- Nov 27, 2014
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
PR#1767 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
PR#3613 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
André Guerreiro authored
PR#3612 Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Guenter authored
Workaround for NetWare CodeWarrior compiler which doesn't properly lookup includes when in same directory as the C file which includes it. PR#3569 Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Minor changes made by Matt Caswell Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Minor changes made by Matt Caswell. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Minor changes made by Matt Caswell. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Nov 26, 2014
-
-
Matt Caswell authored
PR#3608 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Nov 25, 2014
-
-
Matt Caswell authored
PR#3574 Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Nov 20, 2014
-
-
Dr. Stephen Henson authored
When using the -xcert option to test certificate validity print out if we pass Suite B compliance. We print out "not tested" if we aren't in Suite B mode. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Annie Yousar authored
In keygen, return KEY_SIZE_TOO_SMALL not INVALID_KEYBITS. ** I also increased the minimum from 256 to 512, which is now documented in CHANGES file. ** Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rich Salz authored
Fix CONF_load_modules to CONF_modules_load. Document that it calls exit. Advise against using it now. Add an error print to stderr. Reviewed-by: Matt Caswell <matt@openssl.org>
-
David Benjamin authored
the session's version (server). See also BoringSSL's commit bdf5e72f50e25f0e45e825c156168766d8442dde. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
ECDH_compute_key is silently ignored and the KDF is run on duff data Thanks to github user tomykaira for the suggested fix. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
once the ChangeCipherSpec message is received. Previously, the server would set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED. This would allow a second CCS to arrive and would corrupt the server state. (Because the first CCS would latch the correct keys and subsequent CCS messages would have to be encrypted, a MitM attacker cannot exploit this, though.) Thanks to Joeri de Ruiter for reporting this issue. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
The server must send a NewSessionTicket message if it advertised one in the ServerHello, so make a missing ticket message an alert in the client. An equivalent change was independently made in BoringSSL, see commit 6444287806d801b9a45baf1f6f02a0e3a16e144c. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
The client sends a session ID with the session ticket, and uses the returned ID to detect resumption, so we do not need to peek at handshake messages: s->hit tells us explicitly if we're resuming. An equivalent change was independently made in BoringSSL, see commit 407886f589cf2dbaed82db0a44173036c3bc3317. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
The same change was independently made in BoringSSL, see commit 9eaeef81fa2d4fd6246dc02b6203fa936a5eaf67 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
This ensures that it's zeroed even if the SSL object is reused (as in ssltest.c). It also ensures that it applies to DTLS, too. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 19, 2014
-
-
Matt Caswell authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Dr. Stephen Henson authored
If no keyfile has been specified use the certificate file instead. Fix typo: we need to check the chain is not NULL, not the chain file. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 786370b1)
-
Dr. Stephen Henson authored
When no-ssl3 is set only make SSLv3 disabled by default. Retain -ssl3 options for s_client/s_server/ssltest. When no-ssl3-method is set SSLv3_*method() is removed and all -ssl3 options. We should document this somewhere, e.g. wiki, FAQ or manual page. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Dr. Stephen Henson authored
Don't send or parse any extensions other than RI (which is needed to handle secure renegotation) for SSLv3. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
The supported signature algorithms extension needs to be processed before the certificate to use is decided and before a cipher is selected (as the set of shared signature algorithms supported may impact the choice). Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 56e8dc542bd693b2dccea8828b3d8e5fc6932d0c) Conflicts: ssl/ssl.h ssl/ssl_err.c
-
- Nov 18, 2014
-
-
Matt Caswell authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Nov 17, 2014
-
-
Jan Hykel authored
Don't attempt to access msg structure if recvmsg returns an error. PR#3483 Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Nov 16, 2014
-
-
Mike Bland authored
Change-Id: I626d751f19f24df6b967c17498d6189cc0acb96c Signed-off-by: Mike Bland <mbland@acm.org> Signed-off-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Mike Bland authored
This is the only Makefile without SRC defined. This change enables a standard Makefile include directive to cover crypto/jpake/*.d files. This was automatically applied by AddSrcVarIfNeeded() in: https://code.google.com/p/mike-bland/source/browse/openssl/update_makefiles.py Change-Id: I030204a1bc873b5de5b06c8ddc0b94bb224c6650 Signed-off-by: Mike Bland <mbland@acm.org> Signed-off-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Mike Bland authored
These correspond to targets of the same name in test/Makefile that clash when using the single-makefile build method using GitConfigure and GitMake. Change-Id: If7e900c75f4341b446608b6916a3d76f202026ea Signed-off-by: Mike Bland <mbland@acm.org> Signed-off-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Mike Bland authored
Before this change, variables for which a '=' appeared in the assignment would be parsed as the entire string up until the final '='. For example: BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ would result in the variable name "BUILD_CMD=shlib_target". This doesn't appear to harm the current generation of MINFO, but creates problems for other Makefile-related work I'm attempting. Change-Id: I1f3a606d67fd5464bb459e8f36c23b3e967b77e1 Signed-off-by: Mike Bland <mbland@acm.org> Signed-off-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-