- May 26, 2017
-
-
Matt Caswell authored
Commit 9bfeeef8 made some function parameters const. This actually broke the pyca-cryptography tests. The discussion in #3360 considers this to actually be a problem with pyca-cryptography not an OpenSSL issue (they replicate some of our header file contents which then causes function prototype mismatches). This commit updates the pyca-cryptography version to pull in their fix for this issue and make our external tests pass again. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3569)
-
Todd Short authored
The check for SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is inconsistent. Most places check SSL->options, one place is checking SSL_CTX->options; fix that. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> GH: #3523
-
Rainer Jung authored
CLA: Trivial Fixes #3563. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3564)
-
Andy Polyakov authored
Recently introduced TEST_* macros print variables' symbolic names. In order to make error output more readable rename some variables. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3526)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3526)
-
- May 25, 2017
-
-
Kurt Roeckx authored
Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #3557
-
Matt Caswell authored
Commit bd990e25 changed our handling of alerts. Some of the BoringSSl tests were expecting specific errors to be created if bad alerts were sent. Those errors have now changed as a result of that commit, so the BoringSSL test config needs to be updated to match. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3549)
-
Matt Caswell authored
Fixes #3541 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3553)
-
Matt Caswell authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3546)
-
- May 24, 2017
-
-
David Woodhouse authored
Part of issue #3531 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3535)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3532)
-
- May 23, 2017
-
-
Rich Salz authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3506)
-
Rich Salz authored
Re-order and comment on the functions Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3506)
-
Rich Salz authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3529)
-
Rich Salz authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3528)
-
Dr. Stephen Henson authored
SSLv3 (specifically with client auth) cannot use one shot APIs: the digested data and the master secret are handled in separate update operations. So in the special case of SSLv3 use the streaming API. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3527)
-
Paul Yang authored
In the example section. CLA: trivial Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3520)
-
- May 22, 2017
-
-
Rich Salz authored
This reverts commit e2580e70 . Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Updates https://github.com/openssl/openssl/pull/3268)
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3496)
-
Matt Caswell authored
Provides consistent output and approach. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3496)
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3496)
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3496)
-
Matt Caswell authored
If we have an assert then in a debug build we want an abort() to occur. In a production build we want the function to return an error. This introduces a new macro to assist with that. The idea is to replace existing use of OPENSSL_assert() with this new macro. The problem with OPENSSL_assert() is that it aborts() on an assertion failure in both debug and production builds. It should never be a library's decision to abort a process (we don't get to decide when to kill the life support machine or the nuclear reactor control system). Additionally if an attacker can cause a reachable assert to be hit then this can be a source of DoS attacks e.g. see CVE-2017-3733, CVE-2015-0293, CVE-2011-4577 and CVE-2002-1568. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3496)
-
Pauli authored
Don't highlight excess when comparing unequal length strings. Clean up the NULL / empty string display. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3514)
-
Pauli authored
Excess bytes, when one block is longer than the other, are not explicitly highlighted. The NULL / zero length block output has been cleaned up. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3515)
-
Alex Gaynor authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3149)
-
Alex Gaynor authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3149)
-
Alex Gaynor authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3149)
-
Alex Gaynor authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3149)
-
Alex Gaynor authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3149)
-
Alex Gaynor authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3149)
-
Alex Gaynor authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3149)
-
Pauli authored
Modify one of the integration builds so that that the OPENSSL_SMALL_MEMORY option is compiled. There doesn't appear to be an automatic build with this option set. I think the options in the modified build are covered elsewhere (without the small memory) but a new job might still be preferable. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3268)
-
Todd Short authored
Fix the small arena test to just check for the symptom of the infinite loop (i.e. initialized set on failure), rather than the actual infinite loop. This avoids some valgrind errors. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3512)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Diego Santa Cruz authored
The password_callback() function does not necessarily NULL terminate the password buffer, the caller must use the returned length but the srp app uses this function as if it was doing NULL termination. This made the -passin and -passout options of "openssl srp" fail inexpicably and randomly or even crash. Fixed by enlarging the buffer by one, so that the maximum password length remains unchanged, and adding NULL termination upon return. [Rearrange code for coding style compliance in process.] Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3475)
-
- May 21, 2017
-
-
Rich Salz authored
update pkcs12, smime, ts apps. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3507)
-
Andy Polyakov authored
Switch to TAP::Harness inadvertently masked test failures. Test::Harness::runtests was terminating with non-zero exit code in case of failure[s], while TAP::Harness apparently holds caller responsible for doing so. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3502)
-