Rich Salz [Thu, 3 Sep 2015 13:15:26 +0000 (09:15 -0400)]
remove 0 assignments.
After openssl_zalloc, cleanup more "set to 0/NULL" assignments.
Many are from github feedback.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Long, Qin [Wed, 22 Jul 2015 09:04:18 +0000 (10:04 +0100)]
Add UEFI flag for rand build
Add OPENSSL_SYS_UEFI flag for RAND handling;
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Richard Levitte [Thu, 3 Sep 2015 12:03:54 +0000 (14:03 +0200)]
Win32 build fix: include internal/numbers.h to get UIN32_MAX
Reviewed-by: Rich Salz <rsalz@openssl.org>
David Bar [Mon, 3 Aug 2015 16:45:26 +0000 (12:45 -0400)]
RT3674: Make no-cms build work.
Also has changes from from David Woodhouse <David.Woodhouse@intel.com>
and some tweaks from me.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Thu, 3 Sep 2015 15:25:03 +0000 (16:25 +0100)]
make update
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Thu, 3 Sep 2015 14:46:43 +0000 (15:46 +0100)]
PBE lookup test
Add test to check PBE lookups: these can fail if the PBE table is not
correctly orders. Add to "make test".
Reviewed-by: Matt Caswell <matt@openssl.org>
Alessandro Ghedini [Wed, 19 Aug 2015 22:12:29 +0000 (00:12 +0200)]
Add initial Travis CI configuration
Closes #63
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
Richard Levitte [Thu, 3 Sep 2015 08:16:59 +0000 (10:16 +0200)]
Two changes at ones lead to a confused libeay.num. Fix
Reviewed-by: Matt Caswell <matt@openssl.org>
Rich Salz [Wed, 26 Aug 2015 20:22:10 +0000 (16:22 -0400)]
Check OPENSSL_gmtime_diff
It's test code that only runs on 64bit time_t machines.
Move it to a standalone test/gmdifftest
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Tue, 25 Aug 2015 17:25:58 +0000 (13:25 -0400)]
Add and use OPENSSL_zalloc
There are many places (nearly 50) where we malloc and then memset.
Add an OPENSSL_zalloc routine to encapsulate that.
(Missed one conversion; thanks Richard)
Also fixes GH328
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Mon, 31 Aug 2015 22:48:44 +0000 (23:48 +0100)]
make update
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Mon, 31 Aug 2015 20:30:13 +0000 (21:30 +0100)]
make X509_CRL opaque
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Wed, 26 Aug 2015 13:28:38 +0000 (14:28 +0100)]
Extend ciphersuite test coverage.
Add support for testing ECDSA and DSA ciphersuites.
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Wed, 26 Aug 2015 13:03:24 +0000 (14:03 +0100)]
Fix CCM support in DTLS
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Wed, 26 Aug 2015 11:22:39 +0000 (12:22 +0100)]
Update ssltest certificate handling.
Use SSL_CONF for certificate handling is ssltest.c, this changes the
behaviour slightly: the -cert and -key options are no longer recognised
and a default certificate file is not used.
This change means that -s_cert and -c_cert can be used mode than once
to support use of multiple certificates.
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Wed, 26 Aug 2015 11:20:32 +0000 (12:20 +0100)]
Create DSA and ECDSA certificates.
If supported create DSA and ECDSA certificates and test them.
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Wed, 2 Sep 2015 17:39:48 +0000 (18:39 +0100)]
delete unused structure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rich Salz [Wed, 2 Sep 2015 02:44:10 +0000 (22:44 -0400)]
Move OPENSSL_ITEM to store.h
The only place that uses it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Viktor Dukhovni [Wed, 2 Sep 2015 01:59:08 +0000 (21:59 -0400)]
Cleaner handling of "cnid" in do_x509_check
Avoid using cnid = 0, use NID_undef instead, and return early instead
of trying to find an instance of that in the subject DN.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Viktor Dukhovni [Wed, 2 Sep 2015 01:47:12 +0000 (21:47 -0400)]
Better handling of verify param id peername field
Initialize pointers in param id by the book (explicit NULL assignment,
rather than just memset 0).
In x509_verify_param_zero() set peername to NULL after freeing it.
