Permalink
Commits on Aug 26, 2016
  1. @levitte

    VMS: honor --openssldir setting

    Because of a perl operator priority mixup, the --openssldir argument
    wasn't honored.
    
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    levitte committed Aug 26, 2016
  2. @richsalz

    Remove trailing zeros

    Reviewed-by: Andy Polyakov <appro@openssl.org>
    richsalz committed Aug 26, 2016
  3. @levitte

    Improve the definition of STITCHED_CALL in e_rc4_hmac_md5.c

    The definition of STITCHED_CALL relies on OPENSSL_NO_ASM.  However,
    when a configuration simply lacks the assembler implementation for RC4
    (which is where we have implemented the stitched call), OPENSSL_NO_ASM
    isn't implemented.  Better, then, to rely on specific macros that
    indicated that RC4 (and MD5) are implemented in assembler.
    
    For this to work properly, we must also make sure Configure adds the
    definition of RC4_ASM among the C flags.
    
    Reviewed-by: Andy Polyakov <appro@openssl.org>
    levitte committed Aug 26, 2016
Commits on Aug 25, 2016
  1. @mattcaswell

    Remove note from CHANGES about EC DRBG

    EC DRBG support was added in 7fdcb45 in 2011 and then later removed.
    However the CHANGES entry for its original addition was left behind.
    This just removes the spurious CHANGES entry.
    
    Reviewed-by: Stephen Henson <steve@openssl.org>
    mattcaswell committed Aug 25, 2016
  2. @levitte

    Update CHANGES, NEWS, README and opensslv.h on master

    Reviewed-by: Rich Salz <rsalz@openssl.org>
    levitte committed Aug 25, 2016
  3. @mattcaswell

    Fix uninit read in sslapitest

    msan detected an uninit read.
    
    Reviewed-by: Richard Levitte <levitte@openssl.org>
    mattcaswell committed Aug 25, 2016
  4. @dot-asm @mattcaswell

    CHANGES: mention Windows UTF-8 opt-in option.

    Reviewed-by: Richard Levitte <levitte@openssl.org>
    dot-asm committed with mattcaswell Aug 25, 2016
  5. @dot-asm @mattcaswell

    Windows: UTF-8 opt-in for command-line arguments and console input.

    User can make Windows openssl.exe to treat command-line arguments
    and console input as UTF-8 By setting OPENSSL_WIN32_UTF8 environment
    variable (to any value). This is likely to be required for data
    interchangeability with other OSes and PKCS#12 containers generated
    with Windows CryptoAPI.
    
    Reviewed-by: Richard Levitte <levitte@openssl.org>
    dot-asm committed with mattcaswell Aug 25, 2016
  6. @snhenson @mattcaswell

    Support broken PKCS#12 key generation.

    OpenSSL versions before 1.1.0 didn't convert non-ASCII
    UTF8 PKCS#12 passwords to Unicode correctly.
    
    To correctly decrypt older files, if MAC verification fails
    with the supplied password attempt to use the broken format
    which is compatible with earlier versions of OpenSSL.
    
    Reviewed-by: Richard Levitte <levitte@openssl.org>
    snhenson committed with mattcaswell Aug 24, 2016
  7. @dot-asm @mattcaswell

    Don't switch password formats using global state.

    To avoid possible race conditions don't switch password format using
    global state in crypto/pkcs12
    
    Reviewed-by: Richard Levitte <levitte@openssl.org>
    dot-asm committed with mattcaswell Aug 24, 2016
  8. @mattcaswell

    Fix an uninitialised read on an error path

    Found by Coverity.
    
    Reviewed-by: Richard Levitte <levitte@openssl.org>
    mattcaswell committed Aug 25, 2016
  9. @levitte

    NEWS: add a number of the types that were made opaque

    Reviewed-by: Matt Caswell <matt@openssl.org>
    levitte committed Aug 25, 2016
Commits on Aug 24, 2016
  1. @mattcaswell

    Un-delete still documented X509_STORE_CTX_set_verify

    It should not have been removed.
    
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    Viktor Dukhovni committed with mattcaswell Aug 24, 2016
  2. @dot-asm @mattcaswell

    Configurations/10-main.conf: fix solaris64-*-cc link problems.

    Reviewed-by: Richard Levitte <levitte@openssl.org>
    dot-asm committed with mattcaswell Aug 24, 2016
  3. @dot-asm

    ec/asm/ecp_nistz256-x86_64.pl: /cmovb/cmovc/ as nasm doesn't recogniz…

    …e cmovb.
    
    Reviewed-by: Richard Levitte <levitte@openssl.org>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    dot-asm committed Aug 24, 2016
  4. @mattcaswell

    Clarify the error messages in 08f6ae5

    Ensure it is clear to the user why there has been an error.
    
