- Aug 01, 2016
-
-
FdaSilvaYY authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1342)
-
FdaSilvaYY authored
Fix an error message Reviewed-by:
-
FdaSilvaYY authored
Add some explanatory comments Discard some useless parenthesis. Reviewed-by:
-
FdaSilvaYY authored
Fix an #if check about rsa_count... Reviewed-by:
-
FdaSilvaYY authored
Simplify some loops to reuse k variable Reviewed-by:
-
FdaSilvaYY authored
Reviewed-by:
-
FdaSilvaYY authored
Reviewed-by:
-
FdaSilvaYY authored
Reviewed-by:
-
FdaSilvaYY authored
Fix compilation without SIGALRM. It don't link because of remaning alarm(0); call. Convert engine_id variable to local one Reviewed-by:
-
Richard Levitte authored
do_passwd() was returning 0 on success and 1 on failure. However, those values were interpreted the other way around. The fix that makes the most sense is to change what do_passwd() returns. Reviewed-by: -
Matt Caswell authored
The function i2b_PVK() was returning a bad pointer causing subsequent crashes. Reviewed-by: -
Matt Caswell authored
Some calls to RSA_get0_key had the parameters in the wrong order causing a failure. GitHub Issue #1368 Reviewed-by: -
Ben Laurie authored
Reviewed-by: -
Ben Laurie authored
Reviewed-by: -
Ben Laurie authored
Reviewed-by: -
Andy Polyakov authored
Windows never composes UTF-8 strings as result of user interaction such as input query. The only way to compose one is programmatic conversion from WCHAR string, which in turn can be picked up with ReadConsoleW. Reviewed-by: -
Andy Polyakov authored
Windows never composes UTF-8 strings as result of user interaction such as passing command-line argument. The only way to compose one is programmatic conversion from WCHAR string, which in turn can be picked up on command line. [For reference, why not wmain, it's not an option on MinGW.] Reviewed-by: -
Andy Polyakov authored
Reviewed-by:
-
- Jul 31, 2016
-
-
Andy Polyakov authored
RT#4138 Reviewed-by: -
Andy Polyakov authored
Reviewed-by:Stephen Henson <steve@openssl.org>
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
and add EVPerr(PARTIALLY_OVERLAPPED) Reviewed-by:
-
- Jul 30, 2016
-
-
Richard J. Moore authored
Reviewed-by:
-
Richard J. Moore authored
Reviewed-by:
-
Richard J. Moore authored
Reviewed-by:
-
Viktor Szakats authored
This update syncs the #if guard protecting the pvk-* options with the rest of the source handling those options. Also fix some nearby whitespace. Reviewed-by:
-
Matt Caswell authored
The MULTIBLOCK code uses a "jumbo" sized write buffer which it allocates and then frees later. Pipelining however introduced multiple pipelines. It keeps track of how many pipelines are initialised using numwpipes. Unfortunately the MULTIBLOCK code was not updating this when in deallocated its buffers, leading to a buffer being marked as initialised but set to NULL. RT#4618 Reviewed-by: -
Matt Caswell authored
Fix some bogus "may be used uninitialized" warnings on some compilers. Reviewed-by:
-
- Jul 29, 2016
-
-
Dr. Stephen Henson authored
Reviewed-by: -
Dr. Stephen Henson authored
Thanks to David Benjamin <davidben@google.com> for reporting this bug. Reviewed-by: -
Matt Caswell authored
Update the documentation for the newly renamed and modified SSL_set0_rbio() and SSL_set0_wbio() functions. State that they should be preferred over SSL_set_bio(). Attempt to document the ownership rules for SSL_set_bio(). Reviewed-by: -
Matt Caswell authored
SSL_set_rbio() and SSL_set_wbio() are new functions in 1.1.0 and really should be called SSL_set0_rbio() and SSL_set0_wbio(). The old implementation was not consistent with what "set0" means though as there were special cases around what happens if the rbio and wbio are the same. We were only ever taking one reference on the BIO, and checking everywhere whether the rbio and wbio are the same so as not to double free. A better approach is to rename the functions to SSL_set0_rbio() and SSL_set0_wbio(). If an existing BIO is present it is *always* freed regardless of whether the rbio and wbio are the same or not. It is therefore the callers responsibility to ensure that a reference is taken for *each* usage, i.e. one for the rbio and one for the wbio. The legacy function SSL_set_bio() takes both the rbio and wbio in one go and sets them both. We can wrap up the old behaviour in the implementation of that function, i.e. previously if the rbio and wbio are the same in the call to this function then the caller only needed to ensure one reference was passed. This behaviour is retained by internally upping the ref count. This commit was inspired by BoringSSL commit f715c423224. RT#4572 Reviewed-by: -
Matt Caswell authored
This adds some simple SSL BIO tests that check for pushing and popping of BIOs into the chain. These tests would have caught the bugs fixed in the previous three commits, if combined with a crypto-mdebug build. Reviewed-by: -
Matt Caswell authored
The BIO_pop implementation assumes that the rbio still equals the next BIO in the chain. While this would normally be the case, it is possible that it could have been changed directly by the application. It also does not properly cater for the scenario where the buffering BIO is still in place for the write BIO. Most of the existing BIO_pop code for SSL BIOs can be replaced by a single call to SSL_set_bio(). This is equivalent to the existing code but additionally handles the scenario where the rbio has been changed or the buffering BIO is still in place. Reviewed-by: -
Matt Caswell authored
When pushing a BIO onto an SSL BIO we set the rbio and wbio for the SSL object to be the BIO that has been pushed. Therefore we need to up the ref count for that BIO. The existing code was uping the ref count on the wrong BIO. Reviewed-by: -
Matt Caswell authored
When setting the read bio we free up any old existing one. However this can lead to a double free if the existing one is the same as the write bio. Reviewed-by: -
Matt Caswell authored
The SSL_set_bio() function has some complicated ownership rules. This adds a test to make sure it all works as expected. Reviewed-by: -
Matt Caswell authored
SSLv2 is no longer supported in 1.1.0, however we *do* still accept an SSLv2 style ClientHello, as long as we then subsequently negotiate a protocol version >= SSLv3. The record format for SSLv2 style ClientHellos is quite different to SSLv3+. We only accept this format in the first record of an initial ClientHello. Previously we checked this by confirming s->first_packet is set and s->server is true. However, this really only tells us that we are dealing with an initial ClientHello, not that it is the first record (s->first_packet is badly named...it really means this is the first message). To check this is the first record of the initial ClientHello we should also check that we've not received any data yet (s->init_num == 0), and that we've not had any empty records. GitHub Issue #1298 Reviewed-by:Emilia Käsper <emilia@openssl.org>
-
- Jul 28, 2016
-
-
Rich Salz authored
Cannot nest B<> tags Document "openssl speed" command. Fix doc nits: missing NAME/SYNOPSIS stuff Reviewed-by:Tim Hudson <tjh@openssl.org>
-
Emilia Kasper authored
Reviewed-by:
-
