Andy Polyakov [Mon, 9 Feb 2015 10:46:19 +0000 (11:46 +0100)]
evp/e_aes.c: fix SPARC T4-specific problem:
- SIGSEGV/ILL in CCM (RT#3688);
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Tue, 10 Mar 2015 23:15:15 +0000 (23:15 +0000)]
Fix seg fault in ASN1_generate_v3/ASN1_generate_nconf
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit
ac5a110621ca48f0bebd5b4d76d081de403da29e)
Matt Caswell [Mon, 9 Mar 2015 13:59:58 +0000 (13:59 +0000)]
Cleanse buffers
Cleanse various intermediate buffers used by the PRF (backported version
from master).
Reviewed-by: Richard Levitte <levitte@openssl.org>
Emilia Kasper [Wed, 4 Mar 2015 21:05:53 +0000 (13:05 -0800)]
Harmonize return values in dtls1_buffer_record
Ensure all malloc failures return -1.
Reported by Adam Langley (Google).
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
06c6a2b4a3a6e64303caa256398dd2dc16f9c35a)
Richard Godbee [Sun, 21 Sep 2014 06:14:11 +0000 (02:14 -0400)]
BIO_debug_callback: Fix output on 64-bit machines
BIO_debug_callback() no longer assumes the hexadecimal representation of
a pointer fits in 8 characters.
Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
460e920d8a274e27aab36346eeda6685a42c3314)
Matt Caswell [Thu, 26 Feb 2015 11:56:00 +0000 (11:56 +0000)]
Prevent handshake with unseeded PRNG
Fix security issue where under certain conditions a client can complete a
handshake with an unseeded PRNG. The conditions are:
- Client is on a platform where the PRNG has not been seeded, and the
user has not seeded manually
- A protocol specific client method version has been used (i.e. not
SSL_client_methodv23)
- A ciphersuite is used that does not require additional random data
from the PRNG beyond the initial ClientHello client random
(e.g. PSK-RC4-SHA)
If the handshake succeeds then the client random that has been used will
have been generated from a PRNG with insufficient entropy and therefore
the output may be predictable.
For example using the following command with an unseeded openssl will
succeed on an unpatched platform:
openssl s_client -psk
1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA
CVE-2015-0285
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
e1b568dd2462f7cacf98f3d117936c34e2849a6b)
Dmitry-Me [Sun, 1 Jun 2014 17:30:52 +0000 (21:30 +0400)]
Fix wrong numbers being passed as string lengths
Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
0b142f022e2c5072295e00ebc11c5b707a726d74)
Dr. Stephen Henson [Mon, 9 Mar 2015 16:57:24 +0000 (16:57 +0000)]
update ordinals
Reviewed-by: Matt Caswell <matt@openssl.org>
David Woodhouse [Mon, 2 Mar 2015 16:20:15 +0000 (16:20 +0000)]
Wrong SSL version in DTLS1_BAD_VER ClientHello
Since commit
741c9959 ("DTLS revision."), we put the wrong protocol
version into our ClientHello for DTLS1_BAD_VER. The old DTLS
code which used ssl->version was replaced by the more generic SSL3 code
which uses ssl->client_version. The Cisco ASA no longer likes our
ClientHello.
RT#3711
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
f7683aaf36341dc65672ac2ccdbfd4a232e3626d)
Matt Caswell [Mon, 2 Mar 2015 14:34:19 +0000 (14:34 +0000)]
Fix DTLS1_BAD_VER regression
Commit
9cf0f187 in HEAD, and
68039af3 in 1.0.2, removed a version check
from dtls1_buffer_message() which was needed to distinguish between DTLS
1.x and Cisco's pre-standard version of DTLS (DTLS1_BAD_VER).
Based on an original patch by David Woodhouse <dwmw2@infradead.org>
RT#3703
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
5178a16c4375471d25e1f5ef5de46febb62a5529)
Dr. Stephen Henson [Sun, 8 Mar 2015 17:31:48 +0000 (17:31 +0000)]
fix warning
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 3 Mar 2015 14:20:23 +0000 (14:20 +0000)]
Cleanse PKCS#8 private key components.
