aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Convert X509_CRL* functions to use const gettersMatt Caswell2016-08-179-20/+23
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Make X509_NAME_get0_der() conform to OpenSSL styleMatt Caswell2016-08-173-6/+6
| | | | | | | Put the main object first in the params list. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Corrupt signature in place.Dr. Stephen Henson2016-08-175-18/+8
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Convert OCSP* functions to use const gettersMatt Caswell2016-08-173-9/+8
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Constify private key decode.Dr. Stephen Henson2016-08-1711-20/+20
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* constify X509_ALGOR_get0()Dr. Stephen Henson2016-08-1710-32/+32
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Constify ASN1_item_unpack().Dr. Stephen Henson2016-08-172-2/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add missing session id and tlsext_status accessorsRemi Gacogne2016-08-179-0/+136
| | | | | | | | | | * SSL_SESSION_set1_id() * SSL_SESSION_get0_id_context() * SSL_CTX_get_tlsext_status_cb() * SSL_CTX_get_tlsext_status_arg() Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* dasync is an internal testing engine, so don't install itRichard Levitte2016-08-172-6/+6
| | | | | | | Unfortunately, it means that the VMS IVP gets a bit crippled. This will be fixed later on. Reviewed-by: Matt Caswell <matt@openssl.org>
* VMS: no ENDIF on one line IF statements, in config.comRichard Levitte2016-08-171-1/+0
| | | | | | Correct small error from last config.com change Reviewed-by: Matt Caswell <matt@openssl.org>
* Convert SSL_SESSION* functions to use const gettersMatt Caswell2016-08-164-4/+4
| | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Convert PKCS8* functions to use const gettersMatt Caswell2016-08-165-6/+10
| | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Convert TS_STATUS_INFO* functions to use const gettersMatt Caswell2016-08-162-6/+9
| | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* two typo fixesFdaSilvaYY2016-08-162-2/+2
| | | | | Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1461)
* Fix compilation when using MASM on x86Gergely Nagy2016-08-161-1/+1
| | | | | | | | The generated asm code from x86cpuid.pl contains CMOVE instructions which are only available on i686 and later CPUs. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1459)
* Provide compat macros for SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto()Matt Caswell2016-08-161-0/+2
| | | | | | | | | | | These functions are no longer relevant to 1.1.0 (we always have auto ecdh on) - but no reason to break old code that tries to call it. The macros will only return a dummy "success" result if the app was trying to enable ecdh. Disabling can't be done in quite this way any more. Fixes Github Issue #1437 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Ensure we unpad in constant time for read pipeliningMatt Caswell2016-08-161-3/+9
| | | | | | | The read pipelining code broke constant time unpadding. See GitHub issue #1438 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Corrupt signature earlier.Dr. Stephen Henson2016-08-162-14/+15
| | | | | | | If -badsig is selected corrupt the signature before printing out any details so the output reflects the modified signature. Reviewed-by: Rich Salz <rsalz@openssl.org>
* make updateDr. Stephen Henson2016-08-161-1/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().Dr. Stephen Henson2016-08-1625-40/+73
| | | | | | | | Deprecate the function ASN1_STRING_data() and replace with a new function ASN1_STRING_get0_data() which returns a constant pointer. Update library to use new function. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove duplicate ordinalsRichard Levitte2016-08-161-3/+0
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* ARMv8 assembly pack: add Samsung Mongoose results.Andy Polyakov2016-08-167-0/+7
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Configure: recognize -static as link option and disable incompatible options.Andy Polyakov2016-08-161-0/+7
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* test/ssl_test.tmpl: make it work with elderly perl.Andy Polyakov2016-08-161-5/+5
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix satsub64be() to unconditionally use 64-bit integersDavid Woodhouse2016-08-162-68/+21
| | | | | | | Now we support (u)int64_t this can be very much simpler. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* SSL tests: send some application dataEmilia Kasper2016-08-165-87/+284
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add a "config" for verbosity and use it with TravisRichard Levitte2016-08-163-29/+38
| | | | | | Modify VMS config.com to match Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Make "make" less verbose in Travis, except for the build only caseRichard Levitte2016-08-161-4/+9
| | | | Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Limit reads in do_b2i_bio()Dr. Stephen Henson2016-08-161-0/+7
| | | | | | | | | Apply a limit to the maximum blob length which can be read in do_d2i_bio() to avoid excessive allocation. Thanks to Shi Lei for reporting this. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Check for errors in a2d_ASN1_OBJECT()Dr. Stephen Henson2016-08-161-2/+6
| | | | | | Check for error return in BN_div_word(). Reviewed-by: Tim Hudson <tjh@openssl.org>
* Check for errors in BN_bn2dec()Dr. Stephen Henson2016-08-161-1/+7
| | | | | | | | | | | | | | | If an oversize BIGNUM is presented to BN_bn2dec() it can cause BN_div_word() to fail and not reduce the value of 't' resulting in OOB writes to the bn_data buffer and eventually crashing. Fix by checking return value of BN_div_word() and checking writes don't overflow buffer. Thanks to Shi Lei for reporting this bug. CVE-2016-2182 Reviewed-by: Tim Hudson <tjh@openssl.org>
* Avoid truncating the pointer on x32 platform.Tomas Mraz2016-08-151-5/+9
| | | | | | | | The 64 bit pointer must not be cast to 32bit unsigned long on x32 platform. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Add a comment for the added cast with explanation.Tomas Mraz2016-08-151-0/+4
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix af_alg engine failure on 32 bit architectures.Tomas Mraz2016-08-151-1/+1
| | | | | | | | Add extra cast to unsigned long to avoid sign extension when converting pointer to 64 bit data. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Remove a stray unneeded line in 70-test_sslrecords.tMatt Caswell2016-08-151-1/+0
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Address feedback on SSLv2 ClientHello processingMatt Caswell2016-08-153-14/+6
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Add some SSLv2 ClientHello testsMatt Caswell2016-08-154-7/+228
| | | | | | Test that we handle a TLS ClientHello in an SSLv2 record correctly. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Send an alert if we get a non-initial record with the wrong versionMatt Caswell2016-08-151-3/+11
| | | | | | | If we receive a non-initial record but the version number isn't right then we should send an alert. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Address feedback on SSLv2 ClientHello processingMatt Caswell2016-08-154-7/+13
| | | | | | | | | | | | | Feedback on the previous SSLv2 ClientHello processing fix was that it breaks layering by reading init_num in the record layer. It also does not detect if there was a previous non-fatal warning. This is an alternative approach that directly tracks in the record layer whether this is the first record. GitHub Issue #1298 Reviewed-by: Tim Hudson <tjh@openssl.org>
* Replaces CT_POLICY_EVAL_CTX_set0 entries with new setters in libcrypto.numRob Percival2016-08-151-3/+3
| | | | | Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1408)
* Make CT_POLICY_EVAL_CTX_set1_{cert,issuer} into boolean functionsRob Percival2016-08-152-10/+22
| | | | | | | | | They may fail if they cannot increment the reference count of the certificate they are storing a pointer for. They should return 0 if this occurs. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1408)
* Improves CTLOG_STORE settersRob Percival2016-08-155-21/+29
| | | | | | | | Changes them to have clearer ownership semantics, as suggested in https://github.com/openssl/openssl/pull/1372#discussion_r73232196. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1408)
* Skip the SRP tests in 80-test_ssl_old.t if no TLS versions is enabledRichard Levitte2016-08-151-1/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix no-ecDr. Stephen Henson2016-08-154-28/+40
| | | | | | | Fix no-ec builds by having separate functions to create keys based on an existing EVP_PKEY and a curve id. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Never return -1 from BN_expJakub Zelenka2016-08-141-4/+4
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1455)
* update CHANGESDr. Stephen Henson2016-08-131-12/+6
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* add documentationDr. Stephen Henson2016-08-132-0/+12
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Print out names of other temp key algorithms.Dr. Stephen Henson2016-08-131-0/+4
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove old EC based X25519 code.Dr. Stephen Henson2016-08-134-344/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Modify TLS support for new X25519 API.Dr. Stephen Henson2016-08-135-43/+66
| | | | | | | | When handling ECDH check to see if the curve is "custom" (X25519 is currently the only curve of this type) and instead of setting a curve NID just allocate a key of appropriate type. Reviewed-by: Rich Salz <rsalz@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-23 07:42:13 +0000