- Nov 27, 2015
-
-
Dr. Stephen Henson authored
Change handshake hash array into a single digest context simplifying the handhake hash code. Use EVP_md5_sha1() if needed for handshake hashes in TLS 1.1 and earlier. Simplify PRF code to also use a single digest and treat EVP_md5_sha1() as a special case. Modify algorithm2 field of ciphers to use a single index value for handshake hash and PRF instead of a bitmap. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Various updates following feedback from the recent commit of the new GOST2012 code. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Nov 26, 2015
-
-
Dr. Stephen Henson authored
Now that X509_VERIFY_PARAM is opaque X509_VERIFY_PARAM_ID is no longer needed. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
The SRP_create_verifier_BN function goes to the |err| label if the |salt| value passed to it is NULL. It is then deref'd. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Following on from the previous commit this adds some documentation for the BN_with_flags function which is easy to misuse. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
The function rsa_ossl_mod_exp uses the function BN_with_flags to create a temporary copy (local_r1) of a BIGNUM (r1) with modified flags. This temporary copy shares some state with the original r1. If the state of r1 gets updated then local_r1's state will be stale. This was occurring in the function so that when local_r1 was freed a call to bn_check_top was made which failed an assert due to the stale state. To resolve this we must free local_r1 immediately after we have finished using it and not wait until the end of the function. This problem prompted a review of all BN_with_flag usage within the codebase. All other usage appears to be correct, although often not obviously so. This commit refactors things to make it much clearer for these other uses. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Nov 25, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Nov 24, 2015
-
-
Andy Polyakov authored
Triggered by RT#4144. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Alessandro Ghedini authored
Follow-up to 070c2332 . Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@akamai.com> GH: #454
-
Finn Hakansson authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #484
-
Marcus Meissner authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@akamai.com> GH: #466
-
Quanah Gibson-Mount authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@akamai.com> GH: #481
-
Pascal Cuoq authored
If somewhere in SSL_new() there is a memory allocation failure, ssl3_free() can get called with s->s3 still being NULL. Patch also provided by Willy Tarreau <wtarreau@haproxy.com> Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
-
Dr. Stephen Henson authored
Add SSLv3 ctrl to EVP_sha1() this is only needed if SSLv3 client authentication is used with DSA/ECDSA. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Add a ctrl to EVP_md5_sha1() to handle the additional operations needed to handle SSL v3 client authentication and finished message. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Add digest combining MD5 and SHA1. This is used by RSA signatures for TLS 1.1 and earlier. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Thanks to Guido Vranken <guidovranken@gmail.com> for reporting this issue. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
perlrun(1) leads the way. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Jacob Bandes-Storch authored
Encourages GitHub to perform proper syntax highlighting. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Nov 23, 2015
-
-
Rich Salz authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Rich Salz authored
And a scalar !x --> x==0 test Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Dmitry Belyavsky authored
This patch contains the necessary changes to provide GOST 2012 ciphersuites in TLS. It requires the use of an external GOST 2012 engine. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
RT#4142 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
RT#4138 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
RT #4144 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- Nov 22, 2015
-
-
Matt Caswell authored
During rebasing of the async changes some error codes ended up being duplicated so that "make errors" fails. This removes the duplication. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
-
Viktor Dukhovni authored
In the async code for MacOS/X define _XOPEN_SOURCE (if not already defined) as early as possible. We must do this before including any header files, because on MacOS/X <stlib.h> includes <signal.h> which includes <ucontext.h>. If we delay defining _XOPEN_SOURCE and include <ucontext.h> after various system headers are included, we are very likely to end up with the wrong (truncated) definition of ucontext_t. Also, better error handling and some code cleanup in POSIX fibre construction and destruction. We make sure that async_fibre_makecontext() always initializes the fibre to a state that can be freed. For all implementations, check for error returns from async_fibre_makecontext(). Reviewed-by: Matt Caswell <matt@openssl.org>
-
Kurt Roeckx authored
Strict ISO confirming C compilers only define __sun Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org> RT #4144, MR #1353
-
Kurt Roeckx authored
Reviewed-by: Matt Caswell <matt@openssl.org> MR #1350
-
- Nov 21, 2015
-
-
Alessandro Ghedini authored
Original patch by Frank Morgner. Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@akamai.com> GH: #456
-
Rich Salz authored
For all functions, consistently use asdf() not B<asdf()> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Michal Bozon authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@akamai.com> GH: #458
-