- Jun 13, 2016
-
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
VMS C doesn't allow symbols longer than 31 characters. We do the automatic shortening with the library files, but not otherwise (to make sure to work the VMS C magic). For consistency, I shortened other similar symbols in the same manner. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Peter Mosmans authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Rich Salz authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
TJ Saunders authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1193)
-
TJ Saunders authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1193)
-
TJ Saunders authored
per review comments. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1193)
-
TJ Saunders authored
SSH2 implementations which use DSA_do_verify() and ECDSA_do_verify() are given the R and S values, and the data to be signed, by the client. Thus in order to validate these signatures, SSH2 implementations will digest and sign the data -- and then pass in properly provisioned DSA_SIG and ECDSA_SIG objects. Unfortunately, the existing OpenSSL-1.1.0 APIs do not allow for directly setting those R and S values in these objects, which makes using OpenSSL for such SSH2 implementations much more difficult. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1193)
-
Matt Caswell authored
Some misc return value checks Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Update the SSL_set_session() documentation to reflect the fact that old bad sessions are removed from the cache if necessary. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
This commit adds some session API tests, and in particular tests the modified behaviour of SSL_set_session() introduced in the last commit. To do this I have factored out some common code from the asynciotest into a new ssltestlib.c file. I've also renamed getsettest to sslapitest as this more closely matches what it now is! Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
SSL_clear() and SSL_free() will remove a session from the cache if it is considered "bad". However SSL_set_session() does not do this for the session it is replacing. SSL_clear() clears an SSL object ready for reuse. It does not clear the session though. This means that: SSL_clear(s) SSL_set_session(s, sess); and SSL_set_session(s, sess); SSL_clear(s); do not do the same thing, although logically you would expect that they would. The failure of SSL_set_session() to remove bad sessions from the cache should be considered a bug, so this commit fixes it. RT#597 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
The SNI tests introduced a redundant "server2" section into every test configuration. Copy this automatically from "server" unless testing SNI, to reduce noise in the generated confs. Also remove duplicate SSL_TEST_CTX_create (merge conflict error). Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Some Linux platforms have a suitably recent kernel to support AFALG, but apparently you still can't actually create an afalg socket. This extends the afalg_chk_platform() function to additionally check whether we can create an AFALG socket. We also amend the afalgtest to not report a failure to load the engine as a test failure. A failure to load is almost certainly due to platform environmental issues, and not an OpenSSL problem. RT 4434 Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
- Only send SNI in SNI tests. This allows us to test handshakes without the SNI extension as well. - Move all handshake-specific machinery to handshake_helper.c - Use enum types to represent the enum everywhere (Resorting to plain ints can end in sign mismatch when the enum is represented by an unsigned type.) Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
This is really a security bugfix, not enhancement any more. Everyone knows critical extensions. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jun 12, 2016
-
-
Dr. Stephen Henson authored
Don't use BN_hex2bn() for PSK key conversion as the conversion to BN and back removes leading zeroes, use OPENSSL_hexstr2buf() instead. RT#4554 Reviewed-by: Matt Caswell <matt@openssl.org>
-
John Denker authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Rich Salz authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Phillip Hellewell authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Jun 11, 2016
-
-
TJ Saunders authored
it looks like these names have shifted a little over time. Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1203)
-
Kurt Roeckx authored
Found by tis-interpreter Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1179
-
Kurt Roeckx authored
Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1174
-
Kurt Roeckx authored
Found by tis-interpreter Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1173
-
Kurt Roeckx authored
Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1172
-
Kurt Roeckx authored
Found by tis-interpreter Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1166
-
Kurt Roeckx authored
Found by tis-interpreter Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1164
-
- Jun 10, 2016
-
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
The TS_RESP_verify_response() function is used for verifying the response from a TSA. You can set the provided TS_VERIFY_CTX with different flags depending on what aspects of the response you wish to verify. A seg fault will occur if you supply the TS_VFY_SIGNER or TS_VFY_TSA_NAME flags without also specifying TS_VFY_SIGNATURE. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Most of the no-dtls* builds were failing due to one test which had an incorrect "skip" condition. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
Add some information about the location of the default directory and the default file. RT#1051 Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Rich Salz authored
If a user specifies -unix, -6, etc., then the program tries to use the last one specified. This is confusing code and leads to scripting errors. Instead, allow only one type. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Ben Laurie authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Ben Laurie authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-