- 25 3月, 2015 3 次提交
-
-
由 Richard Levitte 提交于
For the moment, this is specially crafted for DECLARE_DEPRECATED because that's where we found the problem, but it can easily be expanded to other types of special delarations when needed. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Disable loop checking when we retry verification with an alternative path. This fixes the case where an intermediate CA is explicitly trusted and part of the untrusted certificate list. By disabling loop checking for this case the untrusted CA can be replaced by the explicitly trusted case and verification will succeed. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 24 3月, 2015 18 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
If a set of certificates is supplied to OCSP_basic_verify use those in addition to any present in the OCSP response as untrusted CAs when verifying a certificate chain. PR#3668 Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Move EVP internals to evp_int.h, remove -Ievp hack from crypto/Makefile Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Move ASN.1 internals used across multiple directories into new internal header file asn1_int.h remove crypto/Makefile hack which allowed other directories to include "asn1_locl.h" Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Start ensuring all OpenSSL "free" routines allow NULL, and remove any if check before calling them. This gets ASN1_OBJECT_free and ASN1_STRING_free. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Mike Frysinger 提交于
Fix compilation failure when SCTP is compiled due to incorrect define. Reported-by: NConrad Kostecki <ck+gentoobugzilla@bl4ckb0x.de> URL: https://bugs.gentoo.org/543828 RT#3758 Signed-off-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Thanks to a -I.., the path does work, at least on unix. However, this doesn't work so well on VMS. Correcting the path to not rely on given -I does work on both. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Remove old ASN.1 COMPAT type. This was meant as a temporary measure so older ASN.1 code (from OpenSSL 0.9.6) still worked. It's a hack which breaks constification and hopefully nothing uses it now, if it ever did. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Kurt Roeckx 提交于
It was saying that it was an illegal parameter / unsupported cipher Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Kurt Roeckx 提交于
The certificate already contains the DH parameters in that case. ssl3_send_server_key_exchange() would fail in that case anyway. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Kurt Roeckx 提交于
Also removes for it being NULL Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Remove x_exten.c and x_exten.o from crypto/asn1/Makefile: they've moved now. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Fix missing return value check in dtls1_listen when calling SSL_clear(). Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 23 3月, 2015 12 次提交
-
-
由 Matt Caswell 提交于
Change ssl_set_handshake_header from return void to returning int, and handle error return code appropriately. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Ensure that all libssl functions called from within the apps have their return values checked where appropriate. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Ensure that all functions have their return values checked where appropriate. This covers all functions defined and called from within libssl. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Mark most functions returning a result defined in any libssl header file with __owur to warn if they are used without checking the return value. Use -DUNUSED_RETURN compiler flag with gcc to activate these warnings. Some functions returning a result are skipped if it is common and valid to use these functions without checking the return value. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
In order to receive warnings on unused function return values the flag -DDEBUG_UNUSED must be passed to the compiler. This change adds that for the --strict-warnings Configure option. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Follow up on the earlier "Do not keep TABLE in version control". Actually removing TABLE from version control was forgotten. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
Don't check that the curve appears in the list of acceptable curves for the peer, if they didn't send us such a list (RFC 4492 does not require that the extension be sent). Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Remove {i2d,d2i}_ASN1_BOOLEAN. Rewrite single occurrence of d2i_ASN1_BOOLEAN in asn1_parse2 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Remove old M_ASN1_ macros and replace any occurences with the corresponding function. Remove d2i_ASN1_bytes, d2i_ASN1_SET, i2d_ASN1_SET: no longer used internally. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
In cooperation with Ard Biesheuvel (Linaro) and Sami Tolvanen (Google). Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 22 3月, 2015 1 次提交
-
-
由 Richard Levitte 提交于
Using $t is an artifact from the earlier changes in Configure and was unfortunately forgotten as is. Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 21 3月, 2015 4 次提交
-
-
由 Dr. Stephen Henson 提交于
This tests the unwrap algorithm with an invalid key. The result should be rejected without returning any plaintext. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Richard Godbee 提交于
crypto/modes/wrap128.c was heavily refactored to support AES Key Wrap with Padding, and four bugs were introduced into CRYPTO_128_unwrap() at that time: - crypto_128_unwrap_raw()'s return value ('ret') is checked incorrectly, and the function immediately returns 'ret' in (almost) all cases. This makes the IV checking code later in the function unreachable, but callers think the IV check succeeded since CRYPTO_128_unwrap()'s return value is non-zero. FIX: Return 0 (error) if crypto_128_unwrap_raw() returned 0 (error). - crypto_128_unwrap_raw() writes the IV to the 'got_iv' buffer, not to the first 8 bytes of the output buffer ('out') as the IV checking code expects. This makes the IV check fail. FIX: Compare 'iv' to 'got_iv', not 'out'. - The data written to the output buffer ('out') is "cleansed" if the IV check fails, but the code passes OPENSSL_cleanse() the input buffer length ('inlen') instead of the number of bytes that crypto_128_unwrap_raw() wrote to the output buffer ('ret'). This means that OPENSSL_cleanse() could potentially write past the end of 'out'. FIX: Change 'inlen' to 'ret' in the OPENSSL_cleanse() call. - CRYPTO_128_unwrap() is returning the length of the input buffer ('inlen') instead of the number of bytes written to the output buffer ('ret'). This could cause the caller to read past the end of 'out'. FIX: Return 'ret' instead of 'inlen' at the end of the function. PR#3749 Reviewed-by: NStephen Henson <steve@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Richard Godbee 提交于
Reviewed-by: NStephen Henson <steve@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 20 3月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
Updated test/testssl script to include the new DTLS capability in ssltest. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 David Woodhouse 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-