- Sep 21, 2015
-
-
Matt Caswell authored
GOST extends PKCS5 PBES2/PBKDF2 with some additional GOST specific PRFs. Based on a patch provided by Dmitry Belyavsky <beldmit@gmail.com> Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
There were some memory leaks in the creation of an SRP verifier (both on successful completion and also on some error paths). Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
The -srpvfile option was broken in the srp command line app. Using it would always result in "-dbfile and -configfile cannot be specified together." The error message is also wrong because the option is "-srpvfile" not "-dbfile", so that has been fixed too. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Sep 20, 2015
-
-
Dr. Stephen Henson authored
PR#3817 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
There actually is a "srp" feature to check the availability on Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
There actually is a "jpake" feature to check the availability on Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
These tests were checking for specific sha variants, when they should just check if "sha" is disabled. Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
It depended on 'openssl no-wp', which always exited with code 0, so this test would never be performed, and this, I never discovered that the program it's supposed to run was misspellt. Furthermore, the feature to check is 'whirlpool', not 'wp'. All corrected. Reviewed-by: Stephen Henson <steve@openssl.org>
-
- Sep 19, 2015
-
-
Richard Levitte authored
I have no clue why MD_GHOST94 was checked on, there is no OPENSSL_NO_MD_GHOST94 in sight anywhere Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
Have a look at the directories in crypto/, I found reason to add checks on CMAC and HMAC. This might be completely irrelevant, but I prefered covering too much than not enough. Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
A grep of OPENSSL_NO_ in the rest of the source tree revealed a few more features to check. NOTE: there are some of those macros that I ignore because a check of them doesn't seem useful to external apps. This might change later on. Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
After a grep of OPENSSL_NO_ in apps/*.c, a few more features that may be interesting to check the availability of came up. Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
I've tried to make this list as complete as possible, based on information found in apps/progs.pl. Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Add Utils.pm for test utilities. This currently just contains one function: disabled which checks if a feature is disabled based on the output of openssl list -disabled Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
OPENSSL_NO_ECA changed to OPENSSL_NO_EC Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
Obvious typo, and it took configuring with 'zlib' to discover it, otherwise there was a previous skip that bypassed this section entirely. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
TLSProxy was failing if we are Configured with compression because it doesn't support it. This fix simply switches compression off for the purposes of the test. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
New option "openssl list -disabled" this lists a set of disabled features in a form which can be conveniently parsed by the test framework so it knows which tests to skip. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
When an OID is decoded see if it exists in the registered OID table and if so return the shared OID instead of dynamically allocating an ASN1_OBJECT. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Sep 18, 2015
-
-
Richard Levitte authored
If test/recipes/40-test_rehash.t is executed as root, the last test will fail, since the created directory will remain writable no matter what. Make sure it complains loudly about being run as root. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
It's unused, and the same functionality can be achieved with saving a copy of the struct. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Sep 17, 2015
-
-
Matt Caswell authored
In master we have the function OPENSSL_clear_free(x,y), which immediately returns if x == NULL. In <=1.0.2 this function does not exist so we have to do: OPENSSL_cleanse(x, y); OPENSSL_free(x); However, previously, OPENSSL_cleanse did not check that if x == NULL, so the real equivalent check would have to be: if (x != NULL) OPENSSL_cleanse(x, y); OPENSSL_free(x); It would be easy to get this wrong during cherry-picking to other branches and therefore, for safety, it is best to just ensure OPENSSL_cleanse also checks for NULL. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
Previously, the conversion would silently coerce to ASCII. Now, we error out. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Emilia Kasper authored
Rewrite EVP_DecodeUpdate. In particular: reject extra trailing padding, and padding in the middle of the content. Don't limit line length. Add tests. Previously, the behaviour was ill-defined, and depended on the position of the padding within the input. In addition, this appears to fix a possible two-byte oob read. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Dr Stephen Henson <steve@openssl.org>
-
Emilia Kasper authored
The bookmark API results in a lot of boilerplate error checking that can be much more easily achieved with a simple struct copy. It also lays the path for removing the third PACKET field. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Real fix for RT 4033 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Filipe DA SILVA authored
Make sure it's valid very early. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Emilia Kasper authored
Simplify encrypted premaster secret reading by using new methods in the PACKET API. Don't overwrite the packet buffer. RSA decrypt accepts truncated ciphertext with leading zeroes omitted, so it's even possible that by crafting a valid ciphertext with several leading zeroes, this could cause a few bytes out-of-bounds write. The write is harmless because of the size of the underlying message buffer, but nevertheless we shouldn't write into the packet. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Sep 16, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-