- 03 6月, 2015 3 次提交
-
-
由 Annie Yousar 提交于
objects.pl only looked for a space to see if the name could be used as a C identifier. Improve the test to match the real C rules. Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Here are the "rules" for handling flags that depend on #ifdef: - Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd entries appear at the end; by convention "engine" is last. This ensures that at run-time, the flag will never be recognized/allowed. The next two bullets entries are for silencing compiler warnings: - In the while/switch parsing statement, use #ifdef for the body to disable it; leave the "case OPT_xxx:" and "break" statements outside the ifdef/ifndef. See ciphers.c for example. - If there are multiple options controlled by a single guard, OPT_FOO, OPT_BAR, etc., put a an #ifdef around the set, and then do "#else" and a series of case labels and a break. See OPENSSL_NO_AES in cms.c for example. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
I also re-ordered some of #ifdef's. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 02 6月, 2015 6 次提交
-
-
由 Jeffrey Walton 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
This is for consistency. Additionally, have its presence define OPENSSL_SYS_WINDOWS as well. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Gunnar Kudrjavets 提交于
Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Olaf Johansson 提交于
Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Per Allansson 提交于
The code in bss_dgram.c checks if IP_MTUDISCOVER is defined, where it should test for IP_MTU_DISCOVER RT#3888 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. CVE-2015-1791 This also fixes RT#3808 where a session ID is changed for a session already in the client session cache. Since the session ID is the key to the cache this breaks the cache access. Parts of this patch were inspired by this Akamai change: https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 01 6月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
dtls1_get_message has an |mt| variable which is the type of the message that is being requested. If it is negative then any message type is allowed. However the value of |mt| is not checked in one of the main code paths, so a peer can send a message of a completely different type and it will be processed as if it was the message type that we were expecting. This has very little practical consequences because the current behaviour will still fail when the format of the message isn't as expected. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 31 5月, 2015 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Where we called openssl_cleanse, make sure we do it on all error paths. Be consistent in use of sizeof(foo) when possible. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 29 5月, 2015 10 次提交
-
-
由 Matt Caswell 提交于
struct ccs_header_st is not used so it should be removed. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Almost two months ago, the warning about non-existing config file was supressed by setting the environment variable OPENSSL_CONF to /dev/null everywhere. Now that this warning is gone, that practice is no longer needed. Reviewed-by: NStephen Henson <steve@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
The module loading feature got broken a while ago, so restore it, but have it a bit more explicit this time around. Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Peter Dettman 提交于
RT 3871 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Create app_load_config(), a routine to load config file. Remove the "always load config" from the main app. Change the places that used to load config to call the new common routine. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Using an enum with -Wswitch means all lookup routines handle all cases. Remove X509_LU_PKEY which was never used. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 28 5月, 2015 6 次提交
-
-
由 Matt Caswell 提交于
The new accessors SSL_get_client_random, SSL_get_server_random and SSL_SESSION_get_master_key should return a size_t to match the type of the |outlen| parameter. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Change the new SSL_get_client_random(), SSL_get_server_random() and SSL_SESSION_get_master_key() functions to use size_t for |outlen| instead of int. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Nick Mathewson 提交于
Signed-off-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Nick Mathewson 提交于
Tor uses these values to implement a low-rent clone of RFC 5705 (which, in our defense, we came up with before RFC 5705 existed). But now that ssl_st is opaque, we need another way to get at them. Includes documentation, with suitable warnings about not actually using these functions. Signed-off-by: NNick Mathewson <nickm@torproject.org> Signed-off-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Nick Mathewson 提交于
Signed-off-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Nick Mathewson 提交于
On the server side, if you want to know which ciphers the client offered, you had to use session->ciphers. But that field is no longer visible, so we need a method to get at it. Signed-off-by: NNick Mathewson <nickm@torproject.org> Signed-off-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 27 5月, 2015 1 次提交
-
-
由 Emilia Kasper 提交于
In master, the 'dh' command is gone, so use 'dhparam' instead to determine if we're compiled with DH. Also, set "@SECLEVEL=1" for the weak DH test, so that it actually passes. Reviewed-by: NDr Stephen Henson <steve@openssl.org>
-
- 26 5月, 2015 10 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Add support for PKCS#8 private key encryption using the scrypt algorithm in the pkcs8 utility. Update documentation. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
This adds a new function which will encrypt a private key using PKCS#8 based on an X509_ALGOR structure and reimplements PKCS8_encrypt to use it. Update pkcs8 utlity to use PKCS8_set0_pbe. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Set a specific error if the parameters are otherwise valid but exceed the memory limit. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Add support for PKCS#12 and PBKDF2 password based encryption tests. Add additional test data. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Emilia Kasper 提交于
Also add more ciphersuite test coverage, and a negative test for 512-bit DHE. Reviewed-by: NRich Salz <rsalz@openssl.org> (cherry picked from commit 1ee85aab75d7c9f20058f781bfe9222323df08eb)
-
由 Matt Caswell 提交于
The size of the SRP extension can never be negative (the variable |size| is unsigned). Therefore don't check if it is less than zero. RT#3862 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The return value of i2d functions can be negative if an error occurs. Therefore don't assign the return value to an unsigned type and *then* check if it is negative. RT#3862 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The members of struct timeval on OpenVMS are unsigned. The logic for calculating timeouts needs adjusting to deal with this. RT#3862 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-