- Sep 08, 2014
-
-
Rich Salz authored
The function returns 0 or 1, only. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit b0e659cf)
-
Alon Bar-Lev authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 8842987e)
-
- Sep 07, 2014
-
-
Viktor Dkhovni authored
Regexp was bracketed wrong. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 5a8addc4)
-
- Sep 05, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit b2774f6e)
-
Adam Langley authored
Fix a bug in handling of 128 byte long PSK identity in psk_client_callback. OpenSSL supports PSK identities of up to (and including) 128 bytes in length. PSK identity is obtained via the psk_client_callback, implementors of which are expected to provide a NULL-terminated identity. However, the callback is invoked with only 128 bytes of storage thus making it impossible to return a 128 byte long identity and the required additional NULL byte. This CL fixes the issue by passing in a 129 byte long buffer into the psk_client_callback. As a safety precaution, this CL also zeroes out the buffer before passing it into the callback, uses strnlen for obtaining the length of the identity returned by the callback, and aborts the handshake if the identity (without the NULL terminator) is longer than 128 bytes. (Original patch amended to achieve strnlen in a different way.) Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit be0d8517)
-
- Sep 04, 2014
-
-
Adam Langley authored
(cherry picked from commit 2b0180c3 ) Reviewed-by: Ben Laurie <ben@openssl.org>
-
- Sep 03, 2014
-
-
Richard Levitte authored
string returns 0 with errno = ENOENT. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 360928b7)
-
Phil Mesnier authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 6a14fe75)
-
Clang via Jeffrey Walton authored
Can't really happen, but the flow of control isn't obvious. Add an initializer. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 0ff3687e)
-
- Sep 02, 2014
-
-
Emilia Kasper authored
"inline" without static is not correct as the compiler may choose to ignore it and will then either emit an external definition, or expect one. Reviewed-by: Geoff Thorpe <geoff@openssl.org> (cherry picked from commit 86f50b36)
-
- Sep 01, 2014
-
-
Adam Williamson authored
RT842, closed back in 2004, changed the default serial number to be a random number rather than zero. Finally time to update the doc Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 3aba132d)
-
- Aug 31, 2014
-
-
Richard Levitte authored
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
-
TANABE Hiroyasu authored
Add .crt/.cer/.crl to the filenames parsed. I also updated the podpage (since it didn't exist when this ticket was first created, nor when it was re-created seven years later). Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 80ec8d4e)
-
- Aug 30, 2014
-
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 4d86e8df)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit b59f92e7)
-
Rich Salz authored
Andy pointed out there is also darwin64, so tweak the pattern. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 457f7b14)
-
Rich Salz authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 9d6253cf)
-
Rich Salz authored
Re-order algorithm list. Be consistent in command synopsis. Add content about signing. Add EXAMPLE section Add some missing options: -r, -fips-fingerprint -non-fips-allow Various other fixes. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
James Westby authored
Add the file written by James Westby, graciously contributed under the terms of the OpenSSL license. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit cf2239b3)
-
- Aug 29, 2014
-
-
Rich Salz authored
The doc says that port can be "*" to mean any port. That's wrong. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 07e3b31f)
-
Jim Reid authored
Add Darwin to list of case-insensitive filenames when installing manapges. When doing this, I noticed that we weren't setting "filecase" for the HTML doc install. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 82d9185a)
-
- Aug 28, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Fix comments in ssltest.c: return value of 0 now means extension is omitted and add_cb is not called for servers if the corresponding extension is absent in ClientHello. Test add_cb is not called if extension is not received. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit f47e2039)
-
Dr. Stephen Henson authored
Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit f3f56c2a)
-
Dr. Stephen Henson authored
Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 0cfefe4b)
-
Dr. Stephen Henson authored
Instead of SSL_CTX_set_custom_cli_ext and SSL_CTX_set_custom_srv_ext use SSL_CTX_add_client_custom_ext and SSL_CTX_add_server_custom_ext. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 8cafe9e8)
-
Dr. Stephen Henson authored
Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit c846a5f5)
-
Dr. Stephen Henson authored
Support separate parse and add callback arguments. Add new callback so an application can free extension data. Change return value for send functions so < 0 is an error 0 omits extension and > 0 includes it. This is more consistent with the behaviour of other functions in OpenSSL. Modify parse_cb handling so <= 0 is an error. Make SSL_CTX_set_custom_cli_ext and SSL_CTX_set_custom_cli_ext argument order consistent. NOTE: these changes WILL break existing code. Remove (now inaccurate) in line documentation. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 33f653ad)
-
Dr. Stephen Henson authored
Use "parse" and "add" for function and callback names instead of "first" and "second". Change arguments to callback so the extension type is unsigned int and the buffer length is size_t. Note: this *will* break existing code. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit de2a9e38)
-
Dr. Stephen Henson authored
Since sanity checks are performed for all custom extensions the serverinfo checks are no longer needed. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 707b026d) Conflicts: ssl/ssl3.h ssl/t1_lib.c
-
Dr. Stephen Henson authored
Reject attempts to use extensions handled internally. Add flags to each extension structure to indicate if an extension has been sent or received. Enforce RFC5246 compliance by rejecting duplicate extensions and unsolicited extensions and only send a server extension if we have sent the corresponding client extension. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 28ea0a0c)
-
Dr. Stephen Henson authored
Use the same structure for client and server custom extensions. Add utility functions in new file t1_ext.c. Use new utility functions to handle custom server and client extensions and remove a lot of code duplication. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit ecf4d660) Conflicts: ssl/ssl_lib.c ssl/ssl_locl.h ssl/t1_lib.c
-
Dr. Stephen Henson authored
Move custom extension structures from SSL_CTX to CERT structure. This change means the form can be revised in future without binary compatibility issues. Also since CERT is part of SSL structures so per-SSL custom extensions could be supported in future as well as per SSL_CTX. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit b83294fe) Conflicts: ssl/ssl.h ssl/ssl_cert.c ssl/ssl_locl.h
-
Emilia Kasper authored
Pull constant-time methods out to a separate header, add tests. Reviewed-by: Bodo Moeller <bodo@openssl.org> (cherry picked from commit 5a3d21c0) Conflicts: ssl/s3_cbc.c test/Makefile
-
Raphael Spreitzer authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit f9fb43e1)
-
Rich Salz authored
Add the wrapper to all public header files (Configure generates one). Don't bother for those that are just lists of #define's that do renaming. Reviewed-by: Tim Hudson <tjh@openssl.org> Cherry-pick of commit 17e80c6b
-
- Aug 27, 2014
-
-
Emilia Kasper authored
The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer when the buffer length is 0. Change this to verify explicitly that the ASN.1 string has positive length. Reviewed-by: Dr Stephen Henson <steve@openssl.org> (cherry picked from commit 82dc08de54ce443c2a9ac478faffe79e76157795)
-
Matt Caswell authored
When d2i_ECPrivateKey reads a private key with a missing (optional) public key, generate one automatically from the group and private key. Reviewed-by: Dr Stephen Henson <steve@openssl.org> (cherry picked from commit ed383f847156940e93f256fed78599873a4a9b28)
-
Adam Langley authored
This change saves several EC routines from crashing when an EC_KEY is missing a public key. The public key is optional in the EC private key format and, without this patch, running the following through `openssl ec` causes a crash: -----BEGIN EC PRIVATE KEY----- MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH -----END EC PRIVATE KEY----- Reviewed-by: Dr Stephen Henson <steve@openssl.org> (cherry picked from commit b391570bdeb386d4fd325917c248d593d3c43930)
-
Mihai Militaru authored
I also removed some trailing whitespace and cleaned up the "see also" list. Reviewed-by: Emilia Kasper <emilia@openssl.org> (cherry picked from commit 7b3e11c5)
-