Age | Commit message (Collapse) | Author |
|
no-comp on Windows was not actually suppressing compilation of the code,
although it was suppressing its use.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit a6406c95984a1009f5676bbcf60cc0d6db107af4)
|
|
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #2341
(cherry picked from commit 4256957570a233ed4e9840353e95e623dfd62086)
|
|
Update mk1mf.pl to properly handle no-weak-ssl-ciphers
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
The SRP user database lookup method SRP_VBASE_get_by_user had confusing
memory management semantics; the returned pointer was sometimes newly
allocated, and sometimes owned by the callee. The calling code has no
way of distinguishing these two cases.
Specifically, SRP servers that configure a secret seed to hide valid
login information are vulnerable to a memory leak: an attacker
connecting with an invalid username can cause a memory leak of around
300 bytes per connection.
Servers that do not configure SRP, or configure SRP but do not configure
a seed are not vulnerable.
In Apache, the seed directive is known as SSLSRPUnknownUserSeed.
To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user
is now disabled even if the user has configured a seed.
Applications are advised to migrate to SRP_VBASE_get1_by_user. However,
note that OpenSSL makes no strong guarantees about the
indistinguishability of valid and invalid logins. In particular,
computations are currently not carried out in constant time.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Trouble is that LINK variable assignment in make-file interferes with
LINK environment variable, which can be used to modify Microsoft's
LINK.EXE behaviour.
RT#4289
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit d44bb1c31ca00f4359090daa15659c0dd1a08f0d)
Resolved conflicts:
util/pl/VC-32.pl
(cherry picked from commit 0fffd522426c7fc022894c8dd079dc2625c04096)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 10119938215298ad414468e7c2779d7fd1a0b979)
|
|
PR#4042
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit d62c64b947ae96463a331de005165c57966d2149)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 3be39dc1e3378d79531e385a72051c4dc5c6b34d)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 3da9505dc02b0594633c73a11343f54bb5dbf536)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit e36ce2d986a5edbd33d6d176fb95c8046fae9725)
|
|
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(cherry picked from commit ad282e638b6824325fb83ecf7cde2e7996f52b79)
|
|
This leaves behind files with names ending with '.iso-8859-1'. These
should be safe to remove. If something went wrong when re-encoding,
there will be some files with names ending with '.utf8' left behind.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
This requires 'iconv' and that 'file' can take the options '-b' and '-i'.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit f608b4064d58ca4dfdfdfc921308b51cb96205e2)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2a7059c56f885a3fa0842e886f5178def8e5481d)
|
|
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Backport old patch to make it work in mixture of perls for Windows.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Cherry-picked from 7bb98eee3c9e4694dfc2217001d5075ce8d2906e
(cherry picked from commit 051b41df4105355a5a9c7f1c0bd00cc70b2d324c)
|
|
Since source reformat, we ended up with some error reason string
definitions that spanned two lines. That in itself is fine, but we
sometimes edited them to provide better strings than what could be
automatically determined from the reason macro, for example:
{ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
"Peer haven't sent GOST certificate, required for selected ciphersuite"},
However, mkerr.pl didn't treat those two-line definitions right, and
they ended up being retranslated to whatever the macro name would
indicate, for example:
{ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
"No gost certificate sent by peer"},
Clearly not what we wanted. This change fixes this problem.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 2cfdfe0918f03f8323c9523a2beb2b363ae86ca7)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Make the output from mkerr.pl consistent with the newly reformatted code.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 437b14b533fe7f7408e3ebca6d5569f1d3347b1a)
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Add option -nc which sets COMMENTS=true but disables all indent comment
reformatting options.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
openssl-format-source
Conflicts:
crypto/aes/aes_x86core.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Add aes_core.c to the list of files not processed by openssl-format-source
Conflicts:
crypto/aes/aes_core.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
openssl-format-source
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
just can't handle it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Don't use double newline for headers.
Don't interpret ASN1_PCTX as start of an ASN.1 module.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
available.
Script written by Tim Hudson, with amendments by Steve Henson, Rich Salz and
Matt Caswell
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 2d2671790ee12dedd92c97f35b6feb755b8d4374)
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 5c5e7e1a7eb114cf136e1ae4b6a413bc48ba41eb)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit b691154e18c0367643696db3cf73debe9ddfa9ae)
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 31c65a7bc0de7ff1446645d41af388893362f579)
|
|
is run with --strict-warnings.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 488f16e31b8f5ec2513410929325d0830d76762d)
|
|
Workaround for NetWare CodeWarrior compiler which doesn't properly lookup
includes when in same directory as the C file which includes it.
PR#3569
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 333fad9f2de1dea99552fcb424b312ca1a390f85)
|
|
When no-ssl3 is set only make SSLv3 disabled by default. Retain -ssl3
options for s_client/s_server/ssltest.
When no-ssl3-method is set SSLv3_*method() is removed and all -ssl3
options.
We should document this somewhere, e.g. wiki, FAQ or manual page.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 3881d8106df732fc433d30446625dfa2396da42d)
Conflicts:
util/mkdef.pl
|
|
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit c882abd52269a59ed8e0510e5febf667428ece85)
|
|
Related to CVE-2014-3513
This fix was developed by the OpenSSL Team
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Don't call internal functions directly call them through
SSL_test_functions(). This also makes unit testing work on
Windows and platforms that don't export internal functions
from shared libraries.
By default unit testing is not enabled: it requires the compile
time option "enable-unit-test".
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit e0fc7961c4fbd27577fb519d9aea2dc788742715)
Conflicts:
ssl/Makefile
util/mkdef.pl
|
|
Gets rid of this;
defined(@array) is deprecated at ../util/mkerr.pl line 792.
(Maybe you should just omit the defined()?)
defined(@array) is deprecated at ../util/mkerr.pl line 800.
(Maybe you should just omit the defined()?)
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit 647f360e2e86818cee1f2d0429e071d14814e0b5)
|
|
Use a previously unused value as we will be updating multiple released
branches.
(cherry picked from commit 0737acd2a8cc688902b5151cab5dc6737b82fb96)
|
|
PR: 3251
Suggested by: Thorsten Schöning
|
|
PR: 3251
Suggested by: Thorsten Schöning
(cherry picked from commit 779c51c6446f384c2f2a7bd5cc4c3e0366baf628)
|