- 02 May, 2017 4 commits
-
-
Rich Salz authored
The old/deprecated servername callback should refer back to the new/preferred early callback mechanism, as well as indicate that it is superseded by the early callback. The early callback should also mention the API for turning the raw cipherlist octets from the client into usable data structures. Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3338)
-
Rich Salz authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3256)
-
Todd Short authored
Add padding callback for application control Standard block_size callback Documentation and tests included Configuration file/s_client/s_srver option Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
Todd Short authored
ASN1_GENERALIZEDTIME and ASN1_UTCTIME may be specified using offsets, even though that's not supported within certificates. To convert the offset time back to GMT, the offsets are supposed to be subtracted, not added. e.g. 1759-0500 == 2359+0100 == 2259Z. Reviewed-by:
-
- 01 May, 2017 4 commits
-
-
Rich Salz authored
It occurs when memory compares are made that are larger than the on stack temporary buffers (either malloced or supplied). Rework the test test so it doesn't use a macro with a branch. Reviewed-by:
-
Benjamin Kaduk authored
Since the clang_devteam_warnings are appended to the gcc_devteam_warnings when strict-warnings are requested, any items present in both the gcc and clang variables will be duplicated in the cflags used for clang builds. Remove the extra copy from the clang-specific flags in favor of the gcc_devteam_warnings that are used for all strict-warnings builds. Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
-
Benjamin Kaduk authored
gcc's -Wextra pulls in -Wold-style-declaration, which triggers when a declaration has a storage-class specifier as a non-initial qualifier. The ISO C formal grammar requires the storage-class to be the first component of the declaration, if present. Seeint as the register storage-class specifier does not really have any effect anymore with modern compilers, remove it entirely while we're here, instead of fixing up the order. Interestingly, the gcc devteam warnings do not pull in -Wextra, though the clang ones do. [extended tests] Reviewed-by:
-
Benjamin Kaduk authored
clang already has it; let's flip the switch and deal with the fallout. Exclude -Wunused-parameter, as we have many places where we keep unused parameters to conform to a uniform vtable-like interface. Also exclude -Wmissing-field-initializers; it's okay to rely on the standard-mandated behavior of filling out with 0/NULL. Reviewed-by:
-
- 30 Apr, 2017 2 commits
-
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
"Next" refers to negative minimum "next" to one presentable by given number of bytes. For example, -128 is negative minimum presentable by one byte, and -256 is "next" one. Thanks to Kazuki Yamaguchi for report, GH#3339 Reviewed-by:
-
- 28 Apr, 2017 15 commits
-
-
Rich Salz authored
Bug found and fix suggested by Julian Rüth. Push error if fflush fails Reviewed-by:
-
Richard Levitte authored
It was released a couple of days after our latest update [extended tests] Reviewed-by:
-
Rich Salz authored
Also add a comment describing the file format. Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Also added a internal error printing callback to be used both with ERR_print_errors_cb() and with CRYPTO_mem_leaks_cb Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
These functions aren't meant to be used directly by the test programs, reflect that by making the declarations a little harder to reach, but still available enough if there's a need to override them. Reviewed-by:
-
FdaSilvaYY authored
Remove hardcoded bound checkings. Reviewed-by:
-
FdaSilvaYY authored
Reviewed-by:
-
FdaSilvaYY authored
Reviewed-by:
-
Todd Short authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Richard Levitte authored
When you want to debug a test that goes wrong, it's useful to know exactly what subprocess commands are run. Reviewed-by:
-
- 27 Apr, 2017 5 commits
-
-
Rich Salz authored
Reviewed-by:
-
Andy Polyakov authored
Approach was opportunistic in Windows context from its inception and on top of that it was proven to be error-prone at link stage. Correct answer is to introduce library-specific time function that we can control in platform-neutral manner. Meanwhile we just let be attempts to override time on Windows. Reviewed-by:
-
Matt Caswell authored
Enforcement of an SNI extension in the initial ClientHello is becoming increasingly common (e.g. see GitHub issue #2580). This commit changes s_client so that it adds SNI be default, unless explicitly told not to via the new "-noservername" option. Reviewed-by:
-
Bernd Edlinger authored
Fixes #3063. Reviewed-by:
-
Bernd Edlinger authored
It is not necessary to remove leading zeros here because RSA_padding_check_PKCS1_OAEP_mgf1 appends them again. As this was not done in constant time, this might have leaked timing information. Reviewed-by:
-
- 26 Apr, 2017 10 commits
-
-
Rich Salz authored
Showed up on GCC with strict warnings. Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
Graham Edgecombe authored
This fixes a segfault if a NULL parse_cb is passed to SSL_CTX_add_{client,server}_custom_ext, which was supported in the pre-1.1.1 implementation. This behaviour is consistent with the other custom_ext_*_old_cb_wrap functions, and with the new SSL_CTX_add_custom_ext function. CLA: trivial Reviewed-by: -
Rich Salz authored
Also converted most of ssltestlib but left the packet_dump output as-is (for now). Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Tatsuhiro Tsujikawa authored
Reviewed-by:
-
Tatsuhiro Tsujikawa authored
Reviewed-by:
-
Tatsuhiro Tsujikawa authored
Previously, init and finalization function for extensions are called per extension block, rather than per message. This commit changes that behaviour, and now they are called per message. The parse function is still called per extension block. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
