| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1 && m@/\* .*\.[ch] \*/@;
close ARGV if eof; # Close file to reset $.
And then some hand-editing of other files.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
|
|
|
|
|
|
|
|
| |
Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
|
|
|
|
|
| |
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require
any code changes).
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
|
|
|
| |
Given the pervasive nature of TLS extensions it is inadvisable to run
OpenSSL without support for them. It also means that maintaining
the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
not well tested). Therefore it is being removed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
|
|
|
| |
Remove RFC2712 Kerberos support from libssl. This code and the associated
standard is no longer considered fit-for-purpose.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
| |
Signed-off-by: mancha security <mancha1@zoho.com>
Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
|
|
|
|
|
| |
There were a dozen-plus instances of this construct:
if (0) { label: ..... }
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
|
|
|
|
| |
Don't check for NULL before calling OPENSSL_free
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
|
|
|
| |
PR#3790
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
| |
Complete reimplementation of d2i_SSL_SESSION and i2d_SSL_SESSION using
new ASN.1 code and eliminating use of old ASN.1 macros.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some Cisco appliances use a pre-standard version number for DTLS. We support
this as DTLS1_BAD_VER within the code.
This change fixes d2i_SSL_SESSION for that DTLS version.
Based on an original patch by David Woodhouse <dwmw2@infradead.org>
RT#3704
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When writing out the hint, if the hint > 0, then we write it out otherwise
we skip it.
Previously when reading the hint back in, if were expecting to see one
(because the ticket length > 0), but it wasn't present then we set the hint
to -1, otherwise we set it to 0. This fails to set the hint to the same as
when it was written out.
The hint should never be negative because the RFC states the hint is
unsigned. It is valid for a server to set the hint to 0 (this means the
lifetime is unspecified according to the RFC). If the server set it to 0, it
should still be 0 when we read it back in.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
|
|
|
|
|
| |
Add a "flags" field to SSL_SESSION. This will contain various flags
such as encrypt-then-mac and extended master secret support.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
|
|
| |
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
|
|
|
|
| |
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
is picked up.
|
| |
|
|
|
|
|
|
| |
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Make session tickets work with DTLS.
|
|
|
|
|
|
| |
of when a session is loaded. This will mean that applications that
just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION()
will still work.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Submitted by: "Alexei Khlebnikov" <alexei.khlebnikov@opera.com>
Approved by: steve@openssl.org
Avoid memory leak and fix error reporting in d2i_SSL_SESSION(). NB: although
the ticket mentions buffer overruns this isn't a security issue because
the SSL_SESSION structure is generated internally and it should never be
possible to supply its contents from an untrusted application (this would
among other things destroy session cache security).
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
for OpenSSL.
|
|
|
|
|
| |
of the session -- we don't really need it once the handshake
has completed.
|
|
|
|
| |
Submitted by: Douglas Stebila
|
|
|
|
| |
Submitted by: Douglas Stebila
|
| |
|
|
|
|
| |
Submitted by: Douglas Stebila
|
|
|
|
|
|
| |
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
|
| |
|
|
|
|
| |
Submitted by: Peter Sylvester
|
| |
|
|
|
|
| |
Avoid more shadow warnings.
|
|
|
|
| |
PR: 658
|
| |
|
| |
|
|
|
|
|
| |
Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
|
|
|
|
|
|
|
|
|
|
| |
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
|