In x509_vfy.c's internal check_hosts(), avoid potential leak of
possibly already non-NULL peername. This is only set when a check
succeeds, so don't need to do this repeatedly in the loop.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Hiroyuki YAMAMORI [Wed, 26 Aug 2015 13:45:40 +0000 (14:45 +0100)]
Fix DTLS1.2 buffers
Fix the setup of DTLS1.2 buffers to take account of the Header
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Tim Zhang [Mon, 11 May 2015 09:58:51 +0000 (10:58 +0100)]
Fix the comment for POINT_CONVERSION_UNCOMPRESSED
The |z| value should be 0x04 not 0x02
RT#3838
Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Tue, 1 Sep 2015 18:09:20 +0000 (19:09 +0100)]
make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Tue, 1 Sep 2015 17:56:58 +0000 (18:56 +0100)]
Document extension functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Tue, 1 Sep 2015 16:48:05 +0000 (17:48 +0100)]
functions to retrieve certificate flags
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Tue, 1 Sep 2015 15:07:05 +0000 (16:07 +0100)]
use uint32_t for certificate flags
Reviewed-by: Rich Salz <rsalz@openssl.org>
Adam Eijdenberg [Wed, 5 Aug 2015 02:08:22 +0000 (19:08 -0700)]
RT3984: Fix clang compiler warning on Mac OS X where %ld is used for uint64_t.
clang suggests %llu instead, but it isn't clear that is portable on
all platforms.
C99 and above define a handy macro for us, so we try to use that
definition and fall back to current definition if needed (though we
switch to 'u' for unsigned).
Reviewed-by: Matt Caswell <matt@openssl.org>
Emilia Kasper [Tue, 1 Sep 2015 14:11:47 +0000 (16:11 +0200)]
apps/speed.c: fix memory leak
Reviewed-by: Richard Levitte <levitte@openssl.org>
Emilia Kasper [Tue, 1 Sep 2015 12:56:58 +0000 (14:56 +0200)]
RT4002: check for NULL cipher in p12_crpt.c
The NULL cipher case can't actually happen because we have no
EVP_PBE_CTL combinations where cipher_nid is -1 and keygen is
PKCS12_PBE_keyivgen. But make the code more obviously correct.
Reviewed-by: Matt Caswell <matt@openssl.org>
Emilia Kasper [Tue, 1 Sep 2015 11:19:15 +0000 (13:19 +0200)]
RT 3493: fix RSA test
- Pass in the right ciphertext length to ensure we're indeed testing
ciphertext corruption (and not truncation).
- Only test one mutation per byte to not make the test too slow.
- Add a separate test for truncated ciphertexts.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Thu, 27 Aug 2015 04:10:55 +0000 (00:10 -0400)]
RT3767: openssl_button.gif should be PNG
No, we should just delete it. And updated the README
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Mon, 31 Aug 2015 19:45:56 +0000 (21:45 +0200)]
Ignore .dir-locals.el
Because we recently encourage people to have a .dir-locals.el, it's a good
idea to ignore it on a git level.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Mon, 31 Aug 2015 20:02:06 +0000 (21:02 +0100)]
make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Mon, 31 Aug 2015 19:29:57 +0000 (20:29 +0100)]
Add X509_up_ref function.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Mon, 31 Aug 2015 19:30:20 +0000 (20:30 +0100)]
Add X509_CRL_up_ref function
Reviewed-by: Rich Salz <rsalz@openssl.org>
mrpre [Fri, 28 Aug 2015 08:12:51 +0000 (16:12 +0800)]
check bn_new return value
Slightly modified from the original PR.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Mon, 31 Aug 2015 11:58:07 +0000 (12:58 +0100)]
make X509_REQ opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Mon, 31 Aug 2015 11:16:52 +0000 (12:16 +0100)]
make X509_CERT_AUX opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Mon, 31 Aug 2015 17:27:57 +0000 (18:27 +0100)]
Remove asn1-kludge option.
Remove asn1-kludge option from the req utility. It was a decade old
workaround for CAs and software which required an invalid encoding
of PKCS#10 certificate requests: omitting the attributes field even
though it is not OPTIONAL.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Ben Kaduk [Fri, 28 Aug 2015 16:41:50 +0000 (12:41 -0400)]
GH367 follow-up, for more clarity
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Emilia Kasper [Mon, 31 Aug 2015 13:51:27 +0000 (15:51 +0200)]
BN_mod_exp_mont_consttime: check for zero modulus.
Don't dereference |d| when |top| is zero. Also test that various BIGNUM methods behave correctly on zero/even inputs.