New function ASN1_STRING_clear_free which cleanses an ASN1_STRING
structure before freeing it.
Call ASN1_STRING_clear_free on PKCS#8 private key components.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
a8ae0891d4bfd18f224777aed1fbb172504421f1)
Dr. Stephen Henson [Tue, 24 Feb 2015 16:35:37 +0000 (16:35 +0000)]
Additional CMS documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
e3013932df2d899e8600c305342bc14b682dc0d1)
Kurt Roeckx [Wed, 4 Mar 2015 20:57:52 +0000 (21:57 +0100)]
Remove export ciphers from the DEFAULT cipher list
They are moved to the COMPLEMENTOFDEFAULT instead.
This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Fri, 6 Mar 2015 13:00:47 +0000 (13:00 +0000)]
Update mkerr.pl for new format
Make the output from mkerr.pl consistent with the newly reformatted code.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Kurt Cancemi [Wed, 4 Mar 2015 10:57:45 +0000 (10:57 +0000)]
Use constants not numbers
This patch uses warning/fatal constants instead of numbers with comments for
warning/alerts in d1_pkt.c and s3_pkt.c
RT#3725
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
fd865cadcb603918bdcfcf44e487721c657a1117)
Matt Caswell [Wed, 4 Mar 2015 17:49:51 +0000 (17:49 +0000)]
Unchecked malloc fixes
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
918bb8652969fd53f0c390c1cd909265ed502c7e)
Conflicts:
crypto/bio/bss_dgram.c
Dr. Stephen Henson [Wed, 18 Feb 2015 00:34:59 +0000 (00:34 +0000)]
Check public key is not NULL.
CVE-2015-0288
PR#3708
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
28a00bcd8e318da18031b2ac8778c64147cd54f9)
Dr. Stephen Henson [Mon, 2 Mar 2015 13:26:29 +0000 (13:26 +0000)]
Fix format script.
The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
437b14b533fe7f7408e3ebca6d5569f1d3347b1a)
Matt Caswell [Fri, 27 Feb 2015 16:52:07 +0000 (16:52 +0000)]
Fix d2i_SSL_SESSION for DTLS1_BAD_VER
Some Cisco appliances use a pre-standard version number for DTLS. We support
this as DTLS1_BAD_VER within the code.
This change fixes d2i_SSL_SESSION for that DTLS version.
Based on an original patch by David Woodhouse <dwmw2@infradead.org>
RT#3704
Reviewed-by: Tim Hudson <tjh@openssl.org>
Conflicts:
ssl/ssl_asn1.c
Matt Caswell [Thu, 26 Feb 2015 11:54:58 +0000 (11:54 +0000)]
Fixed missing return value checks.
Added various missing return value checks in tls1_change_cipher_state.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 26 Feb 2015 11:53:55 +0000 (11:53 +0000)]
Fix missing return value checks.
Fixed various missing return value checks in ssl3_send_newsession_ticket.
Also a mem leak on error.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Conflicts:
ssl/s3_srvr.c
Matt Caswell [Thu, 26 Feb 2015 10:35:50 +0000 (10:35 +0000)]
Fix evp_extra_test.c with no-ec
When OpenSSL is configured with no-ec, then the new evp_extra_test fails to
pass. This change adds appropriate OPENSSL_NO_EC guards around the code.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
a988036259a4e119f6787b4c585f506226330120)
Matt Caswell [Wed, 25 Feb 2015 15:25:27 +0000 (15:25 +0000)]
Update the SHA* documentation
Updates to include SHA224, SHA256, SHA384 and SHA512. In particular note
the restriction on setting md to NULL with regards to thread safety.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
f7812493a0da6b740274135ce340ff7505027057)
Rainer Jung [Tue, 24 Feb 2015 19:12:17 +0000 (19:12 +0000)]
Fix NAME section of d2i_ECPKParameters to prevent broken symlinks when using
the extract-names.pl script.
