- Oct 11, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by:Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: -
Dr. Stephen Henson authored
Reviewed-by: -
Dr. Stephen Henson authored
Reviewed-by: -
Dr. Stephen Henson authored
Reviewed-by:Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
PR#4035 Reviewed-by:
-
- Oct 10, 2015
-
-
Dr. Stephen Henson authored
PR#4079 Reviewed-by:Tim Hudson <tjh@openssl.org>
-
- Oct 09, 2015
-
-
Emilia Kasper authored
Note that this commit constifies a user callback parameter and therefore will break compilation for applications using this callback. But unless they are abusing write access to the buffer, the fix is trivial. Reviewed-by:Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
Add the new ct directory to mkfiles.pl and fix the ct Makefile Reviewed-by: -
Adam Eijdenberg authored
Original authors: Rob Stradling <rob@comodo.com> Dr. Stephen Henson <steve@openssl.org> Reviewed-by:
Emilia Kasper <emilia@openssl.org> Reviewed-by:
-
- Oct 08, 2015
-
-
Emilia Kasper authored
Reviewed-by: -
Matt Caswell authored
mkdef.pl was getting confused by: # ifdef OPENSSL_NO_RMD160 # error RIPEMD is disabled. # endif Changing RIPEMD to RMD160 solves it. Fix suggested by Steve Henson. Reviewed-by: -
Matt Caswell authored
The function int_rsa_verify is an internal function used for verifying an RSA signature. It takes an argument |dtype| which indicates the digest type that was used. Dependant on that digest type the processing of the signature data will vary. In particular if |dtype == NID_mdc2| and the signature data is a bare OCTETSTRING then it is treated differently to the default case where the signature data is treated as a DigestInfo (X509_SIG). Due to a missing "else" keyword the logic actually correctly processes the OCTETSTRING format signature first, and then attempts to continue and process it as DigestInfo. This will invariably fail because we already know that it is a bare OCTETSTRING. This failure doesn't actualy make a real difference because it ends up at the |err| label regardless and still returns a "success" result. This patch just cleans things up to make it look a bit more sane. RT#4076 Reviewed-by:Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by:
-
- Oct 07, 2015
-
-
Pascal Cuoq authored
Signed-off-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
Pascal Cuoq authored
Signed-off-by:
-
Pascal Cuoq authored
Signed-off-by:
-
Pascal Cuoq authored
It returns -1 on error, not 0. Signed-off-by:
-
Pascal Cuoq authored
BN_with_flags() will read the dest->flags to keep the BN_FLG_MALLOCED but overwrites everything else. Signed-off-by:
-
Matt Caswell authored
The function ssl_check_for_safari fingerprints the incoming extensions to see whether it is one of the broken versions of safari. However it was failing to reset the PACKET back to the same position it started in, hence causing some extensions to be skipped incorrectly. Reviewed-by:
-
- Oct 06, 2015
-
-
Alessandro Ghedini authored
-Allow mingw debug builds to fail on Travis CI -Fix Travis email notifications config -Rename a variable to avoid a bogus warning with old GCC error: declaration of ``dup'' shadows a global declaration [-Werror=shadow] -Disable pedantic ms-format warnings with mingw -Properly define const DH parameters -Restore --debug flag in Travis CI builds; -d would get incorrectly passed to ./Configure in mingw debug builds. Signed-off-by:
-
Emilia Kasper authored
Reviewed-by: -
Dr. Stephen Henson authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by:
-
- Oct 05, 2015
-
-
Dmitry Belyavskiy authored
This change introduces short names and NIDs for Russian GOST ciphers according to GOST R 34.13-2015 Reviewed-by:
-
Alessandro Ghedini authored
RT#4069 Reviewed-by:
-
Emilia Kasper authored
Reviewed-by: -
Emilia Kasper authored
The user callback takes a non-const pointer, so don't pass PACKET data to it directly; rather, grab a local copy. Reviewed-by: -
Emilia Kasper authored
Fix alerts. Reviewed-by: -
Emilia Kasper authored
Move all packet parsing to the beginning of the method. This limits the SSLv2 compatibility soup to the parsing, and makes the rest of the processing uniform. This is also needed for simpler EMS support: EMS servers need to do an early scan for EMS to make resumption decisions. This'll be easier when the entire ClientHello is parsed in the beginning. As a side effect, 1) PACKETize ssl_get_prev_session and tls1_process_ticket; and 2) Delete dead code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG. Reviewed-by: -
Richard Levitte authored
Reviewed-by:Ben Laurie <ben@openssl.org>
-
Richard Levitte authored
Some makedepend mechanisms remove all directory information in the target, so a dependency can looks like this: ssl3_record.o: record/ssl3_record.c However, that doesn't quite suit us, our Makefile has us build record/ssl3_record.o rather than ssl3_record.o. To clear this up, a change to util/clean-depend.pl takes care of this case by looking up the original file in the dependencies and restoring the directory information from it. Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Even though SOCKET is effectively declared as (void *) on Windows, it's not actually a pointer, but an index within per-process table of kernel objects. The table size is actually limited and its upper limit is far below upper limit for signed 32-bit integer. This is what makes cast in question possible. Reviewed-by:
-
Dr. Stephen Henson authored
When a decoding error in ASN.1 occurs only free up the partial structure at the top level. This simplifies embedded handling and fixes freeing up of structures when presented with malformed input. Reviewed-by:
-
- Oct 03, 2015
-
-
Kurt Roeckx authored
Thanks to David Benjamin <davidben@google.com> for pointing them out. Reviewed-by:Steve Henson <steve@openssl.org> MR #1198
-
- Oct 02, 2015
-
-
Rich Salz authored
Reviewed-by:
-
- Oct 01, 2015
-
-
Matt Caswell authored
This reverts commit 3aabc1dd . Reviewed-by:
-