Follow-up to
b11980d79a52ec08844f08bea0e66c04b691840b
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Mon, 31 Aug 2015 15:58:53 +0000 (17:58 +0200)]
Remove auto-fill-mode
Apparently, emacs sees changes to auto-fill-mode as insecure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Mon, 31 Aug 2015 15:25:17 +0000 (17:25 +0200)]
Add an example .dir-locals.el
This file, when copied to .dir-locals.el in the OpenSSL source top,
will make sure that the CC mode style "OpenSSL-II" will be used for
all C files.
Additionally, I makes sure that tabs are never used as indentation
character, regardless of the emacs mode, and that the fill column is
78.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Mon, 31 Aug 2015 15:12:37 +0000 (17:12 +0200)]
Add emacs CC mode style for OpenSSL
This hopefully conforms closely enough to the current code style.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Emilia Kasper [Mon, 31 Aug 2015 11:57:44 +0000 (13:57 +0200)]
Fix spurious bntest failures.
BN_bntest_rand generates a single-word zero BIGNUM with quite a large probability.
A zero BIGNUM in turn will end up having a NULL |d|-buffer, which we shouldn't dereference without checking.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Fri, 28 Aug 2015 21:49:30 +0000 (17:49 -0400)]
Remove the "times" directory.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Fri, 28 Aug 2015 19:53:41 +0000 (15:53 -0400)]
Fix
4c42ebd; forgot to inutil util/libeay.num
Reviewed-by: Tim Hudson <tjh@openssl.org>
Alessandro Ghedini [Fri, 28 Aug 2015 03:07:07 +0000 (23:07 -0400)]
GH354: Memory leak fixes
Fix more potential leaks in X509_verify_cert()
Fix memory leak in ClientHello test
Fix memory leak in gost2814789 test
Fix potential memory leak in PKCS7_verify()
Fix potential memory leaks in X509_add1_reject_object()
Refactor to use "goto err" in cleanup.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Ismo Puustinen [Sat, 8 Aug 2015 02:14:47 +0000 (22:14 -0400)]
GH367: Fix dsa keygen for too-short seed
If the seed value for dsa key generation is too short (< qsize),
return an error. Also update the documentation.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Rich Salz [Thu, 27 Aug 2015 21:17:26 +0000 (17:17 -0400)]
Fix memory over-read
Fix from David Baggett via tweet.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Thu, 27 Aug 2015 16:28:08 +0000 (12:28 -0400)]
Various doc fixes.
Make all mention of digest algorithm use "any supported algorithm"
RT2071, some new manpages from Victor B. Wagner <vitus@cryptocom.ru>:
X509_LOOKUP_hash_dir.pod
X509_check_ca.pod
X509_check_issued.pod
RT 1600:
Remove references to non-existant objects(3)
Add RETURN VALUES to BIO_do_accept page.
RT1818:
RSA_sign Can return values other than 0 on failure.
RT3634:
Fix AES CBC aliases (Steffen Nurpmeso <sdaoden@yandex.com>)
RT3678:
Some clarifications to BIO_new_pair
(Devchandra L Meetei <dlmeetei@gmail.com>)
RT3787:
Fix some EVP_ function return values
(Laetitia Baudoin <lbaudoin@google.com>)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Hubert Kario [Fri, 31 Jul 2015 16:32:39 +0000 (18:32 +0200)]
GH350: -help text few s_client and s_server flags
add -help description of sigalgs, client_sigalgs, curves
and named_curve
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
David Brodski [Tue, 13 May 2014 16:06:27 +0000 (18:06 +0200)]
Fixed problem with multiple load-unload of comp zlib
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Viktor Dukhovni [Thu, 24 Apr 2014 01:58:30 +0000 (21:58 -0400)]
GH correct organizationalUnitName
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 26 Aug 2015 15:22:45 +0000 (16:22 +0100)]
Clean up reset of read/write sequences
Use sizeof instead of an explicit size, and use the functions for the
purpose.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Emilia Kasper [Tue, 18 Aug 2015 10:29:36 +0000 (12:29 +0200)]
PACKET: add methods for reading length-prefixed TLS vectors.
Rewrite ssl3_get_client_hello to use the new methods.
Reviewed-by: Matt Caswell <matt@openssl.org>
Emilia Kasper [Tue, 18 Aug 2015 17:01:51 +0000 (19:01 +0200)]
Fix SSLv2-compatible ClientHello processing.
If the client challenge is less than 32 bytes, it is padded with leading - not trailing - zero bytes.