RT#3718
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Fri, 20 Feb 2015 09:18:29 +0000 (09:18 +0000)]
Fix some minor documentation issues
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Matt Caswell [Tue, 10 Feb 2015 16:21:30 +0000 (16:21 +0000)]
Remove pointless free, and use preferred way of calling d2i_* functions
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Matt Caswell [Tue, 10 Feb 2015 16:08:33 +0000 (16:08 +0000)]
Add dire warnings about the "reuse" capability of the d2i_* functions.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Matt Caswell [Tue, 10 Feb 2015 15:45:56 +0000 (15:45 +0000)]
Provide documentation for i2d_ECPrivateKey and d2i_ECPrivateKey
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Matt Caswell [Mon, 9 Feb 2015 11:38:41 +0000 (11:38 +0000)]
Fix a failure to NULL a pointer freed on error.
Inspired by BoringSSL commit
517073cd4b by Eric Roman <eroman@chromium.org>
CVE-2015-0209
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Matt Caswell [Mon, 9 Feb 2015 09:45:35 +0000 (09:45 +0000)]
Import evp_test.c from BoringSSL. Unfortunately we already have a file
called evp_test.c, so I have called this one evp_extra_test.c
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Conflicts:
crypto/evp/Makefile
test/Makefile
Dr. Stephen Henson [Tue, 24 Feb 2015 13:52:21 +0000 (13:52 +0000)]
Document -no_explicit
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
384dee51242e950c56b3bac32145957bfbf3cd4b)
Andy Polyakov [Sun, 22 Feb 2015 16:43:11 +0000 (17:43 +0100)]
Fix crash in SPARC T4 XTS.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
775b669de3ba84d8dce16ff5e2bdffe263c05c4b)
Andy Polyakov [Sun, 22 Feb 2015 18:19:26 +0000 (19:19 +0100)]
sha/asm/sha1-586.pl: fix typo.
The typo doesn't affect supported configuration, only unsupported masm.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
3372c4fffa0556a688f8f1f550b095051398f596)
Dr. Stephen Henson [Sun, 22 Feb 2015 13:13:12 +0000 (13:13 +0000)]
typo
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit
15b5d6585de098e48acebc8366a9956ee57c8f2d)
Edgar Pek [Sat, 21 Feb 2015 13:56:41 +0000 (14:56 +0100)]
Fix null-pointer dereference
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
bcfa19a8d19506c26b5f8d9d9934ca2aa5f96b43)
Kurt Roeckx [Sat, 21 Feb 2015 13:51:50 +0000 (14:51 +0100)]
Fix memory leak
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
edac5dc220d494dff7ee259dfd84335ffa50e938)
Doug Hogan [Thu, 8 Jan 2015 02:21:01 +0000 (18:21 -0800)]
Avoid a double-free in an error path.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
1549a265209d449b6aefd2b49d7d39f7fbe0689b)
Richard Levitte [Sun, 22 Feb 2015 07:27:36 +0000 (08:27 +0100)]
Restore -DTERMIO/-DTERMIOS on Windows platforms.
The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a
bit too enthusiastically. Windows/DOSish platforms of all sorts get
identified as OPENSSL_SYS_MSDOS, and they get a different treatment
altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the
configuration. The answer is to restore those macro definitions for
the affected configuration targets.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
ba4bdee7184a5cea5bef8739eb360e5c2bc3b52c)
Conflicts:
Configure
Richard Levitte [Thu, 12 Feb 2015 10:41:48 +0000 (11:41 +0100)]
Assume TERMIOS is default, remove TERMIO on all Linux.
