aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2016-05-17Copyright consolidation 08/10Rich Salz96-4956/+536
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17Copyright consolidation 07/10Rich Salz98-4889/+547
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17Copyright consolidation 06/10Rich Salz96-4662/+595
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17Copyright consolidation 04/10Rich Salz92-4697/+534
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17Copyright consolidation 03/10Rich Salz85-4248/+520
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17Copyright consolidation 02/10Rich Salz72-2985/+421
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17Copyright consolidation 01/10Rich Salz102-7459/+607
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-05-17Add a comment to explain the use of |num_recs|Matt Caswell1-1/+9
In the SSLV2ClientHello processing code in ssl3_get_record, the value of |num_recs| will always be 0. This isn't obvious from the code so a comment is added to explain it. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-17Fix RSA dasync engine bugMatt Caswell1-1/+1
When RSA went opaque a bug was introduced into the dasync engine where the wrong function was being set for the rsa_priv_dec operation. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-17Use the current record offset in ssl3_get_recordMatt Caswell1-1/+2
The function ssl3_get_record() can obtain multiple records in one go as long as we are set up for pipelining and all the records are app data records. The logic in the while loop which reads in each record is supposed to only continue looping if the last record we read was app data and we have an app data record waiting in the buffer to be processed. It was actually checking that the first record had app data and we have an app data record waiting. This actually amounts to the same thing so wasn't wrong - but it looks a bit odd because it uses the |rr| array without an offset. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-17There is only one read bufferMatt Caswell1-1/+1
Pipelining introduced the concept of multiple records being read in one go. Therefore we work with an array of SSL3_RECORD objects. The pipelining change erroneously made a change in ssl3_get_record() to apply the current record offset to the SSL3_BUFFER we are using for reading. This is wrong - there is only ever one read buffer. This reverts that change. In practice this should make little difference because the code block in question is only ever used when we are processing a single record. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-17Fix typos in apps/enc.cKurt Cancemi1-2/+2
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-17Fix some out of date commentsMatt Caswell3-6/+6
Fix various references to s3_clnt.c and s3_srvr.c which don't exist any more. GitHub Issue #765 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17Remove repeated condition from if in X509_NAME_onelineMatt Caswell1-1/+1
An if checks the value of |type| to see if it is V_ASN1_VISIBLESTRING twice. We only need to do it once. GitHub Issue #656 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17Correct documentation errorMatt Caswell1-3/+3
SSL_get_async_wait_fd() was replaced by SSL_get_all_async_fds() and SSL_get_changed_async_fds(). Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16test/evp_test.c: exercise in-place encryption.Andy Polyakov1-19/+35
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-05-16ARMv8 assembly pack: add OPENSSL_cleanse.Andy Polyakov2-1/+32
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16Remove an unneccessary check of cipherMatt Caswell1-1/+1
Due to short-circuiting we only need to check "cipher" for NULL once. PR#699 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16Use OPENSSL_hexchar2intRich Salz8-59/+26
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16Use app_malloc; two missing cases.Rich Salz2-2/+2
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-16const correctness: make HMAC_size() take a const *Steffan Karger2-2/+2
CLA: none; trivial Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1070
2016-05-16session tickets: use more sizeofKurt Roeckx3-15/+23
Reviewed-by: Matt Caswell <matt@openssl.org> MR: #2153
2016-05-16Use AES256 for the default encryption algoritm for TLS session ticketsTJ Saunders3-4/+4
This involves providing more session ticket key data, for both the cipher and the digest Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> GH: #515, MR: #2153
2016-05-16session tickets: Use sizeof() for the various fieldsTJ Saunders4-17/+33
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> GH: #515, MR: #2153
2016-05-16Don't load same config file twice.Dr. Stephen Henson4-4/+4
RT#4215 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16Documentation: Clarify sizes for UI_add_input_string()Richard Levitte1-6/+6
The given sizes to not include the final NUL character. RT#2622 Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-16Workaround an IO::Socket::IP bugMatt Caswell1-1/+3
Workaround an apparent IO:Socket::IP bug where a seemingly valid server socket is being returned even though a valid connection does not exist. This causes the tests to intermittently hang. We additionally check that the peerport looks ok to verify that the returned socket looks usable. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16Fold threads.h into crypto.h making API publicViktor Dukhovni24-114/+101