Reviewed-by: Matt Caswell <matt@openssl.org>
Emilia Kasper [Tue, 18 Aug 2015 12:55:53 +0000 (14:55 +0200)]
PACKET: constify where possible
The PACKET should hold a 'const unsigned char*' underneath as well
but the legacy code passes the record buffer around as 'unsigned char*'
(to callbacks, too) so that's a bigger refactor.
Reviewed-by: Matt Caswell <matt@openssl.org>
Alessandro Ghedini [Wed, 19 Aug 2015 15:12:31 +0000 (17:12 +0200)]
GH371: Print debug info for ALPN extension
Also known as RT 4106
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Rich Salz [Wed, 26 Aug 2015 04:25:11 +0000 (00:25 -0400)]
Remove _locked memory functions.
Undocumented, unused, unnecessary (replaced by secure arena).
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Mon, 10 Aug 2015 16:45:25 +0000 (12:45 -0400)]
BN_bin2bn handle leading zero's
If a binary sequence is all zero's, call BN_zero.
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Thu, 13 Aug 2015 14:17:14 +0000 (15:17 +0100)]
Add NewSessionTicket test suite
Add a set of tests for checking that NewSessionTicket messages are
behaving as expected.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Thu, 13 Aug 2015 15:58:20 +0000 (16:58 +0100)]
Fix TLSProxy end of test detection
Previously TLSProxy would detect a successful handshake once it saw the
server Finished message. This causes problems with abbreviated handshakes,
or if the client fails to process a message from the last server flight.
This change additionally sends some application data and finishes when the
client sends a CloseNotify.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Thu, 13 Aug 2015 09:06:30 +0000 (10:06 +0100)]
Fix DTLS session ticket renewal
A DTLS client will abort a handshake if the server attempts to renew the
session ticket. This is caused by a state machine discrepancy between DTLS
and TLS discovered during the state machine rewrite work.
The bug can be demonstrated as follows:
Start a DTLS s_server instance:
openssl s_server -dtls
Start a client and obtain a session but no ticket:
openssl s_client -dtls -sess_out session.pem -no_ticket
Now start a client reusing the session, but allow a ticket:
openssl s_client -dtls -sess_in session.pem
The client will abort the handshake.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Chris Watts [Mon, 24 Aug 2015 22:56:31 +0000 (15:56 -0700)]
Ignore generated *.S ARM assembly files
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Markus Rinne [Mon, 24 Aug 2015 20:20:13 +0000 (16:20 -0400)]
RT4019: Duplicate -hmac flag in dgst.pod
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Rich Salz [Mon, 24 Aug 2015 19:25:14 +0000 (15:25 -0400)]
GH372: Remove duplicate flags
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Rich Salz [Mon, 24 Aug 2015 21:54:54 +0000 (17:54 -0400)]
Small cleanup of crypto.pod
Came up on the mailing list, from Ken Goldman.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Peter Mosmans [Mon, 24 Aug 2015 19:13:48 +0000 (15:13 -0400)]
GH337: Need backslash before leading #
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
janpopan [Mon, 24 Aug 2015 19:21:27 +0000 (15:21 -0400)]
RT4015: Add missing date to CHANGES
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Mon, 24 Aug 2015 14:04:47 +0000 (15:04 +0100)]
More test cases.
Add DSA tests.
Add tests to verify signatures against public keys. This will also check
that a public key is read in correctly.
Reviewed-by: Ben Laurie <ben@openssl.org>
Dr. Stephen Henson [Thu, 30 Apr 2015 13:16:07 +0000 (14:16 +0100)]
Add DSA digest length checks.
Reviewed-by: Ben Laurie <ben@openssl.org>
Rich Salz [Mon, 17 Aug 2015 19:21:33 +0000 (15:21 -0400)]
Fix L<> content in manpages
L<foo|foo> is sub-optimal If the xref is the same as the title,
which is what we do, then you only need L<foo>. This fixes all
1457 occurrences in 349 files. Approximately. (And pod used to
need both.)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Mon, 17 Aug 2015 16:10:16 +0000 (18:10 +0200)]
Add new types to indent.pro
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dmitry Belyavsky [Mon, 17 Aug 2015 10:22:52 +0000 (11:22 +0100)]
Add new GOST OIDs
Add new OIDs for latest GOST updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Tim Hudson [Mon, 17 Aug 2015 12:20:06 +0000 (22:20 +1000)]
Restore previous behaviour of only running one algorithm when -evp alg is used.
