summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2016-08-17Improve error messageFdaSilvaYY
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17Relocalise some globals variablesFdaSilvaYY
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17Constify ssl_cert_type()Dr. Stephen Henson
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17Constify X509_certificate_type()Dr. Stephen Henson
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17Constify X509_get0_signature()Dr. Stephen Henson
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17Convert X509* functions to use const gettersDr. Stephen Henson
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17Convert X509_CRL* functions to use const gettersMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-17Make X509_NAME_get0_der() conform to OpenSSL styleMatt Caswell
Put the main object first in the params list. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-17Corrupt signature in place.Dr. Stephen Henson
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17Convert OCSP* functions to use const gettersMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-17Constify private key decode.Dr. Stephen Henson
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17constify X509_ALGOR_get0()Dr. Stephen Henson
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17Constify ASN1_item_unpack().Dr. Stephen Henson
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17Add missing session id and tlsext_status accessorsRemi Gacogne
* SSL_SESSION_set1_id() * SSL_SESSION_get0_id_context() * SSL_CTX_get_tlsext_status_cb() * SSL_CTX_get_tlsext_status_arg() Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17dasync is an internal testing engine, so don't install itRichard Levitte
Unfortunately, it means that the VMS IVP gets a bit crippled. This will be fixed later on. Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17VMS: no ENDIF on one line IF statements, in config.comRichard Levitte
Correct small error from last config.com change Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-16Convert SSL_SESSION* functions to use const gettersMatt Caswell
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-16Convert PKCS8* functions to use const gettersMatt Caswell
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-16Convert TS_STATUS_INFO* functions to use const gettersMatt Caswell
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-16two typo fixesFdaSilvaYY
Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1461)
2016-08-16Fix compilation when using MASM on x86Gergely Nagy
The generated asm code from x86cpuid.pl contains CMOVE instructions which are only available on i686 and later CPUs. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1459)
2016-08-16Provide compat macros for SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto()Matt Caswell
These functions are no longer relevant to 1.1.0 (we always have auto ecdh on) - but no reason to break old code that tries to call it. The macros will only return a dummy "success" result if the app was trying to enable ecdh. Disabling can't be done in quite this way any more. Fixes Github Issue #1437 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-08-16Ensure we unpad in constant time for read pipeliningMatt Caswell
The read pipelining code broke constant time unpadding. See GitHub issue #1438 Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16Corrupt signature earlier.Dr. Stephen Henson
If -badsig is selected corrupt the signature before printing out any details so the output reflects the modified signature. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16make updateDr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().Dr. Stephen Henson
Deprecate the function ASN1_STRING_data() and replace with a new function ASN1_STRING_get0_data() which returns a constant pointer. Update library to use new function. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16Remove duplicate ordinalsRichard Levitte
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16ARMv8 assembly pack: add Samsung Mongoose results.Andy Polyakov
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-16Configure: recognize -static as link option and disable incompatible options.Andy Polyakov
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16test/ssl_test.tmpl: make it work with elderly perl.Andy Polyakov
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16Fix satsub64be() to unconditionally use 64-bit integersDavid Woodhouse
Now we support (u)int64_t this can be very much simpler. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-16SSL tests: send some application dataEmilia Kasper
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16Add a "config" for verbosity and use it with TravisRichard Levitte
Modify VMS config.com to match Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-08-16Make "make" less verbose in Travis, except for the build only caseRichard Levitte
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-08-16Limit reads in do_b2i_bio()Dr. Stephen Henson
Apply a limit to the maximum blob length which can be read in do_d2i_bio() to avoid excessive allocation. Thanks to Shi Lei for reporting this. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16Check for errors in a2d_ASN1_OBJECT()Dr. Stephen Henson
Check for error return in BN_div_word(). Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-16Check for errors in BN_bn2dec()Dr. Stephen Henson
If an oversize BIGNUM is presented to BN_bn2dec() it can cause BN_div_word() to fail and not reduce the value of 't' resulting in OOB writes to the bn_data buffer and eventually crashing. Fix by checking return value of BN_div_word() and checking writes don't overflow buffer. Thanks to Shi Lei for reporting this bug. CVE-2016-2182 Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-15Avoid truncating the pointer on x32 platform.Tomas Mraz
The 64 bit pointer must not be cast to 32bit unsigned long on x32 platform. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-15Add a comment for the added cast with explanation.Tomas Mraz
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-15Fix af_alg engine failure on 32 bit architectures.Tomas Mraz
Add extra cast to unsigned long to avoid sign extension when converting pointer to 64 bit data. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-15Remove a stray unneeded line in 70-test_sslrecords.tMatt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-15Address feedback on SSLv2 ClientHello processingMatt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-15Add some SSLv2 ClientHello testsMatt Caswell
Test that we handle a TLS ClientHello in an SSLv2 record correctly. Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-15Send an alert if we get a non-initial record with the wrong versionMatt Caswell
If we receive a non-initial record but the version number isn't right then we should send an alert. Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-15Address feedback on SSLv2 ClientHello processingMatt Caswell
Feedback on the previous SSLv2 ClientHello processing fix was that it breaks layering by reading init_num in the record layer. It also does not detect if there was a previous non-fatal warning. This is an alternative approach that directly tracks in the record layer whether this is the first record. GitHub Issue #1298 Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-15Replaces CT_POLICY_EVAL_CTX_set0 entries with new setters in libcrypto.numRob Percival
Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1408)
2016-08-15Make CT_POLICY_EVAL_CTX_set1_{cert,issuer} into boolean functionsRob Percival
They may fail if they cannot increment the reference count of the certificate they are storing a pointer for. They should return 0 if this occurs. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1408)
2016-08-15Improves CTLOG_STORE settersRob Percival
Changes them to have clearer ownership semantics, as suggested in https://github.com/openssl/openssl/pull/1372#discussion_r73232196. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1408)
2016-08-15Skip the SRP tests in 80-test_ssl_old.t if no TLS versions is enabledRichard Levitte
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-15Fix no-ecDr. Stephen Henson
Fix no-ec builds by having separate functions to create keys based on an existing EVP_PKEY and a curve id. Reviewed-by: Rich Salz <rsalz@openssl.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-02 03:19:20 +0000