- Jan 15, 2017
-
-
Dr. Stephen Henson authored
Reviewed-by:
Emilia Käsper <emilia@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2224)
-
- Jan 13, 2017
-
-
Rich Salz authored
Reviewed-by:
-
Richard Levitte authored
RUN_ONCE really just returns 0 on failure or whatever the init function returned. By convention, however, the init function must return 0 on failure and 1 on success. This needed to be clarified. Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2225)
-
Richard Levitte authored
The use of EXFLAG_SET requires the inclusion of openssl/x509v3.h. openssl/ocsp.h does that, except when OCSP is disabled. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
- Jan 12, 2017
-
-
Rich Salz authored
Also, if want SHA1 then use the pre-computed value if there. Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2223)
-
Rich Salz authored
Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
Rich Salz authored
Still needs to be documented, somehow/somewhere. The env var OPENSSL_MALLOC_FAILURES controls how often malloc/realloc should fail. It's a set of fields separated by semicolons. Each field is a count and optional percentage (separated by @) which defaults to 100. If count is zero then it lasts "forever." For example: 100;@25 means the first 100 allocations pass, then the rest have a 25% chance of failing until the program exits or crashes. If env var OPENSSL_MALLOC_FD parses as a positive integer, a record of all malloc "shouldfail" tests is written to that file descriptor. If a malloc will fail, and OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE is not set (platform specific), then a backtrace will be written to the descriptor when a malloc fails. This can be useful because a malloc may fail but not be checked, and problems will only occur later. Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2202)
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
- On VMS, apps/apps.c depends on apps/vms_term_sock.c, so add it to the build - On VMS, apps/*.c are compiled with default symbol settings, i.e. uppercased and truncated symbols, which differs from test programs. Make sure uitest.c knows that with a few pragmas. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Matt Caswell authored
One of the new tests uses a DH based ciphersuite. That test should be disabled if DH is disabled. Reviewed-by:
-
- Jan 11, 2017
-
-
Matt Caswell authored
A guard was in the wrong place in the header file. Reviewed-by:
-
Richard Levitte authored
It tests both the use of UI_METHOD (through the apps/apps.h API) and wrapping an older style PEM password callback in a UI_METHOD. Replace the earlier UI test with a run of this test program Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
- Jan 10, 2017
-
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
The length passed to tls1_set_sigalgs() is a multiple of two and there are two char entries in the list for each sigalg. When we set client_sigalgslen or conf_sigalgslen this is the number of ints in the list where there is one entry per sigalg (i.e. half the length of the list passed to the function). Reviewed-by:
-
Matt Caswell authored
The SHA1 sigalgs were inadvertently missed off in the sigalgs refactor. Reviewed-by:
-
Matt Caswell authored
The siglen value needs to be initialised prior to it being read in the call to EVP_DigestSignFinal later in this function. Reviewed-by:
-
Matt Caswell authored
Declare a variable as static to silence the warning Reviewed-by:
-
Matt Caswell authored
Check that signatures actually work, and that an incorrect signature results in a handshake failure. Reviewed-by:
-
Matt Caswell authored
This enables us to make changes to in-flight TLSv1.3 messages that appear after the ServerHello. Reviewed-by:
-
Matt Caswell authored
Previously SKE in TLSProxy only knew about one anonymous ciphersuite so there was never a signature. Extend that to include a ciphersuite that is not anonymous. This also fixes a bug where the existing SKE processing was checking against the wrong anon ciphersuite value. This has a knock on impact on the sslskewith0p test. The bug meant the test was working...but entirely by accident! Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
TLSv1.3 introduces PSS based sigalgs. Offering these in a TLSv1.3 client implies that the client is prepared to accept these sigalgs even in TLSv1.2. Reviewed-by:
-
Matt Caswell authored
This also acts as a test for the bug fixed in the previous commit. Reviewed-by:
-
Matt Caswell authored
TLSv1.3 freezes the record layer version and ensures that it is always set to TLSv1.0. Some implementations check this. Reviewed-by:
-
