- Feb 23, 2017
-
-
Benjamin Kaduk authored
Just as we have a table of ssl3_ciphers, add a table of ssl3_scsvs, to contain SSL_CIPHER objects for these non-valid ciphers. This will allow for unified handling of such indicators, especially as we are preparing to pass them around between functions. Since the 'valid' field is not set for the SCSVs, they should not be used for anything requiring a cryptographic cipher (as opposed to something being stuck in a cipher-shaped hole in the TLS wire protocol). Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2279)
-
Benjamin Kaduk authored
We'll be adding a field of this type to struct ssl_st in a subsequent commit, and need the type definition to be in scope already. Also move up the RAW_EXTENSION definition that it depends on. Reviewed-by:
-
Benjamin Kaduk authored
Keep track of the length of the pre_proc_exts array. Reviewed-by:
-
Benjamin Kaduk authored
Modify the API of tls_collect_extensions() to be able to output the number of extensions that are known (i.e., the length of its 'res' output). This number can never be zero on a successful return due to the builtin extensions list, but use a separate output variable so as to not overload the return value semantics. Having this value easily available will give consumers a way to avoid repeating the calculation. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2727)
-
Richard Levitte authored
The library files are built with symbol names as is, while the application is built with the default uppercase-all-symbols mode. That's fine for public APIs, because we have __DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H automatically telling the compiler how to treat the public header files. However, we don't have the same setup for internal library APIs, since they are usually only used by the libraries. Because apps/rehash.c uses a library internal header file, we have to surround that inclusion with the same kind of pragmas found in __DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H, or we get unresolved symbols when building no-shared. Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2725)
-
Pauli authored
Reviewed-by:
-
Richard Levitte authored
The generation number is ';nnn' at the end of the file name fetched with readdir(). Because rehash checks for specific extensions and doesn't expect an additional generation number, the easiest is to massage the received file name early by simply removing the generation number. Reviewed-by:
-
- Feb 22, 2017
-
-
Richard Levitte authored
Also, don't exit with an error code Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Bernd Edlinger authored
There has never been any gcc option of that kind. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Rich Salz authored
Prevent that memory beyond the last element is accessed if every element of group->poly[] is non-zero Reviewed-by:
-
Richard Levitte authored
A spelling error prevented it from building correctly. Furthermore, we need to be more careful when to add a / at the end of the dirname and when not. Reviewed-by:
-
Richard Levitte authored
opendir(), readdir() and closedir() have been available on VMS since version 7.0. Reviewed-by:
-
Rob Percival authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
Reviewed-by:
-
Rob Percival authored
TODO(robpercival): Should actually test that the output certificate contains the poison extension. Reviewed-by:
-
Rob Percival authored
This makes it a little easier to create a pre-certificate. Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Richard Levitte authored
The condition wasn't quite right Reviewed-by:
-
- Feb 21, 2017
-
-
Bernd Edlinger authored
Reviewed-by:
-
Andy Polyakov authored
One of the reasons for why masm/ml64 is not [fully] supported is that it's problematic to support multiple versions. But latest one usually works and/or it's lesser problem to make it work. So idea here is to have a "whistle" when it breaks, so that problems can be evaluated as they emerge. It's kind of "best effort" thing, as opposite to "full support". Reviewed-by: -
Dmitry Belyavskiy authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Dmitry Belyavskiy authored
commands. Reviewed-by:
-
Rich Salz authored
Change size comparison from > (GT) to >= (GTE) to ensure an additional byte of output buffer, to prevent OOB reads/writes later in the function Reject input strings larger than 2GB Detect invalid output buffer size and return early Reviewed-by:
-
Kurt Roeckx authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Set default validity flags if signature algorithms extension is not present. Preserve flags when checking chains. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Hikar authored
CLA: trivial. Reviewed-by:
-
Pauli authored
The sh_add_to_list function will overwrite subsequent slots in the free list for small allocations. This causes a segmentation fault if the writes goes off the end of the secure memory. I've not investigated if this problem can overwrite memory without the segmentation fault, but it seems likely. This fix limits the minsize to the sizeof of the SH_LIST structure (which also has a side effect of properly aligning the pointers). The alternative would be to return an error if minsize is too small. Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
This implementation is written in endian agnostic C code. No attempt at providing machine specific assembly code has been made. This implementation expands the evptests by including the test cases from RFC 5794 and ARIA official site rather than providing an individual test case. Support for ARIA has been integrated into the command line applications, but not TLS. Implemented modes are CBC, CFB1, CFB8, CFB128, CTR, ECB and OFB128. Reviewed-by:
-
Dmitry Belyavskiy authored
It makes possible to print the certificate's DN correctly in case of verification errors. Reviewed-by:
-
Rich Salz authored
Prevent undefined behavior in CRYPTO_cbc128_encrypt: calling this function with the 'len' parameter being 0 would result in a memcpy where the source and destination parameters are the same, which is undefined behavior. Do same for AES_ige_encrypt. Reviewed-by:
-
