- Jul 05, 2017
-
-
Richard Levitte authored
The way try_decode_params works in raw more, it would take the first ASN1 that could decode and return a STORE_INFO with the resulting EVP_PKEY. This change has it go through all the matching ASN1 methods and properly check if there's more than one match, i.e. an ambiguity. Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3863)
-
Benjamin Kaduk authored
If the result of a SSL_{CTX_,}set_{min,max}_proto_version() call leaves the min and max version identical, and support for that version is compiled out of the library, return an error. Such an object has no hope of successfully completing a handshake, and this error may be easier to decipher than the resulting handshake failure. Reviewed-by:Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3422)
-
Benjamin Kaduk authored
Since BN_CTX_init() is gone, all calls use BN_CTX_new(). Also, essentially all consumers will use BN_CTX_start()/BN_CTX_end(), so make that more clear from the BN_CTX_new() man page. Document the thread-unsafety of individual BN_CTX objects. Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3682)
-
Richard Levitte authored
- in EVP_read_pw_string_min(), the return value from UI_add_* wasn't properly checked - in UI_process(), |state| was never made NULL, which means an error when closing the session wouldn't be accurately reported. Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3849)
-
Richard Levitte authored
When tree_calculate_user_set() fails, a jump to error failed to deallocate a possibly allocated |auth_nodes|. Reviewed-by:
-
Pauli authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
Rich Salz authored
[extended tests] Original text: Use BUF_strlcpy() instead of strcpy(). Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus@openbsd.org> Reviewed-by:
-
- Jul 04, 2017
-
-
Pauli authored
This macro aborted the process which stopped any later tests from running. Reviewed-by:
-
Rich Salz authored
Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3842)
-
Richard Levitte authored
If scheme is NULL, the allocated res is leaked Reviewed-by:
-
- Jul 03, 2017
-
-
Pauli authored
This prevents a warning when building with crypto-mdebug. Reviewed-by:
-
Rich Salz authored
And BN_pseudo_rand_range is really BN_rand_range. Document that we might deprecate those functions. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3643)
-
Andy Polyakov authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
[Also typo and readability fixes. Ryzen result is added.] Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Rich Salz authored
Fix a =head1 section name Fix a typo in POD label Remove a spurious =back Add a missing blank line Avoid 'legacy' -- use 'deprecated' if still needed if we cannot just reword. Always do strict checking Do not warn about missing "RETURN VALUES" unless -s is set. Change OpenSSL version 1.1 -> 1.1.0 Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Matt Caswell authored
We need to use the hashsize in generating the exportsecret not 0! Otherwise we end up with random garbage for the secret. It was pure chance that this passed the tests previously. It so happens that, because we call SSL_export_keying_material() repeatedly for different scenarios in the test, we end up in the tls13_export_keying_material() at exactly the same position in the stack each time and therefore end up using the same random garbage secret each time! Reviewed-by:
-
Richard Levitte authored
Instead, make it possible to disable the console reader that's part of the UI module. This makes it possible to use the UI API and other UI methods in environments where the console reader isn't useful. To disable the console reader, configure with 'no-ui-console' / 'disable-ui-console'. 'no-ui' / 'disable-ui' is now an alias for 'no-ui-console' / 'disable-ui-console'. Fixes #3806 Reviewed-by:
-
Richard Levitte authored
The post process callback might potentially say "no" to everything (by constantly returning NULL) and thereby cause an endless loop. Ensure that we stop all processing when "eof" is reached. Reviewed-by:
-
Pauli authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3831)
-
- Jul 02, 2017
-
-
Kurt Roeckx authored
Reviewed-by: -
Richard Levitte authored
... so compare accordingly with "//localhost" Reviewed-by:
-
- Jul 01, 2017
-
-
Richard Levitte authored
Reviewed-by:
-
Rich Salz authored
Remove some incorrect copyright references. Move copyright to standard place Add OpenSSL copyright where missing. Remove copyrighted file that we don't use any more Remove Itanium assembler for RC4 and MD5 (assembler versions of old and weak algorithms for an old chip) Standardize apps/rehash copyright comment; approved by Timo Put dual-copyright notice on mkcert Reviewed-by:
-
- Jun 30, 2017
-
-
Dr. Stephen Henson authored
Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
Rich Salz authored
This is done with the kind permission of Intel. Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
Matt Caswell authored
There are no public TLSv1_3_*method() functions so OPENSSL_NO_TLS1_3_METHOD doesn't make any sense and should be removed. Reviewed-by:
-
- Jun 29, 2017
-
-
Rich Salz authored
Only for Unix platforms Reviewed-by:
-
Richard Levitte authored
Most of the loader function pointers are crucial, they must be defined unconditionally. Therefore, let's make sure OSSL_STORE_register_loader refuses to register incomplete loaders Reviewed-by:
-
Richard Levitte authored
We have already made sure that the loader scheme isn't NULL, so checking if they are NULL or not when comparing registered loaders is redundant. We still soft assert it, just to be entirely sure. Reviewed-by:
-
Richard Levitte authored
For Windows, we care which way it is, the resulting file is just a pile of symbols. For VMS, we really need to care about the numeric ordering, and getting the symbols sorted by symbol version too didn't agree with that. Reviewed-by:
-
Richard Levitte authored
This allows us to guard Unix specific functions with #ifndef / #ifdef OPENSSL_SYS_UNIX Reviewed-by:
-
