aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Constify (X509|X509V3|X509_CRL|X509_REVOKED)_get_ext_d2i ...FdaSilvaYY2016-07-255-12/+12
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify i2s_ASN1_INTEGER, X509V3_get_d2iFdaSilvaYY2016-07-252-2/+2
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify input parameters of methods :FdaSilvaYY2016-07-256-14/+14
| | | | | | | | - X509_NAME_entry_count, X509_ATTRIBUTE_count - X509_NAME_add_entry_by_OBJ, X509_NAME_ENTRY_create_by_OBJ, X509_NAME_ENTRY_set_object Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Enforce and explicit some const castingFdaSilvaYY2016-07-254-5/+5
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify i2t_ASN1_OBJECT, i2d_ASN1_OBJECT, i2a_ASN1_OBJECT.FdaSilvaYY2016-07-253-7/+7
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify ASN1_buf_printFdaSilvaYY2016-07-252-2/+2
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify ASN1_TYPE_get, ASN1_STRING_type, ASN1_STRING_to_UTF8, ↵FdaSilvaYY2016-07-258-15/+15
| | | | | | | ASN1_TYPE_get_octetstring & co... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify SXNET_add_id_*FdaSilvaYY2016-07-252-9/+9
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify EC_KEY_*_oct2priv() input bufferFdaSilvaYY2016-07-255-8/+9
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify CMS_decrypt_set1_key input bufferFdaSilvaYY2016-07-252-2/+2
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify engine/eng_cnf.c internal method.FdaSilvaYY2016-07-252-12/+13
| | | | | | | simplify and reindent some related code. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Fix no-tls1_2Matt Caswell2016-07-253-4/+5
| | | | | | Misc fixes impacting no-tls1_2. Also fixes no-dtls1_2. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix no-dtls*Matt Caswell2016-07-251-5/+4
| | | | | | Also fixes some other options like no-dgram and no-sock. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix no-ctMatt Caswell2016-07-252-3/+14
| | | | | | Ensure that we don't build/run the ct fuzzing code if no-ct is used. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add EVP_ENCODE_CTX_copyJakub Zelenka2016-07-244-4/+18
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1344)
* Add missing X509_set_proxy_flag numJakub Zelenka2016-07-241-0/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1343)
* Properly initialise the internal proxy certificate path length cacheRichard Levitte2016-07-231-0/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Make it possible for external code to flag a certificate as a proxy one.Richard Levitte2016-07-233-3/+14
| | | | | | | This adds the function X509_set_proxy_flag(), which sets the internal flag EXFLAG_PROXY on a given X509 structure. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Correct misspelt OPENSSL_NO_SRPRichard Levitte2016-07-231-1/+1
| | | | | | RT#4619 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Use newest CRL.Dr. Stephen Henson2016-07-221-6/+14
| | | | | | | | | If two CRLs are equivalent then use the one with a later lastUpdate field: this will result in the newest CRL available being used. RT#4615 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Send alert for bad DH CKEDr. Stephen Henson2016-07-221-6/+1
| | | | | | RT#4511 Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix OOB read in TS_OBJ_print_bio().Dr. Stephen Henson2016-07-221-3/+2
| | | | | | | | | | | | | TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result as a null terminated buffer. The length value returned is the total length the complete text reprsentation would need not the amount of data written. CVE-2016-2180 Thanks to Shi Lei for reporting this bug. Reviewed-by: Matt Caswell <matt@openssl.org>
* SSL tests: compress generated output a littleEmilia Kasper2016-07-228-462/+160
| | | | | | | Don't emit duplicate server/client sections when they are identical. Instead, just point to the same section. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Make boolean SSL test conf values case-insensitiveEmilia Kasper2016-07-222-4/+4
| | | | | | | Undo review mistake: I changed the wrong strcmp in a previous pull request. Add test. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Clarify digest change in HMAC_Init_ex()Dr. Stephen Henson2016-07-221-7/+11
| | | | | | RT#4603 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add mask for newly created symlink.Dr. Stephen Henson2016-07-221-0/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Check suffixes properly.Dr. Stephen Henson2016-07-221-2/+4
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* use correct name for duplicateDr. Stephen Henson2016-07-221-2/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Have load_buildtin_compression in ssl/ssl_ciph.c return RUN_ONCE resultRichard Levitte2016-07-221-3/+8
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* VMS: Rearrange installation targets for shared librariesRichard Levitte2016-07-221-18/+22
| | | | | | | | | The way it was implemented before this change, the shared libraries were installed twice. On a file system that supports file generations, that's a waste. Slightly rearranging the install targets solves the problem. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Test client-side resumptionEmilia Kasper2016-07-219-13/+1352
