| Age | Commit message (Collapse) | Author |
|---|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Fix more potential leaks in X509_verify_cert()
Fix memory leak in ClientHello test
Fix memory leak in gost2814789 test
Fix potential memory leak in PKCS7_verify()
Fix potential memory leaks in X509_add1_reject_object()
Refactor to use "goto err" in cleanup.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
If the seed value for dsa key generation is too short (< qsize),
return an error. Also update the documentation.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Fix from David Baggett via tweet.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Make all mention of digest algorithm use "any supported algorithm"
RT2071, some new manpages from Victor B. Wagner <vitus@cryptocom.ru>:
X509_LOOKUP_hash_dir.pod
X509_check_ca.pod
X509_check_issued.pod
RT 1600:
Remove references to non-existant objects(3)
Add RETURN VALUES to BIO_do_accept page.
RT1818:
RSA_sign Can return values other than 0 on failure.
RT3634:
Fix AES CBC aliases (Steffen Nurpmeso <sdaoden@yandex.com>)
RT3678:
Some clarifications to BIO_new_pair
(Devchandra L Meetei <dlmeetei@gmail.com>)
RT3787:
Fix some EVP_ function return values
(Laetitia Baudoin <lbaudoin@google.com>)
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
add -help description of sigalgs, client_sigalgs, curves
and named_curve
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Use sizeof instead of an explicit size, and use the functions for the
purpose.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Rewrite ssl3_get_client_hello to use the new methods.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
If the client challenge is less than 32 bytes, it is padded with leading - not trailing - zero bytes.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
The PACKET should hold a 'const unsigned char*' underneath as well
but the legacy code passes the record buffer around as 'unsigned char*'
(to callbacks, too) so that's a bigger refactor.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Also known as RT 4106
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Undocumented, unused, unnecessary (replaced by secure arena).
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
If a binary sequence is all zero's, call BN_zero.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Add a set of tests for checking that NewSessionTicket messages are
behaving as expected.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Previously TLSProxy would detect a successful handshake once it saw the
server Finished message. This causes problems with abbreviated handshakes,
or if the client fails to process a message from the last server flight.
This change additionally sends some application data and finishes when the
client sends a CloseNotify.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
A DTLS client will abort a handshake if the server attempts to renew the
session ticket. This is caused by a state machine discrepancy between DTLS
and TLS discovered during the state machine rewrite work.
The bug can be demonstrated as follows:
Start a DTLS s_server instance:
openssl s_server -dtls
Start a client and obtain a session but no ticket:
openssl s_client -dtls -sess_out session.pem -no_ticket
Now start a client reusing the session, but allow a ticket:
openssl s_client -dtls -sess_in session.pem
The client will abort the handshake.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Came up on the mailing list, from Ken Goldman.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Add DSA tests.
Add tests to verify signatures against public keys. This will also check
that a public key is read in correctly.
Reviewed-by: Ben Laurie <ben@openssl.org>
|
|
Reviewed-by: Ben Laurie <ben@openssl.org>
|
|
L<foo|foo> is sub-optimal If the xref is the same as the title,
which is what we do, then you only need L<foo>. This fixes all
1457 occurrences in 349 files. Approximately. (And pod used to
need both.)
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Add new OIDs for latest GOST updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Submitted by: Eric Young <eay@pobox.com>
Reviewed-by: Ben Laurie <ben@openssl.org>
|
|
Reviewed-by: Ben Laurie <ben@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Best hope of keeping current.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Process CertificateRequest messages using the PACKET API
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Use the new PACKET code to process the CKE message
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Process NewSessionTicket messages using the new PACKET API
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Commit 9ceb2426b0 (PACKETise ClientHello) broke session tickets by failing
to detect the session ticket extension in an incoming ClientHello. This
commit fixes the bug.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Clarify and update documention for extra chain certificates.
PR#3878.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
- select an actual file handle for devnull
- do not declare $msgdata twice
- SKE records sometimes seem to come without sig
- in SKE parsing, use and use $pub_key_len when parsing $pub_key
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Process the Certificate Status message using the PACKET API
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Enhance the PACKET code readability, and fix a stale comment. Thanks
to Ben Kaduk (bkaduk@akamai.com) for pointing this out.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
The new ClientHello PACKET code is missing a return value check.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
