| Age | Commit message (Collapse) | Author |
|---|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
All instances of SSLeay (any combination of case) were replaced with
the case-equivalent OpenSSL.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Pull out the state machine into a separate sub directory. Also moved some
functions which were nothing to do with the state machine but were in state
machine files. Pulled all the SSL_METHOD definitions into one place...most
of those files had very little left in them any more.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
|
RT#4081
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
care of itself.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
(part by Alessandro Ghedini)
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Note that this commit constifies a user callback parameter and therefore
will break compilation for applications using this callback. But unless
they are abusing write access to the buffer, the fix is trivial.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
It returns -1 on error, not 0.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1231
|
|
-Allow mingw debug builds to fail on Travis CI
-Fix Travis email notifications config
-Rename a variable to avoid a bogus warning with old GCC
error: declaration of ``dup'' shadows a global declaration [-Werror=shadow]
-Disable pedantic ms-format warnings with mingw
-Properly define const DH parameters
-Restore --debug flag in Travis CI builds; -d would get incorrectly passed
to ./Configure in mingw debug builds.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Move all packet parsing to the beginning of the method. This limits the
SSLv2 compatibility soup to the parsing, and makes the rest of the
processing uniform.
This is also needed for simpler EMS support: EMS servers need to do an
early scan for EMS to make resumption decisions. This'll be easier when
the entire ClientHello is parsed in the beginning.
As a side effect,
1) PACKETize ssl_get_prev_session and tls1_process_ticket; and
2) Delete dead code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Looks like someone forgot to do a "make update" since crypto/ts/Makefile
keeps changing. So include that.
Second is that the declare_dh_bn macro fools the libeay.num script.
The declarations are only needed in one file (dh_rfc5114) so remove
them from the header and put the "raw" declarations directly into that
file.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Occaisionally we have had problems where there are duplicated ordinals in
libeay.num or ssleay.num. This adds a test for this issue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Much related/similar work also done by
Ivan Nestlerode <ivan.nestlerode@sonos.com>
+Replace FILE BIO's with dummy ops that fail.
+Include <stdio.h> for sscanf() even with no-stdio (since the declaration
is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment
variable, since it can be larger than a 'long'. And we don't rely on the
availability of strtoull().
+Remove OPENSSL_stderr(); not used.
+Make OPENSSL_showfatal() do nothing (currently without stdio there's
nothing we can do).
+Remove file-based functionality from ssl/. The function
prototypes were already gone, but not the functions themselves.
+Remove unviable conf functionality via SYS_UEFI
+Add fallback definition of BUFSIZ.
+Remove functions taking FILE * from header files.
+Add missing DECLARE_PEM_write_fp_const
+Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out,
so remove its prototype.
+Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid().
+Eliminate SRP_VBASE_init() and supporting functions. Users will need to
build the verifier manually instead.
+Eliminate compiler warning for unused do_pk8pkey_fp().
+Disable TEST_ENG_OPENSSL_PKEY.
+Disable GOST engine as is uses [f]printf all over the place.
+Eliminate compiler warning for unused send_fp_chars().
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
The windows test uses the pseudo file "nul" to indicate no file for the
-CApath option. This does not work on all versions of Windows. Instead use
the new -no-CApath option.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
The openssl rehash command is not available on some platforms including
Windows. This change skips the associated tests if rehash is not available.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Get rid of the third field that is no longer needed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
There actually is a "srp" feature to check the availability on
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
There actually is a "jpake" feature to check the availability on
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
These tests were checking for specific sha variants, when they should
just check if "sha" is disabled.
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
It depended on 'openssl no-wp', which always exited with code 0, so
this test would never be performed, and this, I never discovered that
the program it's supposed to run was misspellt. Furthermore, the
feature to check is 'whirlpool', not 'wp'.
All corrected.
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Add Utils.pm for test utilities. This currently just contains one function:
disabled which checks if a feature is disabled based on the output of
openssl list -disabled
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Obvious typo, and it took configuring with 'zlib' to discover it,
otherwise there was a previous skip that bypassed this section
entirely.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
If test/recipes/40-test_rehash.t is executed as root, the last test
will fail, since the created directory will remain writable no matter
what. Make sure it complains loudly about being run as root.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
It's unused, and the same functionality can be achieved with saving a
copy of the struct.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Previously, the conversion would silently coerce to ASCII. Now, we error
out.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Rewrite EVP_DecodeUpdate.
In particular: reject extra trailing padding, and padding in the middle
of the content. Don't limit line length. Add tests.
Previously, the behaviour was ill-defined, and depended on the position
of the padding within the input.
In addition, this appears to fix a possible two-byte oob read.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
|
|
The bookmark API results in a lot of boilerplate error checking that can
be much more easily achieved with a simple struct copy. It also lays the
path for removing the third PACKET field.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require
any code changes).
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
If a test recipe does something like this:
indir "foo.$$" => sub {
chmod 0500, File::Spec->curdir();
ok(run(app(["something"])));
}
we get a problem, because we were storing the temporary stderr file in
the current directory at all times (so while inside the 'indir', we
would attemp to store it in "foo.$$").
So, change our ways to always store that temporary file in the exact
same location, defined by the environment variable RESULT_D, or
failing that TEST_D, or failing that $TOP/test.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Use each once in s3_srvr.c to show how they work.
Also fix a bug introduced in c3fc7eeab884b6876a1b4006163f190d325aa047
and made apparent by this change:
ssl3_get_next_proto wasn't updating next_proto_negotiated_len
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
test_ecdh and test_ecdsa are made to depend on no-ec being false.
test_hmac is made not to depend on algorithm at all.
Based on a contribution by Alessandro Ghedini <alessandro@ghedini.me>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
The verify_extra_test was recently changed to take its parameters as
arguments instead of having them hardcoded.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
This recipe counted too much on being called with test/ as its current
working directory. That's a mistake on, for example, Windows.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
