- Nov 14, 2015
-
-
Dr. Stephen Henson authored
This disables some ciphersuites which aren't supported in SSL v3: specifically PSK ciphersuites which use SHA256 or SHA384 for the MAC. Thanks to the Open Crypto Audit Project for identifying this issue. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 13, 2015
-
-
Nathan Phillip Brink authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Graeme Perrow authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Signed-off-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 11, 2015
-
-
Andy Polyakov authored
Triggered by RT#3989. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 10, 2015
-
-
Matt Caswell authored
The new function SSL_use_certificate_chain_file was always crashing in the internal function use_certificate_chain_file because it would pass a NULL value for SSL_CTX *, but use_certificate_chain_file would unconditionally try to dereference it. Reviewed-by: Stephen Henson <steve@openssl.org>
-
- Nov 09, 2015
-
-
Matt Caswell authored
The function tls1_get_curvelist() has an explicit check to see if s->cert is NULL or not. However the check appears *after* calling the tls1_suiteb macro which derefs s->cert. In reality s->cert can never be NULL because it is created in SSL_new(). If the malloc fails then the SSL_new call fails and no SSL object is created. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
Continuing from previous work standardise use of malloc in the engine code. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Matt Caswell authored
continue on from previous commits but in the apps directory Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Matt Caswell authored
Continuing from previous commit ensure our style is consistent for malloc return checks. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Matt Caswell authored
if we have a malloc |x = OPENSSL_malloc(...)| sometimes we check |x| for NULL and sometimes we treat it as a boolean |if(!x) ...|. Standardise the approach in libssl. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Matt Caswell authored
The SSL object was being deref'd and then there was a later redundant check to see if it is NULL. We assume all SSL_foo functions pass a non NULL SSL object and do not check it. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
./Configure [target] --strict-warnings -Wno-pedantic-ms-format would not add '-pedantic' because it matches '-Wno-pedantic-ms-format', which was added first. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 08, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Nov 06, 2015
-
-
Matt Caswell authored
The SCTP code is not compiled by default. This fixes some compilation problems in that code. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
We were setting |s->renegotiate| and |s->new_session| to 0 twice in tls_finish_handshake. This is redundant so now we just do it once! Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Matt Caswell authored
We finish the handshake when we move into the TLS_ST_OK state. At various points we were also unnecessarily finishing it when we were reading/writing the Finished message. It's much simpler just to do it in TLS_ST_OK, so remove the other calls. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- Nov 05, 2015
-
-
Dr. Stephen Henson authored
Rebuild error source files: the new mkerr.pl functionality will now pick up and translate static function names properly. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
In mkerr.pl read parse functions names in C source files and use them for translation and sanity checks. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
The various dtls1_get*_methods did not handle the DTLS_ANY_VERSION case, so this needed to be added. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Nov 04, 2015
-
-
Matt Caswell authored
EVP_SignInit_ex was missing from the NAME section of its man page so typing "man EVP_SignInit_ex" failed to load the page. Reviewed-by: Stephen Henson <steve@openssl.org>
-
- Nov 02, 2015
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
The actual implementation has the state of the connection being controlled with the peer parameter, non-NULL meaning connected and NULL meaning connected. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
No dummy arguments. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
BIO_int_ctrl isn't made for the purpose BIO_get_conn_int_port used it for. This also changes BIO_C_GET_CONNECT to actually return the port instead of assigning it to a pointer that was never returned back to the caller. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
Clarify that git format-patch output is preferred for creating patch files. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
A buggy application that call SSL_write with a different length after a NBIO event could cause an OPENSSL_assert to be reached. The assert is not actually necessary because there was an explicit check a little further down that would catch this scenario. Therefore remove the assert an move the check a little higher up. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
An OPENSSL_assert was being used which could fail (e.g. on a malloc failure). Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
This OPENSSL_assert in (d)tls1_hearbeat is trivially always going to be true because it is testing the sum of values that have been set as constants just a few lines above and nothing has changed them. Therefore remove this. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Soheil Rashidi authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Nov 01, 2015
-
-
Rich Salz authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Rich Salz authored
Close GH Issue 69 Close GH PR 457 Some other updates By Rich Salz, Alessandro Ghedini, Steve Marquess, Collin Anderson Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-