Dariusz Michaluk [Mon, 29 Jul 2019 18:06:44 +0000 (20:06 +0200)]
Remove libopenssl-devel package
Change-Id: Ic9fc0e640f38ac3860e8b6516854cd9575ad8fd8
Dariusz Michaluk [Fri, 27 Dec 2019 09:24:36 +0000 (10:24 +0100)]
Merge branch 'upstream' into tizen_base
Change-Id: I86b7313a2b3181296e4bbf3227cdd4bc15a70812
Dariusz Michaluk [Fri, 27 Dec 2019 09:17:54 +0000 (10:17 +0100)]
Imported Upstream version 1.0.2u
Krzysztof Jackiewicz [Wed, 18 Sep 2019 09:44:24 +0000 (11:44 +0200)]
Merge branch 'upstream' into tizen_base
Change-Id: I052187c6bd9cc55d587fd63c000608ead364e629
Krzysztof Jackiewicz [Wed, 18 Sep 2019 09:03:10 +0000 (11:03 +0200)]
Imported Upstream version 1.0.2t
Dariusz Michaluk [Wed, 5 Jun 2019 14:10:59 +0000 (16:10 +0200)]
Rework project packaging
- remove openssl-doc and openssl-misc
- libopenssl-devel conflicts with libopenssl1.1-devel
- openssl requires openssl1.1
Change-Id: Ibb053dafb1aa7e5800b28e99da3df0b598834861
Dariusz Michaluk [Tue, 4 Jun 2019 16:32:34 +0000 (18:32 +0200)]
Merge branch 'upstream' into tizen_base
Change-Id: If901de6e8c9317a458af4fa72b754a2a5332cd5b
Dariusz Michaluk [Tue, 4 Jun 2019 16:25:46 +0000 (18:25 +0200)]
Imported Upstream version 1.0.2s
Tomasz Swierczek [Wed, 13 Mar 2019 05:40:28 +0000 (06:40 +0100)]
Merge branch 'upstream' into tizen_base
Change-Id: I538101a584d936cc3761ecf426fee9cba05c43b0
Tomasz Swierczek [Tue, 12 Mar 2019 09:02:53 +0000 (10:02 +0100)]
Imported Upstream version 1.0.2r
Dariusz Michaluk [Wed, 7 Mar 2018 16:34:19 +0000 (17:34 +0100)]
Introduce versioned symbols in openssl.
Introduce versioned symbols in openssl, so that programs linked
to different libraries which in turn are linked to different versions of
openssl will not segfault or behave otherwise erratically.
More info about problem can be found here:
https://rt.openssl.org/Ticket/Display.html?id=1222
https://guru.multimedia.cx/ld-so-gnu-linkerloader
Source of this patch can be found here:
https://anonscm.debian.org/viewvc/pkg-openssl/openssl/branches/stretch1.0/debian/patches/version-script.patch
Change-Id: Iaad1f86f1465437253529ddad6536eba14a853db
Dariusz Michaluk [Thu, 22 Nov 2018 10:55:26 +0000 (11:55 +0100)]
Merge branch 'upstream' into tizen_base
Change-Id: If02e1fb86dfbd1760b7dbc2cfc31fd5145ce5991
Dariusz Michaluk [Thu, 22 Nov 2018 10:46:15 +0000 (11:46 +0100)]
Imported Upstream version 1.0.2q
Dariusz Michaluk [Thu, 22 Nov 2018 10:46:02 +0000 (11:46 +0100)]
Imported Upstream version 1.0.2p
Guido Vranken [Mon, 11 Jun 2018 17:38:54 +0000 (19:38 +0200)]
Reject excessively large primes in DH key generation.
CVE-2018-0732
Signed-off-by: Guido Vranken <guidovranken@gmail.com>
(cherry picked from commit
91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6457)
Change-Id: I267b8ed8eb477c7da070e40dd978c0762e89d6dd
Billy Brumley [Wed, 11 Apr 2018 07:10:58 +0000 (10:10 +0300)]
RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set.
