- 18 Jul, 2016 16 commits
-
-
Richard Levitte authored
Reviewed-by:Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
PROGRAM_NO_INST, ENGINES_NO_INST, SCRIPTS_NO_INST and LIBS_NO_INST are to be used to specify program, engines, scripts and libraries that are not to be installed in the system. Fuzzers, test programs, that sort of things are of the _NO_INST type, for example. For the benefit of build file templates and other templates that use data from configdata.pm, a new hash table $unified_info{install} is created. It contains a set of subhashes, one for each type of installable, each having an array of file names as values. For example, it can look like this: "install" => { "engines" => [ "engines/afalg/afalg", "engines/capi", "engines/dasync", "engines/padlock", ], "libraries" => [ "libcrypto", "libssl", ], "programs" => [ "apps/openssl", ], "scripts" => [ "apps/CA.pl", "apps/tsget", "tools/c_rehash", ], }, Reviewed-by: -
Dr. Stephen Henson authored
The ASN.1 BIGNUM type needs to be handled in a custom way as it is not a generic ASN1_STRING type. Reviewed-by: -
Matt Caswell authored
Also elaborated a comment based on feedback. Reviewed-by:Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Switch on Travis testing of SSLv3. Reviewed-by: -
Matt Caswell authored
The logic testing whether a CKE message is allowed or not was a little difficult to follow. This tries to clean it up. Reviewed-by: -
Matt Caswell authored
The static function key_exchange_expected() used to return -1 on error. Commit 361a1191 changed that so that it can never fail. This means that some tidy up can be done to simplify error handling in callers of that function. Reviewed-by:
-
Matt Caswell authored
If configuring for anything other than the default TLS protocols then test failures were occuring. Reviewed-by: -
Matt Caswell authored
Having received a ClientKeyExchange message instead of a Certificate we know that we are not going to receive a CertificateVerify message. This means we can free up the handshake_buffer. However we better call ssl3_digest_cached_records() instead of just freeing it up, otherwise we later try and use it anyway and a core dump results. This could happen, for example, in SSLv3 where we send a CertificateRequest but the client sends no Certificate message at all. This is valid in SSLv3 (in TLS clients are required to send an empty Certificate message). Found using the BoringSSL test suite. Reviewed-by: -
Matt Caswell authored
In TLS if the server sends a CertificateRequest and the client does not provide one, if the server cannot continue it should send a HandshakeFailure alert. In SSLv3 the same should happen, but instead we were sending an UnexpectedMessage alert. This is incorrect - the message isn't unexpected - it is valid for the client not to send one - its just that we cannot continue without one. Reviewed-by: -
Matt Caswell authored
In TLS during ClientAuth if the CA is not recognised you should get an UnknownCA alert. In SSLv3 this does not exist and you should get a BadCertificate alert. Reviewed-by: -
Matt Caswell authored
The Client Auth tests were not correctly setting the Protocol, so that this aspect had no effect. It was testing the same thing lots of times for TLSv1.2 every time. Reviewed-by: -
Matt Caswell authored
Move the preparation of the client certificate to be post processing work after reading the CertificateRequest message rather than pre processing work prior to writing the Certificate message. As part of preparing the client certificate we may discover that we do not have one available. If we are also talking SSLv3 then we won't send the Certificate message at all. However, if we don't discover this until we are about to send the Certificate message it is too late and we send an empty one anyway. This is wrong for SSLv3. Reviewed-by: -
Matt Caswell authored
Mingw builds on Travis were failing because INT_MAX was undeclared. Reviewed-by: -
Matt Caswell authored
The i2d_SCT_LIST function is declared as __owur, therefore we need to check the result or a --strict-warnings build will fail. Reviewed-by:
-
- 16 Jul, 2016 13 commits
-
-
Andy Polyakov authored
and short-input performance. [Fix bug in misaligned output handling.] Reviewed-by:Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
[Also optimize aligaddr usage in single-block subroutines.] Reviewed-by: -
Kurt Roeckx authored
Reviewed-by: -
Kurt Roeckx authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by:
-
Richard Levitte authored
Instead of having fuzz/build.info.fuzz magically and conditionally included along with the other build.info files, incorporate it in fuzz/build.info and add the conditions there instead. Reviewed-by: -
Miroslav Franc authored
Reviewed-by:
Kurt Roeckx <kurt@openssl.org> Reviewed-by:
-
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by:
-
- 15 Jul, 2016 5 commits
-
-
Richard Levitte authored
Reviewed-by:Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
RT#4611 Reviewed-by: -
Dr. Stephen Henson authored
Reviewed-by: -
Richard Levitte authored
With a number of tools, especially those coming with Visual Studio, some command options are separated from their argument with a space, others with a space. Since we parametrise them, we can't know beforehand which it will be, so we must allow the input and output options to have either. However, spaces at the end of nmake macro values are trimmed, so allow spaces to exist by adding a reference to an undefined macro at the end. Reviewed-by:Andy Polyakov <appro@openssl.org>
-
Andy Polyakov authored
Reviewed-by:
-
- 14 Jul, 2016 3 commits
-
-
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
This is only done for the platforms where 'OPENSSL_USE_APPLINK' is defined. Also, change the docs of OPENSSL_Applink to say where to find applink.c in the installation directory. Reviewed-by: -
Richard Levitte authored
The easiest way to take care of manifest files is to integrate them into the associated binary (.exe or .dll). MT (the Manifest Tool) is the utility to use for this. Reviewed-by:
-
- 13 Jul, 2016 2 commits
-
-
Dr. Stephen Henson authored
Reviewed-by: -
Dr. Stephen Henson authored
RT#4605 Reviewed-by:
-
- 12 Jul, 2016 1 commit
-
-
David Benjamin authored
The set0 setters take ownership of their arguments, so the values should be set to NULL to avoid a double-free in the cleanup block should ssl_security(SSL_SECOP_TMP_DH) fail. Found by BoringSSL's WeakDH test. Reviewed-by:
-