The rationale for this move is that TERMIOS is default, supported by
POSIX-1.2001, and most definitely on Linux. For a few other systems,
TERMIO may still be the termnial interface of preference, so we keep
-DTERMIO on those in Configure.
crypto/ui/ui_openssl.c is simplified in this regard, and will define
TERMIOS for all systems except a select few exceptions.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
64e6bf64b36136d487e2fbf907f09612e69ae911)
Conflicts:
Configure
crypto/ui/ui_openssl.c
Richard Levitte [Thu, 12 Feb 2015 12:16:20 +0000 (13:16 +0100)]
Transfer a fix from 1.0.1
manually picked from
e7b85bc40200961984925604ca444517359a6067
Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit
774ccae63c3a41a3f0762cbc818271d3ef9f369f)
Rich Salz [Thu, 12 Feb 2015 19:23:28 +0000 (14:23 -0500)]
RT3684: rand_egd needs stddef.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
Graeme Perrow [Thu, 12 Feb 2015 18:00:42 +0000 (13:00 -0500)]
RT3670: Check return from BUF_MEM_grow_clean
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
b0333e697c008d639c56f48e9148cb8cba957e32)
Eric Dequin [Thu, 12 Feb 2015 15:44:30 +0000 (10:44 -0500)]
Missing OPENSSL_free on error path.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
1d2932de4cefcc200f175863a42c311916269981)
Emilia Kasper [Thu, 5 Feb 2015 15:38:54 +0000 (16:38 +0100)]
Fix hostname validation in the command-line tool to honour negative return values.
Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.
Also update X509_check_host docs to reflect reality.
Thanks to Sean Burford (Google) for reporting this issue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
0923e7df9eafec6db9c75405d7085ec8581f01bd)
Andy Polyakov [Tue, 10 Feb 2015 07:55:30 +0000 (08:55 +0100)]
objects/obj_xref.h: revert reformat.
obj_xref.h was erroneously restored to pre-reformat state.
Reviewed-by: Matt Caswell <matt@openssl.org>
Andy Polyakov [Mon, 9 Feb 2015 14:59:09 +0000 (15:59 +0100)]
Bring objects.pl output even closer to new format.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
849037169d98d070c27d094ac341fc6aca1ed2ca)
Dr. Stephen Henson [Sun, 8 Feb 2015 13:14:05 +0000 (13:14 +0000)]
Fix memory leak reporting.
Free up bio_err after memory leak data has been printed to it.
In int_free_ex_data if ex_data is NULL there is nothing to free up
so return immediately and don't reallocate it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
9c7a780bbebc1b6d87dc38a6aa3339033911a8bb)
Andy Polyakov [Sat, 7 Feb 2015 09:15:32 +0000 (10:15 +0100)]
Harmonize objects.pl output with new format.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
7ce38623194f6df6a846cd01753b63f361c88e57)
Matt Caswell [Thu, 5 Feb 2015 10:19:55 +0000 (10:19 +0000)]
Fix error handling in ssltest
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
ae632974f905c59176fa5f312826f8f692890b67)
Rich Salz [Thu, 5 Feb 2015 14:44:30 +0000 (09:44 -0500)]
Fixed bad formatting in crypto/des/spr.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
7e35f06ea908e47f87b723b5e951ffc55463eb8b)
Dr. Stephen Henson [Wed, 4 Feb 2015 03:31:34 +0000 (03:31 +0000)]
Make objxref.pl output in correct format
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
6922ddee1b7b1bddbe0d59a5bbdcf8ff39343434)
Dr. Stephen Henson [Tue, 3 Feb 2015 01:31:33 +0000 (01:31 +0000)]
Preliminary ASN1_TIME documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
a724e79ed761ea535a6c7457c90da5ff4b1cea69)
Dr. Stephen Henson [Sun, 1 Feb 2015 13:06:32 +0000 (13:06 +0000)]
Check PKCS#8 pkey field is valid before cleansing.
PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
52e028b9de371da62c1e51b46592517b1068d770)
Andy Polyakov [Fri, 30 Jan 2015 15:15:46 +0000 (16:15 +0100)]
cms-test.pl: "localize" /dev/null even further [as follow-up to VMS].
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
5da05a26f21e7c43a156b65b13a9bc968a6c78db)
Andy Polyakov [Sun, 25 Jan 2015 13:51:43 +0000 (14:51 +0100)]
modes/gcm128.c: fix OPENSSL_SMALL_FOOTPRINT compile failure
on affected platforms (PowerPC and AArch64).