CVE-2018-0737
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
6939eab03a6e23d2bd2c3f5e34fe1d48e542e787)
Change-Id: I7ff51315e409dd39d6e0e9174d43d3221940bed2
Dariusz Michaluk [Wed, 9 May 2018 12:14:55 +0000 (14:14 +0200)]
Merge branch 'upstream' into tizen_base
Change-Id: I37b6a986ef725c03bb9d29b3db75fee86580b2b5
Dariusz Michaluk [Wed, 9 May 2018 11:32:57 +0000 (13:32 +0200)]
Imported Upstream version 1.0.2o
Dariusz Michaluk [Wed, 9 May 2018 11:32:36 +0000 (13:32 +0200)]
Imported Upstream version 1.0.2n
Pawel Kowalski [Fri, 24 Nov 2017 10:45:40 +0000 (11:45 +0100)]
Merge tag 'upstream/1.0.2m' into tizen_4.0_base
Upstream version 1.0.2m
Change-Id: I0324687ff87ce098888b7b6918c2f8c2bb4a5e73
Pawel Kowalski [Fri, 24 Nov 2017 10:26:53 +0000 (11:26 +0100)]
Imported Upstream version 1.0.2m
Change-Id: Ia7d9ec321d4495bdbdb87e2845e87b8f9319bd55
Pawel Kowalski [Fri, 24 Nov 2017 10:26:53 +0000 (11:26 +0100)]
Imported Upstream version 1.0.2m
Igor Kotrasinski [Thu, 10 Aug 2017 14:34:45 +0000 (16:34 +0200)]
Fixup PIE compilation flags
Change 'fPIE' to 'fPIC' (the former causes compilation failure on some
architectures).
Change-Id: Icd5930d8bd03715d82f5315cba7ee9a8f4bc6101
Signed-off-by: Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
Igor Kotrasinski [Thu, 10 Aug 2017 10:04:07 +0000 (12:04 +0200)]
Add PIE flags to config
Add flags for Configure script, as it passes them down to compiler and
linker. Fixes openssl binary not building as PIE (for ASLR).
Change-Id: Iaac6de23c28809aed8d5c92e85e5ef56e12b56b1
Signed-off-by: Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
Lukasz Pawelczyk [Mon, 8 May 2017 09:59:43 +0000 (11:59 +0200)]
Merge tag 'upstream/1.0.2k' into tizen_base
Upstream version 1.0.2k
Change-Id: Ibb94241d3263d8efc2c93a6f485049b24aea52f6
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Lukasz Pawelczyk [Thu, 4 May 2017 10:09:54 +0000 (12:09 +0200)]
Imported Upstream version 1.0.2k
Dongsun Lee [Mon, 3 Apr 2017 09:47:10 +0000 (18:47 +0900)]
make debug pakcages to strip binary
Change-Id: I97248db08b47ecdcada7469fc0c16f27654aaf11
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Jiyoung Yun [Mon, 20 Mar 2017 10:37:04 +0000 (19:37 +0900)]
Add -64bit package for .NET i586 build
.NET runtime has a dependency with openssl library.
There is no toolchain for i586 build in .NET runtime,
so to build it for i586,
it needs i586 package which contains x86_64 library.
Signed-off-by: Jiyoung Yun <jy910.yun@samsung.com>
Change-Id: Ib6a6ed21006bf83c5de22bc2d88486f8115dad1b
Kyungwook Tak [Mon, 28 Nov 2016 03:56:07 +0000 (12:56 +0900)]
Add license files to packaging
Change-Id: I073939ffc69ad49810129af5248d333948d9bcfe
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dongsun Lee [Fri, 25 Nov 2016 07:45:23 +0000 (16:45 +0900)]
Change license name from BSD-2.0 to BSD-3-Clause
Change-Id: Id9f411da1e2272abff72472440d23a7ff3a2c65b
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Dongsun Lee [Tue, 11 Oct 2016 02:31:15 +0000 (11:31 +0900)]
Add Apache-2.0 and BSD-2.0 licenses in spec file
- BSD-2.0 : rasz_exp.h, rsaz-svx2.pl, rsaz-x86_64.pl
- Apache-2.0 : ecp_nistp224.c, ecp_nistp256.c, ecp_nistp512.c, ecp_nistputil.c,
ecp_nistz256.c, ecp_nistz256-avx2.pl, ecp_nistz256-x86_64.pl
Change-Id: I6466e9f7a78869737b815cc2dcab2f9297511d59
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Dongsun Lee [Tue, 4 Oct 2016 07:41:11 +0000 (16:41 +0900)]
