- Jun 12, 2017
-
-
Benjamin Kaduk authored
We prevent compression both when the server is parsing the ClientHello and when the client is constructing the ClientHello. A 1.3 ServerHello has no way to hand us back a compression method, and we already check that the server does not try to give us back a compression method that we did not request, so these checks seem sufficient. Weaken the INSTALL note slightly, as we do now expect to interoperate with other implementations. Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3131)
-
- Jun 11, 2017
-
-
Rich Salz authored
Reviewed-by:Kurt Roceckx <kurt@openssl.org>
-
Josh Soref authored
The previous word was a misspelling of nicety Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
-
Rich Salz authored
Make funcs to deal with non-null-term'd string in both asn1_generalizedtime_to_tm() and asn1_utctime_to_tm(). Fixes issue #3444. This one is used to enforce strict format (RFC 5280) check and to convert GeneralizedTime to UTCTime. apps/ca has been changed to use the new API. Test cases and documentation are updated/added Signed-off-by:
Paul Yang <paulyang.inf@gmail.com> Reviewed-by:
-
Beat Bolli authored
Adjust brace placement, whitespace after keywords, indentation and empty lines after variable declarations according to https://www.openssl.org/policies/codingstyle.html . Indent literal sections by exactly one space. Reviewed-by:
-
Josh Soref authored
spelling: algorithm spelling: anyway spelling: assigned spelling: authenticated spelling: callback spelling: certificate spelling: compatibility spelling: configuration spelling: digest spelling: encrypted spelling: function spelling: output spelling: receive spelling: renegotiation spelling: signing spelling: similar spelling: string (Merged from https://github.com/openssl/openssl/pull/3580)Reviewed-by : Rich Salz <rsalz@openssl.org> Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
- Jun 10, 2017
-
-
Rich Salz authored
CLA: trivial Reviewed-by:
-
- Jun 09, 2017
-
-
Paul Yang authored
Check return value of NETSCAPE_SPKI_new() and NETSCAPE_SPKI_b64_encode(), and also clean up coding style incidentally. Signed-off-by:
-
Benjamin Kaduk authored
Move the call to ct_base64_decode(), which allocates, until after the check for NULL output parameter. Also place a cap on the number of padding characters used to decrement the output length -- any more than two '='s is not permitted in a well-formed base64 text. Prior to this change, ct_base64_decode() would return a length of -1 along with allocated storage for an input of "====". Reviewed-by:
-
Josh Soref authored
This incorrectly spelled item exists for compatibility purposes CLA: Trivial Reviewed-by:
-
Pichulin Dmitrii authored
Reviewed-by:
-
Jonathan Protzenko authored
CLA: trivial Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
Luke Faraone authored
Reviewed-by:
-
Paul Yang authored
Signed-off-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
-
- Jun 08, 2017
-
-
Rich Salz authored
The search is approximate; look only for those that look like functions. [skip ci] Reviewed-by:
-
Benjamin Kaduk authored
Modern browsers are now, well, pretty modern. Reviewed-by:
-
Tomas Mraz authored
Fixes #3490 Reviewed-by:
-
Rich Salz authored
when building with OPENSSL_SMALL_FOOTPRINT defined. Reviewed-by:
-
Diego Santa Cruz authored
This uses memset() to clear all of the SRP_CTX when free'ing or initializing it as well as in error paths instead of having a series of NULL and zero assignments as it is safer. It also changes SSL_SRP_CTX_init() to reset all the SRP_CTX to zero in case or error, previously it could retain pointers to freed memory, potentially leading to a double free. Reviewed-by:
-
Diego Santa Cruz authored
Ownership and lifetime rules of SRP_CTX.info are confusing and different from those of SRP_CTX.login, making it difficult to use correctly. This makes the ownership and lifetime be the same as those of SRP_CTX.login, thet is a copy is made when setting it and is freed when SRP_CTX is freed. Reviewed-by:
-
Matt Caswell authored
List the options in the same order and in the same style as the output from "openssl s_server -help" Reviewed-by:
-
Rich Salz authored
Fix test for "documenting private functions" And add -p flag to doc-nits recipe Mark when things were deprecated, if doc'd as such Reviewed-by:
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
[Also bypass sizeof(void *) == 8 check on some platforms.] Reviewed-by: -
Matt Caswell authored
This used to work but was inadvertently removed as part of the TLSv1.3 work. This adds it back. Fixes #3633 Reviewed-by:
-
Richard Levitte authored
The list of programs hit nmake's maximum line length, so we split up the line in smaller chunks. Fixes #3634 Reviewed-by:
-
Rich Salz authored
a buffer returned from BIO_gets is not checked for it's length before reading its contents. Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
-
Todd Short authored
This works with ASN1_UTCTIME and ASN1_GENERALIZED_TIME Reviewed-by:
-
Beat Bolli authored
Reviewed-by:
-
Beat Bolli authored
Reviewed-by:
-
Beat Bolli authored
Reviewed-by:
-
Beat Bolli authored
Reviewed-by:
-
Beat Bolli authored
I tried hard to keep the lines at 80 characters or less, but in a few cases I had to punt and just indented the subsequent lines by 4 spaces. A few well-placed typedefs for callback functions would really help, but these would be part of the API, so that's probably for later. I also took the liberty of inserting empty lines in overlong blocks to provide some visual space. Reviewed-by:
-
Beat Bolli authored
Reviewed-by:
-
Beat Bolli authored
The SSL server example in BIO_f_ssl.pod contains two copies of the BIO_do_accept() call. Remove the second one. Signed-off-by:
Beat Bolli <dev@drbeat.li> Reviewed-by:
-
Beat Bolli authored
Adjust brace placement, whitespace after keywords, indentation and empty lines after variable declarations according to https://www.openssl.org/policies/codingstyle.html . Indent literal sections by exactly one space. Reviewed-by:
-
- Jun 07, 2017
-
-
Rich Salz authored
Run perltidy on util/mkerr Change some mkerr flags, write some doc comments Make generated tables "const" when genearting lib-internal ones. Add "state" file for mkerr Renerate error tables and headers Rationalize declaration of ERR_load_XXX_strings Fix out-of-tree build Add -static; sort flags/vars for options. Also tweak code output Moved engines/afalg to engines (from master) Use -static flag Standard engine #include's of errors Don't linewrap err string tables unless necessary Reviewed-by:
-
Rich Salz authored
Various initialization functions modify this table, which can cause heap corruption in the absence of external synchronization. Some stats are modified from OPENSSL_LH_retrieve, where callers aren't expecting to have to take out an exclusive lock. Switch to using atomic operations for those stats. Reviewed-by:
-
- Jun 06, 2017
-
-
Todd Short authored
Reviewed-by:
-
