- Jun 06, 2017
-
-
Todd Short authored
At the moment we flush the write BIO if we send a fatal alert, but not a warning one. This can mean the warning is never sent if we never do another write and subsequently flush the BIO. Instead we should just always flush after writing an alert. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3432)
-
Todd Short authored
During setup of a reneg test the server can refuse to start reneg. If that happens we should let the client continue and then fail. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3432)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Paul Yang authored
Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3614)
-
Paul Yang authored
remove the tailing dot Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3614)
-
Paul Yang authored
Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3614)
-
Paul Yang authored
To test X509_check_private_key and relatives. Add a CSR and corresponding RSA private key to test X509_REQ_check_private_key function. Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3614)
-
Paul Yang authored
Document two private key check functions: X509_check_private_key X509_REQ_check_private_key Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3614)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3621)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3621)
-
- Jun 05, 2017
-
-
Rich Salz authored
Document that -psk is required to use PSK cipher [skip ci] Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3607)
-
Daniel Kahn Gillmor authored
s_server has traditionally been very brittle in PSK mode. If the client offered any PSK identity other than "Client_identity" s_server would simply abort. This is breakage for breakage's sake, and unlike most other parts of s_server, which tend to allow more flexible connections. This change accomplishes two things: * when the client's psk_identity does *not* match the identity expected by the server, just warn, don't fail. * allow the server to expect instead a different psk_identity from the client besides "Client_identity" Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3605)
-
Rich Salz authored
Standardize file:line messages Reduce buff size; move to end of STANZA Add some Title entries (with blank line after) Add Title to some BN test files. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3608)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Drop some redundant instructions in reduction in ecp_nistz256_sqr_montx. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jun 02, 2017
-
-
Todd Short authored
Code was added in commit b3c31a65 that overwrote the last ex_data value using CRYPTO_dup_ex_data() causing a memory leak, and potentially confusing the ex_data dup() callback. In ssl_session_dup(), fix error handling (properly reference and up-ref shared data) and new-up the ex_data before calling CRYPTO_dup_ex_data(); all other structures that dup ex_data have the destination ex_data new'd before the dup. Fix up some of the ex_data documentation. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3323)
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3606)
-
Matt Caswell authored
One particular build was running out of memory. By swapping to debug mode we reduce the optimisation level which should reduce the amount of memory required. [extended tests] Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3601)
-
Matt Caswell authored
Fix undefined behaviour in curve25519.c. Prior to this running with ubsan produces errors like this: crypto/ec/curve25519.c:3871:18: runtime error: left shift of negative value -22867 [extended tests] Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3600)
-
- Jun 01, 2017
-
-
Keigo Tanaka authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3456)
-
Aashil Patel authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3596)
-
Rich Salz authored
Report if any non-public items are documented. Add util/private.num that lists items that aren't in the public (lib*.num) files that we do want to document. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3603)
-
- May 31, 2017
-
-
Rich Salz authored
Thanks to Jan Alexander Steffens for finding the bug and confirming the fix. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3592)
-
Erwann Abalea authored
CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3590)
-
Richard Levitte authored
This can be used by engines that need to retain the data for a longer time than just the call where this user data is passed. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3575)
-
Paul Yang authored
Reformat some indents and braces based on OpenSSL coding style spec. Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3586)
-
HorimotoYasuhiro authored
Fix coding style Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3581)
-
Matt Caswell authored
In a recent PR (#3566) it seems that TLSProxy gave up trying to connect to the server process too quickly. This meant the test failed even though the server *did* eventually start. Currently we try 3 times to connect with a 0.1 second pause between each attempt. That is probably too aggressive. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3587)
-
- May 30, 2017
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3503)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3503)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3503)
-
Dr. Stephen Henson authored
Add Ed25519 certificate verify test using certificate from draft-ietf-curdle-pkix-04 and custom generated root certificate. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3503)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3503)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3503)
-