Age | Commit message (Collapse) | Author | Files | Lines |
|
When OpenSSL is configured with no-ec, then the new evp_extra_test fails to
pass. This change adds appropriate OPENSSL_NO_EC guards around the code.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
NETSCAPE_HANG_BUG is a workaround for a browser bug from many years ago
(2000).
It predates DTLS, so certainly has no place in d1_srvr.c.
In s3_srvr.c it forces the ServerDone to appear in the same record as the
CertificateRequest when doing client auth.
BoringSSL have already made the same commit:
79ae85e4f777f94d91b7be19e8a62016cb55b3c5
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
the "-hack" option from s_server that set this option.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Updates to include SHA224, SHA256, SHA384 and SHA512. In particular note
the restriction on setting md to NULL with regards to thread safety.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
the extract-names.pl script.
RT#3718
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>
CVE-2015-0209
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
called evp_test.c, so I have called this one evp_extra_test.c
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
the X509_V_FLAG_NO_ALT_CHAINS flag.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building
certificate chains, the first chain found will be the one used. Without this
flag, if the first chain found is not trusted then we will keep looking to
see if we can build an alternative chain instead.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
behaviour will force behaviour as per previous versions of OpenSSL
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
valid. However the issuer of the leaf, or some intermediate cert is in fact
in the trust store.
When building a trust chain if the first attempt fails, then try to see if
alternate chains could be constructed that are trusted.
RT3637
RT3621
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Move the build configuration table into separate files. The Configurations
file is standard configs, and Configurations.team is for openssl-team
members. Any other file, Configurations*, found in the same directory
as the Configure script, is loaded.
To add another file, use --config=FILE flags (which should probably be
an absolute path).
Written by Stefen Eissing <stefan.eissing@greenbytes.de> and Rich Salz
<rsalz@openssl.org>, contributed by Akamai Technologies.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
XTS bug spotted and fix suggested by Adrian Kotelba.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Though this doesn't mean that masm becomes supported, the script is
still provided on don't-ask-in-case-of-doubt-use-nasm basis.
See RT#3650 for background.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
The typo doesn't affect supported configuration, only unsupported masm.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
For some reason failure surfaced on ARM platforms.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
|
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a
bit too enthusiastically. Windows/DOSish platforms of all sorts get
identified as OPENSSL_SYS_MSDOS, and they get a different treatment
altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the
configuration. The answer is to restore those macro definitions for
the affected configuration targets.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
The rationale for this move is that TERMIOS is default, supported by
POSIX-1.2001, and most definitely on Linux. For a few other systems,
TERMIO may still be the termnial interface of preference, so we keep
-DTERMIO on those in Configure.
crypto/ui/ui_openssl.c is simplified in this regard, and will define
TERMIOS for all systems except a select few exceptions.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Many applications require named curve parameter encoding instead of explicit
parameter encoding (including the TLS library in OpenSSL itself). Set this
encoding by default instead of requiring an explicit call to set it.
Add OPENSSL_EC_EXPLICT_CURVE define.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Change BUF_MEM_grow and BUF_MEM_grow_clean to return size_t.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Add some EVP_PKEY test data for sign and verify tests including
failure cases.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Add two new keywords "PublicKey" and "PrivateKey". These will load a key
in PEM format from the lines immediately following the keyword and assign
it a name according to the value. These will be used later for public and
private key testing operations.
Add tests for Sign, Verify, VerifyRecover and Decrypt.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
manually picked from e7b85bc40200961984925604ca444517359a6067
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
And remove backup definition of offsetof.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|