Submitted by: Eric Young <eay@pobox.com>
Reviewed-by: Ben Laurie <ben@openssl.org>
Tim Hudson [Mon, 17 Aug 2015 12:16:39 +0000 (22:16 +1000)]
restore usage of -elapsed that was disabled in the ifdef reorg
Reviewed-by: Ben Laurie <ben@openssl.org>
Rich Salz [Mon, 17 Aug 2015 01:08:25 +0000 (21:08 -0400)]
GH345: Remove stderr output
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Sun, 16 Aug 2015 22:38:24 +0000 (18:38 -0400)]
Move FAQ to the web.
Best hope of keeping current.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Tue, 4 Aug 2015 21:12:53 +0000 (22:12 +0100)]
PACKETise CertificateRequest
Process CertificateRequest messages using the PACKET API
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Matt Caswell [Mon, 3 Aug 2015 11:57:51 +0000 (12:57 +0100)]
PACKETise ClientKeyExchange processing
Use the new PACKET code to process the CKE message
Reviewed-by: Stephen Henson <steve@openssl.org>
Matt Caswell [Wed, 5 Aug 2015 13:50:24 +0000 (14:50 +0100)]
PACKETise NewSessionTicket
Process NewSessionTicket messages using the new PACKET API
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Matt Caswell [Thu, 13 Aug 2015 09:04:23 +0000 (10:04 +0100)]
Fix session tickets
Commit
9ceb2426b0 (PACKETise ClientHello) broke session tickets by failing
to detect the session ticket extension in an incoming ClientHello. This
commit fixes the bug.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Dr. Stephen Henson [Mon, 10 Aug 2015 18:17:50 +0000 (19:17 +0100)]
add CCM docs
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Fri, 31 Jul 2015 15:53:45 +0000 (16:53 +0100)]
Add CCM ciphersuites from RFC6655 and RFC7251
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Fri, 31 Jul 2015 15:59:45 +0000 (16:59 +0100)]
ccm8 support
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Fri, 31 Jul 2015 15:54:35 +0000 (16:54 +0100)]
CCM support.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Wed, 17 Jun 2015 00:13:40 +0000 (01:13 +0100)]
Update docs.
Clarify and update documention for extra chain certificates.
PR#3878.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Thu, 23 Jul 2015 15:38:58 +0000 (16:38 +0100)]
Documentation for SSL_check_chain()
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Thu, 13 Aug 2015 17:15:45 +0000 (19:15 +0200)]
for test_sslvertol, add a value to display SSL version < 3 in debug
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Thu, 13 Aug 2015 17:14:34 +0000 (19:14 +0200)]
Fixups in libssl test harness
- select an actual file handle for devnull
- do not declare $msgdata twice
- SKE records sometimes seem to come without sig
- in SKE parsing, use and use $pub_key_len when parsing $pub_key
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Thu, 13 Aug 2015 17:13:16 +0000 (19:13 +0200)]
Use -I to add to @INC, and use -w to produce warnings
Reviewed-by: Matt Caswell <matt@openssl.org>
Rich Salz [Thu, 13 Aug 2015 15:22:10 +0000 (11:22 -0400)]
Fix FAQ formatting for new website.
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Wed, 5 Aug 2015 14:52:26 +0000 (15:52 +0100)]
PACKETise Certificate Status message
Process the Certificate Status message using the PACKET API
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Matt Caswell [Mon, 3 Aug 2015 16:20:47 +0000 (17:20 +0100)]
Enhance PACKET readability
Enhance the PACKET code readability, and fix a stale comment. Thanks
to Ben Kaduk (bkaduk@akamai.com) for pointing this out.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Matt Caswell [Mon, 3 Aug 2015 16:20:07 +0000 (17:20 +0100)]
Add missing return check for PACKET_buf_init
The new ClientHello PACKET code is missing a return value check.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Ismo Puustinen [Sat, 8 Aug 2015 02:11:28 +0000 (22:11 -0400)]
GH364: Free memory on an error path
Part of RT 3997
Per Ben, just jump to common exit code.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 4 Aug 2015 19:10:06 +0000 (20:10 +0100)]
PACKETise Server Certificate processing
Use the PACKET API to process an incoming server Certificate message.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Dr. Stephen Henson [Sat, 1 Aug 2015 14:38:11 +0000 (15:38 +0100)]
Return error for unsupported modes.
PR#3974
PR#3975
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Sat, 1 Aug 2015 14:37:44 +0000 (15:37 +0100)]
Fix memory leak if setup fails.
Reviewed-by: Matt Caswell <matt@openssl.org>
projects / openssl.git / log