| | | | | | | | | Add tests for resuming with a different client version. This happens in reality when clients persist sessions on disk through upgrades. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add all publicly avaiable asn1 types to the asn1 fuzzer.Kurt Roeckx2016-07-201-1/+108
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1331
* Cast to an unsigned type before negatingKurt Roeckx2016-07-202-2/+2
| | | | | | | | | | | llvm's ubsan reported: runtime error: negation of -9223372036854775808 cannot be represented in type 'long'; cast to an unsigned type to negate this value to itself Found using afl Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1325
* Check for errors allocating the error strings.Kurt Roeckx2016-07-2065-108/+149
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #1330
* Don't allocate r/s in DSA_SIG and ECDSA_SIGDr. Stephen Henson2016-07-208-2/+50
| | | | | | | | | To avoid having to immediately free up r/s when setting them don't allocate them automatically in DSA_SIG_new() and ECDSA_SIG_new(). RT#4590 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Install shared libraries in runtime installRichard Levitte2016-07-202-3/+19
| | | | | | | | On non-Windows platforms, shared libraries are both development and runtime files. We only installed them as development files, this makes sure they get installed as runtime files as well. Reviewed-by: Rich Salz <rsalz@openssl.org>
* VMS: fix typo, shared libraries have the extension .EXE, not .OLBRichard Levitte2016-07-201-1/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Never expose ssl->bbio in the public API.Matt Caswell2016-07-202-60/+58
| | | | | | | | | | | | | | | | | | | | | | | | | | | This is adapted from BoringSSL commit 2f87112b963. This fixes a number of bugs where the existence of bbio was leaked in the public API and broke things. - SSL_get_wbio returned the bbio during the handshake. It must always return the BIO the consumer configured. In doing so, some internal accesses of SSL_get_wbio should be switched to ssl->wbio since those want to see bbio. - The logic in SSL_set_rfd, etc. (which I doubt is quite right since SSL_set_bio's lifetime is unclear) would get confused once wbio got wrapped. Those want to compare to SSL_get_wbio. - If SSL_set_bio was called mid-handshake, bbio would get disconnected and lose state. It forgets to reattach the bbio afterwards. Unfortunately, Conscrypt does this a lot. It just never ended up calling it at a point where the bbio would cause problems. - Make more explicit the invariant that any bbio's which exist are always attached. Simplify a few things as part of that. RT#4572 Reviewed-by: Richard Levitte <levitte@openssl.org>
* SSL test framework: port resumption testsEmilia Kasper2016-07-2020-85/+1330
| | | | | | | | | | Systematically test every server-side version downgrade or upgrade. Client version upgrade or downgrade could be tested analogously but will be done in a later change. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* fix crypto-mdebug buildDr. Stephen Henson2016-07-201-2/+11
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix if/for/while( in docsFdaSilvaYY2016-07-209-33/+35
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1292)
* Fix a few if(, for(, while( inside code.FdaSilvaYY2016-07-2022-197/+201
| | | | | | | Fix some indentation at the same time Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1292)
* Remove reduntant X509_STORE_CTX_set_verify_cb declarationHannes Magnusson2016-07-201-2/+0
| | | | | | | f0e0fd51fd8307f6eae64862ad9aaea113f1177a added X509_STORE_CTX_set_verify_cb with a typedef'd argument, making the original one redundant. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Simplify buffer limit checking, and reuse BIO_snprintf returned value.FdaSilvaYY2016-07-201-12/+14
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1284)
* Code factorisation and simplificationFdaSilvaYY2016-07-203-70/+53
| | | | | | | Fix some code indentation Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1284)
* Fix double calls to strlenFdaSilvaYY2016-07-203-15/+26
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1284)
* Simplify code related to tmp_email_dn.FdaSilvaYY2016-07-201-6/+6
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1284)
* Use more X509_REQ_get0_pubkey & X509_get0_pubkeyFdaSilvaYY2016-07-203-12/+9
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1284)
* OCSP_request_add0_id() inconsistent error returnTodd Short2016-07-201-1/+3
| | | | | | | | | | | | | There are two failure cases for OCSP_request_add_id(): 1. OCSP_ONEREQ_new() failure, where |cid| is not freed 2. sk_OCSP_ONEREQ_push() failure, where |cid| is freed This changes makes the error behavior consistent, such that |cid| is not freed when sk_OCSP_ONEREQ_push() fails. OpenSSL only takes ownership of |cid| when the function succeeds. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1289)
* Sanity check in ssl_get_algorithm2().Dr. Stephen Henson2016-07-201-1/+4
| | | | | | RT#4600 Reviewed-by: Rich Salz <rsalz@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-29 04:46:17 +0000