For reference, minimalistic #ifdef GHASH is sufficient, because
it's never defined with OPENSSL_SMALL_FOOTPRINT and ctx->ghash
is never referred.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
b2991c081aba5351a3386bdde2927672d53e5c99)
Richard Levitte [Fri, 30 Jan 2015 11:36:13 +0000 (12:36 +0100)]
VMS exit codes weren't handled well enough and were unclear
Making a specific variable $failure_code and a bit of commenting in the
VMS section should help clear things up.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
e00ab250c878f7a7f0ae908a6305cebf6883a244)
Richard Levitte [Fri, 30 Jan 2015 03:44:17 +0000 (04:44 +0100)]
dso_vms needs to add the .EXE extension if there is none already
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
be7b1097e28ff6d49f0d4b7ab8b036d6da87ebc6)
Matt Caswell [Mon, 26 Jan 2015 23:28:31 +0000 (23:28 +0000)]
Provide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead
functions.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
8507474564f3f743f5daa3468ca97a9b707b3583)
Matt Caswell [Mon, 26 Jan 2015 16:46:49 +0000 (16:46 +0000)]
Remove explicit setting of read_ahead for DTLS. It never makes sense not to
use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs
to be the default.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
f4002412518703d07fee321d4c88ee0bbe1694fe)
Matt Caswell [Mon, 26 Jan 2015 16:47:36 +0000 (16:47 +0000)]
Make DTLS always act as if read_ahead is set. The actual value of read_ahead
is ignored for DTLS.
RT#3657
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa)
Rich Salz [Mon, 26 Jan 2015 16:06:28 +0000 (11:06 -0500)]
Remove obsolete support for old code.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
3d0cf918078fecee8b040807a2603e41937092f6)
Rich Salz [Mon, 26 Jan 2015 15:46:26 +0000 (10:46 -0500)]
Remove unused eng_rsax and related asm file
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Mon, 26 Jan 2015 02:12:01 +0000 (21:12 -0500)]
Make OPENSSL_config truly ignore errors.
Per discussion: should not exit. Should not print to stderr.
Errors are ignored. Updated doc to reflect that, and the fact
that this function is to be avoided.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(cherry picked from commit
abdd677125f3a9e3082f8c5692203590fdb9b860)
Kurt Roeckx [Sat, 24 Jan 2015 13:46:50 +0000 (14:46 +0100)]
Fix segfault with empty fields as last in the config.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Thu, 22 Jan 2015 19:43:27 +0000 (19:43 +0000)]
FIPS build fixes.
PR#3673
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Thu, 22 Jan 2015 16:16:24 +0000 (16:16 +0000)]
Prepare for 1.0.2a-dev
Reviewed-by: Stephen Henson <steve@openssl.org>
Matt Caswell [Thu, 22 Jan 2015 16:12:26 +0000 (16:12 +0000)]
Prepare for 1.0.2 release
Reviewed-by: Stephen Henson <steve@openssl.org>
Matt Caswell [Thu, 22 Jan 2015 16:12:26 +0000 (16:12 +0000)]
make update
Reviewed-by: Stephen Henson <steve@openssl.org>
Matt Caswell [Thu, 22 Jan 2015 15:07:48 +0000 (15:07 +0000)]
Updates to CHANGES for 1.0.2
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
Matt Caswell [Thu, 22 Jan 2015 14:36:27 +0000 (14:36 +0000)]
NEWS update
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
Matt Caswell [Thu, 22 Jan 2015 11:44:18 +0000 (11:44 +0000)]
Fix for reformat problems with e_padlock.c
Reviewed-by: Andy Polyakov <appro@openssl.org>
Matt Caswell [Thu, 22 Jan 2015 11:04:47 +0000 (11:04 +0000)]
Fix post-reformat errors preventing windows compilation
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Thu, 22 Jan 2015 10:42:48 +0000 (10:42 +0000)]
Fix formatting error in pem.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rob Stradling [Thu, 22 Jan 2015 12:18:30 +0000 (12:18 +0000)]
Use inner algorithm when printing certificate.
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
004efdbb41f731d36bf12d251909aaa08704a756)
Corinna Vinschen [Sat, 6 Dec 2014 12:53:58 +0000 (13:53 +0100)]
Drop redundant and outdated __CYGWIN32__ tests.