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    mattcaswell committed Aug 24, 2016
  5. @mattcaswell

    Fix no-ec2m

    The new curves test did not take into account no-ec2m
    
    Reviewed-by: Richard Levitte <levitte@openssl.org>
    mattcaswell committed Aug 24, 2016
  6. @levitte @mattcaswell

    CRYPTO_atomic_add(): check that the object is lock free

    If not, fall back to our own code, using the given mutex
    
    Reviewed-by: Andy Polyakov <appro@openssl.org>
    levitte committed with mattcaswell Aug 24, 2016
  7. @levitte @mattcaswell

    CRYPTO_atomic_add(): use acquire release memory order rather than rel…

    …axed
    
    For increments, the relaxed model is fine.  For decrements, it's
    recommended to use the acquire release model.  We therefore go for the
    latter.
    
    Reviewed-by: Andy Polyakov <appro@openssl.org>
    levitte committed with mattcaswell Aug 24, 2016
  8. @levitte @mattcaswell

    Check for __GNUC__ to use GNU C atomic buildins

    Note: we trust any other compiler that fully implements GNU extension
    to define __GNUC__
    
    RT#4642
    
    Reviewed-by: Andy Polyakov <appro@openssl.org>
    levitte committed with mattcaswell Aug 24, 2016
  9. @levitte @mattcaswell

    Trust RSA_check_key() to return correct values

    In apps/rsa.c, we were second guessing RSA_check_key() to leave error
    codes lying around without returning -1 properly.  However, this also
    catches other errors that are lying around and that we should not care
    about.
    
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    levitte committed with mattcaswell Aug 24, 2016
  10. @snhenson @mattcaswell

    Avoid overflow in MDC2_Update()

    Thanks to Shi Lei for reporting this issue.
    
    CVE-2016-6303
    
    Reviewed-by: Matt Caswell <matt@openssl.org>
    snhenson committed with mattcaswell Aug 19, 2016
  11. @richsalz @mattcaswell

    Put DES into "not default" category.

    Add CVE to CHANGES
    
    Reviewed-by: Emilia Käsper <emilia@openssl.org>
    richsalz committed with mattcaswell Aug 18, 2016
  12. @richsalz @mattcaswell

    To avoid SWEET32 attack, move 3DES to weak

    Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
    richsalz committed with mattcaswell Jul 30, 2016
  13. @RJPercival @mattcaswell

    Typo fixes

    Reviewed-by: Rich Salz <rsalz@openssl.org>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    RJPercival committed with mattcaswell Aug 24, 2016
  14. @RJPercival @mattcaswell

    Updates the CT_POLICY_EVAL_CTX POD

    Ownership semantics and function names have changed.
    
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    RJPercival committed with mattcaswell Aug 23, 2016
  15. @RJPercival @mattcaswell

    Correct documentation about SCT setters resetting validation status

    Reviewed-by: Rich Salz <rsalz@openssl.org>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    RJPercival committed with mattcaswell Aug 23, 2016
  16. @RJPercival @mattcaswell

    Removes the SCT_verify* POD

    SCT_verify_v1 has been removed and SCT_verify is no longer part of the
    public API.
    
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    RJPercival committed with mattcaswell Aug 23, 2016
  17. @RJPercival @mattcaswell

    Documents the SCT validation functions

    Reviewed-by: Rich Salz <rsalz@openssl.org>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    RJPercival committed with mattcaswell Aug 23, 2016
  18. @RJPercival @mattcaswell

    Removes {o2i,i2o}_SCT_signature from PODs

    These functions have been removed from the public API.
    
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    RJPercival committed with mattcaswell Aug 23, 2016
  19. @RJPercival @mattcaswell

    Documents the CTLOG functions

    CTLOG_new_null() has been removed from the code, so it has also been
    removed from this POD.
    
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    RJPercival committed with mattcaswell Aug 23, 2016
  20. @RJPercival @mattcaswell

    Document the i2o and o2i SCT functions

    Reviewed-by: Rich Salz <rsalz@openssl.org>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    RJPercival committed with mattcaswell Aug 23, 2016
  21. @RJPercival @mattcaswell

    Removes d2i_SCT_LIST.pod

    This is covered by d2i_X509.pod.
    
    Reviewed-by: Rich Salz <rsalz@openssl.org>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    RJPercival committed with mattcaswell Aug 23, 2016
  22. @RJPercival @mattcaswell

    Document that SCT_set_source returns 0 on failure.

    Reviewed-by: Rich Salz <rsalz@openssl.org>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    RJPercival committed with mattcaswell Aug 5, 2016
  23. @RJPercival @mattcaswell

    Clarifies the format of a log's public key in the CONF file

    Reviewed-by: Rich Salz <rsalz@openssl.org>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    RJPercival committed with mattcaswell Aug 4, 2016