- 06 Aug, 2016 4 commits
-
-
JimC authored
Commit 3eb2aff4 renamed a field of ssl_cipher_st from algorithm_ssl -> min_tls but neglected to update the fprintf reference which is included by -DCIPHER_DEBUG Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1417)
-
Richard Levitte authored
I bug in perl's File::Spec->canonpath() was uncovered. There's nothing we can do about it (except re-implementing canonpath()), except working around the problem (a directory rename) and reporting the issue to the perl module developers. Reviewed-by: -
Tomas Mraz authored
Add colon when printing Registered ID. Remove extra space when printing DirName. Reviewed-by:
Kurt Roeckx <kurt@openssl.org> Reviewed-by:
-
Rob Percival authored
In one failure case, it used to return -1. That failure case (CTLOG_new() returning NULL) was not usefully distinct from all of the other failure cases. Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
-
- 05 Aug, 2016 19 commits
-
-
klemens authored
Reviewed-by:
-
klemens authored
Reviewed-by:
-
Rob Percival authored
This is an entirely useless function, given that CTLOG is publicly immutable. Reviewed-by:
-
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
These functions are: SSL_use_certificate_file SSL_use_RSAPrivateKey_file SSL_use_PrivateKey_file SSL_CTX_use_certificate_file SSL_CTX_use_RSAPrivateKey_file SSL_CTX_use_PrivateKey_file SSL_use_certificate_chain_file Internally, they use BIO_s_file(), which is defined and implemented at all times, even when OpenSSL is configured no-stdio. Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
The macros that produce PEM_write_FOO() andd PEM_read_FOO() only do so unless 'no-stdio' has been configured. mkdef.pl should mimic that by marking those functions with the "STDIO" algo. Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
These were guarded by $disabled{tests}. However, 'tests' is disabled if we configure 'no-stdio', which means that we don't detect the lack of OPENSSL_NO_STDIO guards in our public header files. So we move the generation and build of test/buildtest_*.c to be unconditional. Reviewed-by: -
Dr. Stephen Henson authored
Thanks to Hanno Böck for reporting this bug. Reviewed-by: -
Emilia Kasper authored
Should result in more accurate header file coverage, see https://github.com/eddyxu/cpp-coveralls/issues/54 Reviewed-by:
-
Emilia Kasper authored
Run tests with coverage and report to coveralls.io For simplicity, this currently only adds a single target in a configuration that attempts to maximize coverage. The true CI coverage from all the various builds may be a little larger. The coverage run has the following configuration: - no-asm: since we can't track asm coverage anyway, might as well measure the non-asm code coverage. - Enable various disabled-by-default options: - rc5 - md2 - ec_nistp_64_gcc_128 - ssl3 - ssl3-method - weak-ssl-ciphers Finally, observe that no-pic implies no-shared, and therefore running both builds in the matrix is redundant. Reviewed-by:
-
Dr. Stephen Henson authored
Thank to Shi Lei for reporting this bug. Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by:Emilia Käsper <emilia@openssl.org>
-
Richard Levitte authored
We mark small comments with a dash immediately following the starting /*. However, *INDENT-(ON|OFF)* comments shouldn't be treated that way, or indent will ignore them if we do. Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
Richard Levitte authored
Reviewed-by: -
Dániel Bakai authored
Reviewed-by:
-
- 04 Aug, 2016 17 commits
-
-
David Woodhouse authored
Reviewed-by:
-
David Woodhouse authored
Baroque, almost uncommented code triggers behaviour which is undefined by the C standard. You might quite reasonably not care that the code was broken on ones-complement machines, but if we support a ubsan build then we need to at least pretend to care. It looks like the special-case code for 64-bit big-endian is going to behave differently (and wrongly) on wrap-around, because it treats the values as signed. That seems wrong, and allows replay and other attacks. Surely you need to renegotiate and start a new epoch rather than wrapping around to sequence number zero again? Reviewed-by:
-
David Woodhouse authored
DTLSv1_client_method() is deprecated, but it was the only way to obtain DTLS1_BAD_VER support. The SSL_OP_CISCO_ANYCONNECT hack doesn't work with DTLS_client_method(), and it's relatively non-trivial to make it work without expanding the hack into lots of places. So deprecate SSL_OP_CISCO_ANYCONNECT with DTLSv1_client_method(), and make it work with SSL_CTX_set_{min,max}_proto_version(DTLS1_BAD_VER) instead. Reviewed-by: -
David Woodhouse authored
Commit 3eb2aff4 ("Add support for minimum and maximum protocol version supported by a cipher") disabled all ciphers for DTLS1_BAD_VER. That wasn't helpful. Give them back. Reviewed-by:
-
David Woodhouse authored
DTLS version numbers are strange and backwards, except DTLS1_BAD_VER so we have to make a special case for it. This does leave us with a set of macros which will evaluate their arguments more than once, but it's not a public-facing API and it's not like this is the kind of thing where people will be using DTLS_VERSION_LE(x++, y) anyway. Reviewed-by:
-
David Woodhouse authored
The Change Cipher Spec message in this ancient pre-standard version of DTLS that Cisco are unfortunately still using in their products, is 3 bytes. Allow it. Reviewed-by:
-
David Woodhouse authored
Commit d8e8590e ("Fix missing return value checks in SCTP") made the DTLS handshake fail, even for non-SCTP connections, if SSL_export_keying_material() fails. Which it does, for DTLS1_BAD_VER. Apply the trivial fix to make it succeed, since there's no real reason why it shouldn't even though we never need it. Reviewed-by:
-
Richard Levitte authored
Reviewed-by: -
Benjamin Kaduk authored
The options RC4_CHUNK_LL, DES_PTR, and BF_PTR were removed by Rich in commit 3e9e810f but were still sticking around in a coupule configuration entries. Since they're unused, remove them. Reviewed-by:
-
Rich Salz authored
Reviewed-by: -
Rich Salz authored
Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
Dr. Stephen Henson authored
Thanks to Shi Lei for reporting this issue. Reviewed-by: -
FdaSilvaYY authored
into a structure , to avoid any accident . Plus some few cleanups Reviewed-by:
-
JimC authored
- Commit a95ce7f builds *.manifest files on windows -- added them to .gitignore. - ignore pod -> html temp file Reviewed-by:
-
FdaSilvaYY authored
Reviewed-by:
-
FdaSilvaYY authored
... get_by_fingerprint() and get_by_alias() Reviewed-by:
-