Merge tag 'upstream/1.0.2j' into tizen_base
Change-Id: I05036caf74c3d9b0b33053458c4a9ec8640dae79
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Dongsun Lee [Tue, 4 Oct 2016 07:39:41 +0000 (16:39 +0900)]
Imported Upstream version 1.0.2j
Change-Id: I57424e369a568144838d2a7b8e2ca3a5737adf58
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Dongsun Lee [Mon, 26 Sep 2016 05:27:31 +0000 (14:27 +0900)]
Merge tag 'upstream/1.0.2i' into tizen_base
Change-Id: I16b1811518d680619ab815e05e75a8c83bc8d0dc
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Dongsun Lee [Mon, 26 Sep 2016 00:05:54 +0000 (09:05 +0900)]
Imported Upstream version 1.0.2i
Change-Id: Ie36b37cac23a47c82793df31244ade44f98093fa
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Kyungwook Tak [Fri, 19 Aug 2016 05:23:27 +0000 (14:23 +0900)]
Restore rpms (openssl, mic, doc) for compatability
Change-Id: I306944c611a4c870d98ee093bfcb3a174e3f41bb
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 28 Jul 2016 11:37:49 +0000 (20:37 +0900)]
Cleanup packaging and spec
Clean up legacy configures which comes from opensuse project.
Newly fixed code is based on Tizen 2.4 and spec from upstream.
Change-Id: I44cc9b76855e9651cb666f2bb48d451559da3bce
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 28 Jul 2016 02:44:38 +0000 (11:44 +0900)]
Upgrade upstream version to 1.0.2h
no-ssl2-method option added for not adding any symbol
compare with previous version(1.0.2g) because they're already removed
Change-Id: I89185548c0a04748d93ffcd3740f940e99fefb24
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 28 Jul 2016 02:32:16 +0000 (11:32 +0900)]
Imported Upstream version 1.0.2h
Change-Id: Ica9a30d71f52395a402accf32110b52f46851c11
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dongsun Lee [Wed, 8 Jun 2016 00:35:12 +0000 (09:35 +0900)]
modify mcpu and march flag in case for mcpu=cortex-a15.cortex-a7 or march=armv7ve
Change-Id: I5cf5bae46a34aca5faf9ef049172118b41e542e6
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
sangsu choi [Wed, 20 Apr 2016 06:52:54 +0000 (23:52 -0700)]
Revert "enable SSLV2 about openssl"
This reverts commit
28eaea79ada396f5eaf8c0609943e07ad4f666d5.
Change-Id: I81f0b114d56637216cbd68c55d1fa28d05988bbc
sangsu [Tue, 15 Mar 2016 00:07:06 +0000 (09:07 +0900)]
enable SSLV2 about openssl
Change-Id: I47ba88b5c8ce924e63f438f5474552337580379f
Signed-off-by: sangsu <sangsu.choi@samsung.com>
sangsu [Mon, 7 Mar 2016 06:30:03 +0000 (15:30 +0900)]
Merge branch 'upstream' into tizen_base
Change-Id: I6c175d41a528ea498db65ba5c8114f82881e5e91
Signed-off-by: sangsu <sangsu.choi@samsung.com>
sangsu [Mon, 7 Mar 2016 05:42:53 +0000 (14:42 +0900)]
Imported Upstream version 1.0.2g
Change-Id: I2b5f4248ba97b6abbe363a5da33c953e623e0a7e
Signed-off-by: sangsu <sangsu.choi@samsung.com>
sangsu [Thu, 3 Mar 2016 05:47:58 +0000 (14:47 +0900)]
Add missing license files
Change-Id: I6e9adc80f104a42722fdf0cd95a80648cdc19533
Signed-off-by: sangsu <sangsu.choi@samsung.com>
sangsu [Thu, 3 Mar 2016 05:30:00 +0000 (14:30 +0900)]
Update License in openssl.spec file
Change-Id: Iebe5bde3149fde75b16be390b30ee47cf1640061
Signed-off-by: sangsu <sangsu.choi@samsung.com>
Kyungwook Tak [Thu, 28 Jan 2016 11:08:04 +0000 (20:08 +0900)]
Add no-asm option
Signal handler cannot registered on some target so SIGILL
makes crash when detecting cpu capability. To use HW capability
is dependent on individual product projects.
