)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
be0d851732bad7370640702bc9c4a33189ede287)
Adam Langley [Tue, 23 Apr 2013 16:13:51 +0000 (12:13 -0400)]
Ensure that x**0 mod 1 = 0.
(cherry picked from commit
2b0180c37fa6ffc48ee40caa831ca398b828e680)
Reviewed-by: Ben Laurie <ben@openssl.org>
Richard Levitte [Thu, 14 Aug 2014 23:24:34 +0000 (01:24 +0200)]
Followup on RT3334 fix: make sure that a directory that's the empty
string returns 0 with errno = ENOENT.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
360928b7d0f16dde70e26841bbf9e1af727e8b8f)
Phil Mesnier [Thu, 14 Aug 2014 17:35:07 +0000 (19:35 +0200)]
RT3334: Fix crypto/LPdir_win.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
6a14fe7576e7a14a46ba14df8be8fe478536b4fb)
Emilia Kasper [Thu, 28 Aug 2014 17:45:55 +0000 (19:45 +0200)]
Make the inline const-time functions static.
"inline" without static is not correct as the compiler may choose to ignore it
and will then either emit an external definition, or expect one.
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit
86f50b36e63275a916b147f9d8764e3c0c060fdb)
Andy Polyakov [Sat, 30 Aug 2014 17:17:09 +0000 (19:17 +0200)]
md5-x86_64.pl: work around warning.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
4d86e8df6be69ed13abb73fd564f1f894eea0a98)
Rich Salz [Mon, 14 Jul 2014 15:27:16 +0000 (11:27 -0400)]
Add tags/TAGS
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
9d6253cfd3395dfe7147dae134579c6b16544c53)
Rich Salz [Thu, 28 Aug 2014 23:11:42 +0000 (19:11 -0400)]
RT2119,3407: Updated to dgst.pod
Re-order algorithm list.
Be consistent in command synopsis.
Add content about signing.
Add EXAMPLE section
Add some missing options: -r, -fips-fingerprint -non-fips-allow
Various other fixes.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
6aa9dbab0f9b90060b7ee609b8c3c726ce4faf21)
James Westby [Thu, 14 Aug 2014 14:14:35 +0000 (10:14 -0400)]
RT1941: c_rehash.pod is missing
Add the file written by James Westby, graciously contributed
under the terms of the OpenSSL license.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
cf2239b3b397174a8a6b1cc84ff68aba34ed5941)
Rich Salz [Mon, 18 Aug 2014 17:00:51 +0000 (13:00 -0400)]
RT2379: Bug in BIO_set_accept_port.pod
The doc says that port can be "*" to mean any port.
That's wrong.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit
07e3b31fae98b985d3d2aad7066144b11833f688)
Emilia Kasper [Thu, 28 Aug 2014 13:33:34 +0000 (15:33 +0200)]
Constant-time utilities
Pull constant-time methods out to a separate header, add tests.
Reviewed-by: Bodo Moeller <bodo@openssl.org>
(cherry picked from commit
9a9b0c0401cae443f115ff19921d347b20aa396b)
Conflicts:
test/Makefile
Raphael Spreitzer [Thu, 28 Aug 2014 02:53:10 +0000 (22:53 -0400)]
RT2400: ASN1_STRING_to_UTF8 missing initializer
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
f9fb43e176ad2a914108cd2b403425dc1ebc7262)
Rich Salz [Thu, 28 Aug 2014 01:47:12 +0000 (21:47 -0400)]
RT2308: Add extern "C" { ... } wrapper
Add the wrapper to all public header files (Configure
generates one). Don't bother for those that are just
lists of #define's that do renaming.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
089f10e69ece75ce31540501fe0898b15e898552)
Emilia Kasper [Mon, 25 Aug 2014 10:38:16 +0000 (12:38 +0200)]
Explicitly check for empty ASN.1 strings in d2i_ECPrivateKey
The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer
when the buffer length is 0. Change this to verify explicitly that the ASN.1 string
has positive length.
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit
82dc08de54ce443c2a9ac478faffe79e76157795)
projects / platform / upstream / openssl.git / log