- Jun 14, 2016
-
-
Richard Levitte authored
'DEPEND[]=file.h' becomes a special way to say that 'file.h' must be generated before anything else is built. It's likely that a number of source files depend on these header files, this provides a simple way to make sure they are always generated even it the dependency data hasn't been added to the build file yet. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
The selector field could be omitted because it has a DEFAULT value. In this case *sfld == NULL (sfld can never be NULL). This was not noticed because this was never used in existing ASN.1 modules. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Kurt Roeckx authored
Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #2949
-
Kurt Roeckx authored
ssl_session_hash() always looks at the first 4 bytes, regardless of the length. A client can send a session id that's shorter, and the callback could also generate one that's shorter. So we make sure that the rest of the buffer is initliazed to 0 so that we always calculate the same hash. Found by tis-interpreter, also previously reported as RT #2871 Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #2911
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Also changed the code to use "appname" not "filename" Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
The function a2i_ASN1_STRING can encounter an error after already allocating a buffer. It wasn't always freeing that buffer on error. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
The variable |crtflst| could get double freed in an error path. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
The -psk option processing was falling through to the -srp option processing in the ciphers app. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Fix a comment following commit c2c49969 . RT2388 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jun 13, 2016
-
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
VMS C doesn't allow symbols longer than 31 characters. We do the automatic shortening with the library files, but not otherwise (to make sure to work the VMS C magic). For consistency, I shortened other similar symbols in the same manner. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Peter Mosmans authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Rich Salz authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
TJ Saunders authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1193)
-
TJ Saunders authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1193)
-
TJ Saunders authored
per review comments. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1193)
-
TJ Saunders authored
SSH2 implementations which use DSA_do_verify() and ECDSA_do_verify() are given the R and S values, and the data to be signed, by the client. Thus in order to validate these signatures, SSH2 implementations will digest and sign the data -- and then pass in properly provisioned DSA_SIG and ECDSA_SIG objects. Unfortunately, the existing OpenSSL-1.1.0 APIs do not allow for directly setting those R and S values in these objects, which makes using OpenSSL for such SSH2 implementations much more difficult. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1193)
-
Matt Caswell authored
Some misc return value checks Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Update the SSL_set_session() documentation to reflect the fact that old bad sessions are removed from the cache if necessary. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
This commit adds some session API tests, and in particular tests the modified behaviour of SSL_set_session() introduced in the last commit. To do this I have factored out some common code from the asynciotest into a new ssltestlib.c file. I've also renamed getsettest to sslapitest as this more closely matches what it now is! Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
SSL_clear() and SSL_free() will remove a session from the cache if it is considered "bad". However SSL_set_session() does not do this for the session it is replacing. SSL_clear() clears an SSL object ready for reuse. It does not clear the session though. This means that: SSL_clear(s) SSL_set_session(s, sess); and SSL_set_session(s, sess); SSL_clear(s); do not do the same thing, although logically you would expect that they would. The failure of SSL_set_session() to remove bad sessions from the cache should be considered a bug, so this commit fixes it. RT#597 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
The SNI tests introduced a redundant "server2" section into every test configuration. Copy this automatically from "server" unless testing SNI, to reduce noise in the generated confs. Also remove duplicate SSL_TEST_CTX_create (merge conflict error). Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Some Linux platforms have a suitably recent kernel to support AFALG, but apparently you still can't actually create an afalg socket. This extends the afalg_chk_platform() function to additionally check whether we can create an AFALG socket. We also amend the afalgtest to not report a failure to load the engine as a test failure. A failure to load is almost certainly due to platform environmental issues, and not an OpenSSL problem. RT 4434 Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
- Only send SNI in SNI tests. This allows us to test handshakes without the SNI extension as well. - Move all handshake-specific machinery to handshake_helper.c - Use enum types to represent the enum everywhere (Resorting to plain ints can end in sign mismatch when the enum is represented by an unsigned type.) Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
This is really a security bugfix, not enhancement any more. Everyone knows critical extensions. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jun 12, 2016
-
-
Dr. Stephen Henson authored
Don't use BN_hex2bn() for PSK key conversion as the conversion to BN and back removes leading zeroes, use OPENSSL_hexstr2buf() instead. RT#4554 Reviewed-by: Matt Caswell <matt@openssl.org>
-
John Denker authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Rich Salz authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Phillip Hellewell authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Jun 11, 2016
-
-
TJ Saunders authored
it looks like these names have shifted a little over time. Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1203)
-
Kurt Roeckx authored
Found by tis-interpreter Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1179
-
Kurt Roeckx authored
Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1174
-
Kurt Roeckx authored
Found by tis-interpreter Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1173
-
Kurt Roeckx authored
Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1172
-