Change-Id: I8d96eee86601755f2aa6cd05dfb57669eb815427
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Mon, 28 Dec 2015 06:03:49 +0000 (15:03 +0900)]
Merge upgrade commit (v1.0.2e) into tizen_base
Change-Id: If254724f73f6f886a7991afdd4782036278484ee
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 18 Dec 2015 05:13:27 +0000 (14:13 +0900)]
Upgrade Upstream version 1.0.2e
Change-Id: If6afd73ecd5ef4548b9389eca6e53946aac3b9f2
sangwan.kwon [Fri, 18 Dec 2015 02:39:57 +0000 (11:39 +0900)]
Imported Upstream version 1.0.2e
Change-Id: Ib2b4a8546eecf9f4d4a80d8f91b48dbf50bff173
Kyungwook Tak [Thu, 17 Dec 2015 14:02:17 +0000 (23:02 +0900)]
Remove /etc/ssl/certs dir from rpm files
ca-certificates package handles all of system certificates resource
Change-Id: Ifa25a170486dbccf34902096687d2f72673b64dd
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 15 Dec 2015 02:41:38 +0000 (11:41 +0900)]
Move library path to default libdir
Change-Id: I70356e1ef2e74b817bd4008dc4e68473ed29d843
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 12 Oct 2015 06:50:14 +0000 (15:50 +0900)]
Fix diff between upstream and tizen
Change-Id: I30681b310869557c60a2d8ab3b76d999c9c2fa97
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 12 Oct 2015 06:49:10 +0000 (15:49 +0900)]
Upgrade upstream version to 1.0.2d
Change-Id: I68b01267078a01007964c693440489151bc8ba2f
Yury Usishchev [Tue, 6 Oct 2015 11:05:17 +0000 (14:05 +0300)]
Imported Upstream version 1.0.2d
Change-Id: I565a3e3ac5176f83139175faa2d2a11a334e8908
Signed-off-by: Yury Usishchev <y.usishchev@samsung.com>
Kyungwook Tak [Mon, 31 Aug 2015 07:19:30 +0000 (16:19 +0900)]
Upgrade openssl version to 1.0.1p
Change-Id: I4adbd2d17c72f228aea1396678f1e11a67b63bdc
Kyungwook Tak [Mon, 31 Aug 2015 07:15:21 +0000 (16:15 +0900)]
Imported Upstream version 1.0.1p
Change-Id: I297624cdcb5d68a3442cdf4666722e66ce7a264b
kyungwook tak [Wed, 25 Mar 2015 09:51:48 +0000 (18:51 +0900)]
Upgrade openssl version to 1.0.1m
Conflicts:
ssl/ssl_lib.c
Change-Id: Ib400e515e742c87075578ed5e7ff82ccf4f195af
Signed-off-by: kyungwook tak <k.tak@samsung.com>
kyungwook tak [Wed, 25 Mar 2015 02:18:14 +0000 (11:18 +0900)]
Imported Upstream version 1.0.1m
Change-Id: Ifa60e86d772dade7afe158c8899e6d36c5561bba
kyungwook tak [Thu, 12 Mar 2015 04:10:43 +0000 (13:10 +0900)]
Upgrade openssl version to 1.0.1l
Change-Id: Ia57c845afb0e9f2eb99fdb167441ef0b6157b50c
kyungwook tak [Thu, 12 Mar 2015 02:36:31 +0000 (11:36 +0900)]
Imported Upstream version 1.0.1l
Change-Id: I99680d38528c4117e59bb5377cc54820b22b93a2
Janusz Kozerski [Wed, 22 Oct 2014 09:48:50 +0000 (11:48 +0200)]
Move openssl version from 1.0.1h to 1.0.1j
for CVE-2014-3513 CVE-2014-3567 CVE-2014-3566 (SSLv3 POODLE)
CVE-2014-3568 fixes
Change-Id: I7f10ab3e6459da4553c298c2ed26db0dc3623d0e
Signed-off-by: Janusz Kozerski <j.kozerski@samsung.com>
John L. Whiteman [Fri, 20 Jun 2014 20:05:34 +0000 (13:05 -0700)]
Move openssl version from 1.0.1g to 1.0.1h
for CVE-2014-0224, CVE-2014-0221, CVE-2014-0195,
CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 fixes
Change-Id: Ifa69d7a46f9a000d0ee8cf4da86e3e1d7113cfdc
Signed-off-by: John L. Whiteman <john.l.whiteman@intel.com>
Michael Demeter [Thu, 10 Apr 2014 18:20:00 +0000 (11:20 -0700)]
Move openssl version to 1.0.1g for CVE-2014-160 (Heartbleed)
Change-Id: Ia8dc1aada13143a27be097574f985414b998159f
Signed-off-by: Michael Demeter <michael.demeter@intel.com>
Ryan Ware [Tue, 13 Aug 2013 23:15:32 +0000 (16:15 -0700)]
Move to OpenSSL 1.0.1e from 1.0.1c.