Document thread-safe lock creation Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16Don't require any length of password when decryptingRichard Levitte1-3/+9
RT#2534 Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-16Add support for RC / WINDRES env variablesRichard Levitte3-7/+11
RT#2558 Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-16Add missing initialiser in e_chil.cRichard Levitte1-1/+1
RT#2616 Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-16do not remove links found in .git directoryCristian Stoica1-1/+1
Some setups use links inside .git directory and make clean should not remove them to avoid breaking git meta-information. Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> CLA: none; trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1078)
2016-05-16Windows: Add CRYPT32.LIB to the libraries to link you app withRichard Levitte1-12/+12
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1063)
2016-05-16Do not access SSL struct directly in TLS1_get_version and ↵Alessandro Ghedini1-2/+2
TLS1_get_client_version macros Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-16Add SSL_client_version() getter functionAlessandro Ghedini3-3/+10
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-16Add some documentation of SSL_CTX_set_tlsext_status_type()Matt Caswell1-13/+23
The previous commit added SSL_CTX_set_tlsext_status_type(). This one adds some documentation for it. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-16Propagate tlsext_status_type from SSL_CTX to SSLjfigus4-1/+14
To allow OCSP stapling to work with libcurl. Github PR #200 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-16Fix NPN protocol name list validationKazuki Yamaguchi1-3/+3
Since 50932c4 "PACKETise ServerHello processing", ssl_next_proto_validate() incorrectly allows empty protocol name. draft-agl-tls-nextprotoneg-04[1] says "Implementations MUST ensure that the empty string is not included and that no byte strings are truncated." This patch restores the old correct behavior. [1] https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04 Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-16Unify <TYPE>_up_ref methods signature and behaviour.FdaSilvaYY15-30/+71
Add a status return value instead of void. Add some sanity checks on reference counter value. Update the docs. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-16Small MSVC build fixes.Richard Levitte2-4/+6
- "/Ox /O2 /Ob2" get's reduced to "/O2", the reason being: /Ox = /Ob2 /Og /Oi /Ot /Oy /Gs /O2 = /Ob2 /Og /Oi /Ot /Oy /Gs /GF /Gy - apps/openssl.cnf gets installed. - always delete files quietly, as they might not be there. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1075)
2016-05-16Fix some missing OBJ_dup failure checks.FdaSilvaYY2-2/+2
Fix some missing OBJ_dup failure checks. Merged from https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E! Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1057)
2016-05-14openssl_{startup,shutdown}.com.in are in the source directoryRichard Levitte1-2/+2
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-14Fix various methods declaration in pod fileFdaSilvaYY1-8/+8
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1042)
2016-05-14Increment size limit for ClientHello messagesAlessandro Ghedini1-1/+18
The current limit of 2^14 bytes is too low (e.g. RFC 5246 specifies the maximum size of just the extensions field to be 2^16-1), and may cause bogus failures. RT#4063 Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/413)
2016-05-14Fix engine cryptodev: pointer to IVKirill Marinushkin1-1/+1
Currently point to wrong address Signed-off-by: Kirill Marinushkin <k.marinushkin@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-13Fix OpenSSL_memdup error handlingInsu Yun1-12/+15
check source's kdf_ukm, not destination's use != NULL, instead of implicit checking don't free internal data structure like pkey_rsa_copy() Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-13VMS perl: Fix glob outputRichard Levitte1-0/+1
In some cases, perl's glob() thinks it needs to return file names with generation numbers, such as when a file name pattern includes two periods. Constructing other file names by simple appending to file names with generation numbers isn't a good idea, so for the VMS case, just peal the generation numbers if they are there. Fortunately, this is easy, as the returned generation number delimiter will always be a semi-colon. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-13Add some additional NewSessionTicket testsMatt Caswell1-1/+38
If the server does not send a session ticket extension, it should not then send the NewSessionTicket message. If the server sends the session ticket extension, it MUST then send the NewSessionTicket message. Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-05-13The NewSessionTicket message is not optional.David Benjamin1-3/+5
Per RFC 4507, section 3.3: This message [NewSessionTicket] MUST be sent if the server included a SessionTicket extension in the ServerHello. This message MUST NOT be sent if the server did not include a SessionTicket extension in the ServerHello. The presence of the NewSessionTicket message should be determined entirely from the ServerHello without probing. RT#4389 Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-13Fix stack constification definitions.Dr. Stephen Henson1-6/+6
RT#4471 Reviewed-by: Matt Caswell <matt@openssl.org>
generated by cgit v1.1 at 2024-07-12 22:32:18 +0000