- May 11, 2017
-
-
Rich Salz authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3443)
-
Rich Salz authored
Reviewed-by:
-
Todd Short authored
Issue 1: sh.bittable_size is a size_t but i is and int, which can result in freelist == -1 if sh.bittable_size exceeds an int. This seems to result in an OPENSSL_assert due to invalid allocation size, so maybe that is "ok." Worse, if sh.bittable_size is exactly 1<<31, then this becomes an infinite loop (because 1<<31 is a negative int, so it can be shifted right forever and sticks at -1). Issue 2: CRYPTO_secure_malloc_init() sets secure_mem_initialized=1 even when sh_init() returns 0. If sh_init() fails, we end up with secure_mem_initialized=1 but sh.minsize=0. If you then call secure_malloc(), which then calls, sh_malloc(), this then enters an infite loop since 0 << anything will never be larger than size. Issue 3: That same sh_malloc loop will loop forever for a size greater than size_t/2 because i will proceed (assuming sh.minsize=16): i=16, 32, 64, ..., size_t/8, size_t/4, size_t/2, 0, 0, 0, 0, .... This sequence will never be larger than "size". Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
-
Richard Levitte authored
BIO_socket_ioctl is only implemented on VMS for VMS version 7.0 and up, but since we only support version 7.1 and up, there's no need to check the VMS version. Reviewed-by:
-
Richard Levitte authored
Not exactly everywhere, but in those source files where stdint.h is included conditionally, or where it will be eventually Reviewed-by:
-
Richard Levitte authored
In some cases, testutil outputs subtests like this: 1..6 # Subtest: progname The standard set by Test::More (because there really is no actual standard yet) gives this display: # Subtest: progname 1..6 Until the standard is actually agreed upon, let's do it like Test::More. Reviewed-by: -
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Bernd Edlinger authored
- Mostly missing fall thru comments - And uninitialized value used in sslapitest.c Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Rich Salz authored
Add file/line# to test error message. Also remove expected/got fields since TEST structure prints them. Reviewed-by:
-
Rich Salz authored
Report test detail error. Reviewed-by:
-
Rich Salz authored
Also, allow multiple files on commandline (for future splitup of evptests.txt) Reviewed-by:
-
Tomas Mraz authored
Allow conversion of existing requests to certificates again. Fixes the issue #3396 Reviewed-by:
-
Pauli authored
The second BN_is_zero test can never be true. Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3436)
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Only applies if we're not doing psk. Reviewed-by:
-
Matt Caswell authored
We abort if we read a message like this. Reviewed-by:
-
Matt Caswell authored
We should be validating that. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Previously we sent a decode_error alert. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Make sure we are using the correct alert codes as per the spec. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Add "single part" digest sign and verify functions. These sign and verify a message in one function. This simplifies some operations and it will later be used as the API for algorithms which do not support the update/final mechanism (e.g. PureEdDSA). Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
- May 10, 2017
-
-
Rich Salz authored
Reviewed-by:
-
Matt Caswell authored
Test that custom extensions still work even after a change in SSL_CTX due to SNI. See #2180. Reviewed-by:
-
Matt Caswell authored
The function SSL_set_SSL_CTX() can be used to swap the SSL_CTX used for a connection as part of an SNI callback. One result of this is that the s->cert structure is replaced. However this structure contains information about any custom extensions that have been loaded. In particular flags are set indicating whether a particular extension has been received in the ClientHello. By replacing the s->cert structure we lose the custom extension flag values, and it appears as if a client has not sent those extensions. SSL_set_SSL_CTX() should copy any flags for custom extensions that appear in both the old and the new cert structure. Fixes #2180 Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3430)
-
Richard Levitte authored
TAP:Harness came along in perl 5.10.1, and since we claim to support perl 5.10.0 in configuration and testing, we can only load it conditionally. The main reason to use TAP::Harness rather than Test::Harness is its capability to merge stdout and stderr output from the test recipes, which Test::Harness can't. The merge gives much more comprehensible output when testing verbosely. Reviewed-by:
-
- May 09, 2017
-
-
Pauli authored
Add relative tests for bignums. Reviewed-by:
-
Pauli authored
This includes support for: - comparisions between pairs of BIGNUMs - comparisions between BIGNUMs and zero - equality comparison between BIGNUMs and one - equality comparisons between BIGNUMs and constants - parity checks for BIGNUMs Reviewed-by:
-
Matt Caswell authored
Verify that we fail if we receive an HRR but no change will result in ClientHello2. Reviewed-by:
-
Matt Caswell authored
It is invalid if we receive an HRR but no change will result in ClientHello2. Reviewed-by:
-