Change OPENSSL_SYSNAME_CYGWIN32 to OPENSSL_SYSNAME_CYGWIN.
Drop outdated Cygwin targets.
RT#3605
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
732c5a6b928f10de4d6ca0394f49e9938a47a93b)
Resolved conflicts:
Configure
TABLE
Andy Polyakov [Thu, 22 Jan 2015 11:13:57 +0000 (12:13 +0100)]
Fix macosx-ppc build (and typos in unwind info).
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
c462a6817bb05a4c8dded1aa9fa3aa8fd7e176bf)
Andy Polyakov [Thu, 22 Jan 2015 11:00:55 +0000 (12:00 +0100)]
sha256-armv4.pl: fix typo.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
52cab5635603c1a7a00bc6f92401c84ec8920298)
Matt Caswell [Mon, 5 Jan 2015 11:30:03 +0000 (11:30 +0000)]
Re-align some comments after running the reformat script.
This should be a one off operation (subsequent invokation of the
script should not move them)
This commit is for the 1.0.2 changes
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Thu, 22 Jan 2015 03:30:12 +0000 (03:30 +0000)]
Rerun util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Thu, 22 Jan 2015 03:29:12 +0000 (03:29 +0000)]
Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 23:54:59 +0000 (23:54 +0000)]
More tweaks for comments due indent issues
Conflicts:
ssl/ssl_ciph.c
ssl/ssl_locl.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 22:38:06 +0000 (22:38 +0000)]
Fix modes.h so that indent doesn't complain
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 22:03:55 +0000 (22:03 +0000)]
Backport hw_ibmca.c from master due to failed merge
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 21:22:49 +0000 (21:22 +0000)]
Tweaks for comments due to indent's inability to handle them
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 19:18:47 +0000 (19:18 +0000)]
Move more comments that confuse indent
Conflicts:
crypto/dsa/dsa.h
demos/engines/ibmca/hw_ibmca.c
ssl/ssl_locl.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Wed, 21 Jan 2015 15:32:54 +0000 (15:32 +0000)]
Delete trailing whitespace from output.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Tue, 20 Jan 2015 18:53:56 +0000 (18:53 +0000)]
Add -d debug option to save preprocessed files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Tue, 20 Jan 2015 18:49:04 +0000 (18:49 +0000)]
Test option -nc
Add option -nc which sets COMMENTS=true but disables all indent comment
reformatting options.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Wed, 21 Jan 2015 16:28:45 +0000 (17:28 +0100)]
ec/ecp_nistz256.c: further harmonization with latest rules.
Conflicts:
crypto/ec/ecp_nistz256.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 16:37:58 +0000 (16:37 +0000)]
Add ecp_nistz256.c to list of files skipped by openssl-format-source
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 16:34:27 +0000 (16:34 +0000)]
Manually reformat aes_x86core.c and add it to the list of files skipped by
openssl-format-source
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Wed, 21 Jan 2015 15:51:06 +0000 (16:51 +0100)]
crypto/ofb128.c: make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Wed, 21 Jan 2015 15:49:27 +0000 (16:49 +0100)]
modes/ctr128.c: make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Wed, 21 Jan 2015 15:47:51 +0000 (16:47 +0100)]
modes/cfb128.c: make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Wed, 21 Jan 2015 15:02:33 +0000 (16:02 +0100)]
ec/ecp_nistz256.c: harmonize with latest indent script.
Conflicts:
crypto/ec/ecp_nistz256.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 16:12:59 +0000 (16:12 +0000)]
Fix indent comment corruption issue
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 15:28:57 +0000 (15:28 +0000)]
Amend openssl-format-source so that it give more repeatable output
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Wed, 21 Jan 2015 12:18:42 +0000 (13:18 +0100)]
bn/bn_const.c: make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Wed, 21 Jan 2015 10:54:03 +0000 (11:54 +0100)]
bn/asm/x86_64-gcc.cL make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
projects / oweals / openssl.git / log