Alexandru Cornea [Mon, 1 Jul 2013 18:05:50 +0000 (21:05 +0300)]
resetting manifest requested domain to floor
Anas Nashif [Fri, 22 Mar 2013 18:03:34 +0000 (11:03 -0700)]
Fixed package groups
Anas Nashif [Mon, 18 Mar 2013 19:47:58 +0000 (12:47 -0700)]
Fixed package group
Anas Nashif [Mon, 18 Mar 2013 15:28:22 +0000 (08:28 -0700)]
Fixed package groups
Anas Nashif [Wed, 28 Nov 2012 23:36:03 +0000 (15:36 -0800)]
enable md2
Anas Nashif [Wed, 28 Nov 2012 16:35:51 +0000 (08:35 -0800)]
do not run tests for now
Anas Nashif [Wed, 28 Nov 2012 16:32:17 +0000 (08:32 -0800)]
remove patches
Anas Nashif [Wed, 28 Nov 2012 16:28:27 +0000 (08:28 -0800)]
enable md2
Anas Nashif [Mon, 5 Nov 2012 21:57:24 +0000 (13:57 -0800)]
add packaging
Ryan Ware [Tue, 13 Aug 2013 23:04:16 +0000 (16:04 -0700)]
Imported Upstream version 1.0.1e
Matt Caswell [Wed, 15 Oct 2014 12:54:46 +0000 (13:54 +0100)]
Prepare for 1.0.1j release
Reviewed-by: Stephen Henson <steve@openssl.org>
Matt Caswell [Wed, 15 Oct 2014 11:27:03 +0000 (12:27 +0100)]
Updates to NEWS
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
Matt Caswell [Wed, 15 Oct 2014 09:40:29 +0000 (10:40 +0100)]
Add updates to CHANGES file
Reviewed-by: Bodo Möller <bodo@openssl.org>
Geoff Thorpe [Wed, 15 Oct 2014 07:25:50 +0000 (03:25 -0400)]
Fix no-ssl3 configuration option
CVE-2014-3568
Reviewed-by: Emilia Kasper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Wed, 15 Oct 2014 00:53:55 +0000 (01:53 +0100)]
Fix for session tickets memory leak.
CVE-2014-3567
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
5dc6070a03779cd524f0e67f76c945cb0ac38320)
Matt Caswell [Wed, 15 Oct 2014 00:23:07 +0000 (01:23 +0100)]
Fix SRTP compile issues for windows
Related to CVE-2014-3513
This fix was developed by the OpenSSL Team
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 15 Oct 2014 00:20:38 +0000 (01:20 +0100)]
Fix for SRTP Memory Leak
CVE-2014-3513
This issue was reported to OpenSSL on 26th September 2014, based on an origi
issue and patch developed by the LibreSSL project. Further analysis of the i
was performed by the OpenSSL team.
The fix was developed by the OpenSSL team.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Bodo Moeller [Wed, 15 Oct 2014 12:47:39 +0000 (14:47 +0200)]
Fix SSL_R naming inconsistency.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Wed, 15 Oct 2014 09:10:08 +0000 (11:10 +0200)]
aesni-x86_64.pl: make ECB subroutine Windows ABI compliant.
