- Apr 30, 2017
-
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
"Next" refers to negative minimum "next" to one presentable by given number of bytes. For example, -128 is negative minimum presentable by one byte, and -256 is "next" one. Thanks to Kazuki Yamaguchi for report, GH#3339 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Apr 28, 2017
-
-
Rich Salz authored
Bug found and fix suggested by Julian Rüth. Push error if fflush fails Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3266)
-
Richard Levitte authored
It was released a couple of days after our latest update [extended tests] Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3346)
-
Rich Salz authored
Also add a comment describing the file format. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3337)
-
Pauli authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3327)
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3345)
-
Richard Levitte authored
Also added a internal error printing callback to be used both with ERR_print_errors_cb() and with CRYPTO_mem_leaks_cb Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3345)
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3345)
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3345)
-
Richard Levitte authored
These functions aren't meant to be used directly by the test programs, reflect that by making the declarations a little harder to reach, but still available enough if there's a need to override them. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3345)
-
FdaSilvaYY authored
Remove hardcoded bound checkings. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3141)
-
FdaSilvaYY authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3141)
-
FdaSilvaYY authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3141)
-
Todd Short authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3344)
-
Bernd Edlinger authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3328)
-
Richard Levitte authored
When you want to debug a test that goes wrong, it's useful to know exactly what subprocess commands are run. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3342)
-
- Apr 27, 2017
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3336)
-
Andy Polyakov authored
Approach was opportunistic in Windows context from its inception and on top of that it was proven to be error-prone at link stage. Correct answer is to introduce library-specific time function that we can control in platform-neutral manner. Meanwhile we just let be attempts to override time on Windows. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3320)
-
Matt Caswell authored
Enforcement of an SNI extension in the initial ClientHello is becoming increasingly common (e.g. see GitHub issue #2580). This commit changes s_client so that it adds SNI be default, unless explicitly told not to via the new "-noservername" option. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2614)
-
Bernd Edlinger authored
Fixes #3063. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3100)
-
Bernd Edlinger authored
It is not necessary to remove leading zeros here because RSA_padding_check_PKCS1_OAEP_mgf1 appends them again. As this was not done in constant time, this might have leaked timing information. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3313)
-
- Apr 26, 2017
-
-
Rich Salz authored
Showed up on GCC with strict warnings. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3325)
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3252)
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3265)
-
Graham Edgecombe authored
This fixes a segfault if a NULL parse_cb is passed to SSL_CTX_add_{client,server}_custom_ext, which was supported in the pre-1.1.1 implementation. This behaviour is consistent with the other custom_ext_*_old_cb_wrap functions, and with the new SSL_CTX_add_custom_ext function. CLA: trivial Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3310)
-
Rich Salz authored
Also converted most of ssltestlib but left the packet_dump output as-is (for now). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3257)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3321)
-
Tatsuhiro Tsujikawa authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3244)
-
Tatsuhiro Tsujikawa authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3244)
-
Tatsuhiro Tsujikawa authored
Previously, init and finalization function for extensions are called per extension block, rather than per message. This commit changes that behaviour, and now they are called per message. The parse function is still called per extension block. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3244)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3008)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3008)
-
Matt Caswell authored
Based on feedback received. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3008)
-
Matt Caswell authored
Because NST messages arrive post-handshake, the session may have already gone into the cache. Once in the cache a session must be immutable - otherwise you could get multi-thread issues. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3008)
-
Matt Caswell authored
Add documentation for SSL_SESSION_is_resumable(). Also describe the interaction of the various session functions and TLSv1.3 post-handshake sessions. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3008)
-
Matt Caswell authored
Provide a way to test whether the SSL_SESSION object can be used to resume a sesion or not. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3008)
-
Matt Caswell authored
TLSv1.3 will do the same thing as TLSv1.2 with tickets with regards to session ids, i.e. it will create a synthetic session id when the session is established, so it is reasonable to check the session id length, even in TLSv1.3. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3008)
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3274)
-
Rich Salz authored
Updated due to test framework changes Updates after code review Missed some checks Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3269)
-