RT: 3553
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit
69d5747f90136aa026a96204f26ab39549dfc69b)
Tim Hudson [Thu, 25 Sep 2014 06:04:35 +0000 (08:04 +0200)]
Add constant_time_locl.h to HEADERS,
so the Win32 compile picks it up correctly.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Thu, 25 Sep 2014 04:47:23 +0000 (06:47 +0200)]
Add the constant time test to the VMS build and tests
Reviewed-by: Tim Hudson <tjh@openssl.org>
Conflicts:
test/maketests.com
test/tests.com
Richard Levitte [Wed, 24 Sep 2014 20:59:37 +0000 (22:59 +0200)]
Include "constant_time_locl.h" rather than "../constant_time_locl.h".
The different -I compiler parameters will take care of the rest...
Reviewed-by: Tim Hudson <tjh@openssl.org>
Richard Levitte [Mon, 16 Jun 2014 11:24:04 +0000 (13:24 +0200)]
Spaces were added in some strings for better readability. However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces
Reviewed-by: Tim Hudson <tjh@openssl.org>
Richard Levitte [Wed, 6 Aug 2014 02:37:27 +0000 (04:37 +0200)]
Adjust VMS build to Unix build. Most of all, make it so the disabled
algorithms MD2 and RC5 don't get built.
Also, disable building the test apps in crypto/des and crypto/pkcs7, as
they have no support at all.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Richard Levitte [Wed, 18 Jun 2014 11:41:54 +0000 (13:41 +0200)]
Make sure test/tests.com exit gracefully, even when openssl.exe wasn't properly built.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Richard Levitte [Wed, 6 Aug 2014 01:54:57 +0000 (03:54 +0200)]
Update the VMS build according to the latest unixly build. Partly provided by Zoltan Arpadffy <arpadffy@polarhome.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Richard Levitte [Sat, 14 Jun 2014 13:13:44 +0000 (15:13 +0200)]
Make sure that disabling the MAYLOSEDATA3 warning is only done when the compiler supports it. Otherwise, there are warnings about it lacking everywhere, which is quite tedious to read through while trying to check for other warnings.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Bodo Moeller [Wed, 15 Oct 2014 02:05:42 +0000 (04:05 +0200)]
Support TLS_FALLBACK_SCSV.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Fri, 10 Oct 2014 12:18:09 +0000 (13:18 +0100)]
Preserve digests for SNI.
SSL_set_SSL_CTX is normally called for SNI after ClientHello has
received and the digest to use for each certificate has been decided.
The original ssl->cert contains the negotiated digests and is now
copied to the new ssl->cert.
PR: 3560
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Fri, 3 Oct 2014 22:48:49 +0000 (23:48 +0100)]
Removed duplicate definition of PKCS7_type_is_encrypted
Patch supplied by Matthieu Patou <mat@matws.net>, and modified to also
remove duplicate definition of PKCS7_type_is_digest.
PR#3551
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
e0fdea3e49e7454aa76bd5ecf3a3747641354c68)
Dr. Stephen Henson [Thu, 25 Sep 2014 22:28:48 +0000 (23:28 +0100)]
Add additional DigestInfo checks.
Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.
Note: this is a precautionary measure, there is no known attack
which can exploit this.
Thanks to Brian Smith for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Emilia Kasper [Thu, 25 Sep 2014 11:39:21 +0000 (13:39 +0200)]
Add missing tests
Accidentally omitted from commit
455b65dfab0de51c9f67b3c909311770f2b3f801
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit
fdc35a9d3e8cf4cfd9330d5df9883f42cf5648ad)
Dr. Stephen Henson [Sat, 20 Sep 2014 00:00:55 +0000 (01:00 +0100)]
Use correct function name: CMS_add1_signer()
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
5886354dcca4f8445ed35b6995a035b75409590c)
Andy Polyakov [Wed, 24 Sep 2014 22:42:26 +0000 (00:42 +0200)]
crypto/bn/bn_nist.c: work around MSC ARM compiler bug.
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit
8b07c005fe006044d0e4a795421447deca3c9f2c)
Emilia Kasper [Fri, 5 Sep 2014 12:47:33 +0000 (14:47 +0200)]
RT3425: constant-time evp_enc
Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
4aac102f75b517bdb56b1bcfd0a856052d559f6e)
Conflicts:
crypto/evp/evp_enc.c
(cherry picked from commit
738911cde68b2b3706e502cf8daf5b14738f2f42)