Fix more potential leaks in X509_verify_cert()
Fix memory leak in ClientHello test
Fix memory leak in gost2814789 test
Fix potential memory leak in PKCS7_verify()
Fix potential memory leaks in X509_add1_reject_object()
Refactor to use "goto err" in cleanup.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
If the seed value for dsa key generation is too short (< qsize),
return an error. Also update the documentation.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Make all mention of digest algorithm use "any supported algorithm"
RT2071, some new manpages from Victor B. Wagner <vitus@cryptocom.ru>:
X509_LOOKUP_hash_dir.pod
X509_check_ca.pod
X509_check_issued.pod
RT 1600:
Remove references to non-existant objects(3)
Add RETURN VALUES to BIO_do_accept page.
RT1818:
RSA_sign Can return values other than 0 on failure.
RT3634:
Fix AES CBC aliases (Steffen Nurpmeso <sdaoden@yandex.com>)
RT3678:
Some clarifications to BIO_new_pair
(Devchandra L Meetei <dlmeetei@gmail.com>)
RT3787:
Fix some EVP_ function return values
(Laetitia Baudoin <lbaudoin@google.com>)
Reviewed-by: Tim Hudson <tjh@openssl.org>
The PACKET should hold a 'const unsigned char*' underneath as well
but the legacy code passes the record buffer around as 'unsigned char*'
(to callbacks, too) so that's a bigger refactor.
Reviewed-by: Matt Caswell <matt@openssl.org>
Previously TLSProxy would detect a successful handshake once it saw the
server Finished message. This causes problems with abbreviated handshakes,
or if the client fails to process a message from the last server flight.
This change additionally sends some application data and finishes when the
client sends a CloseNotify.
Reviewed-by: Tim Hudson <tjh@openssl.org>
A DTLS client will abort a handshake if the server attempts to renew the
session ticket. This is caused by a state machine discrepancy between DTLS
and TLS discovered during the state machine rewrite work.
The bug can be demonstrated as follows:
Start a DTLS s_server instance:
openssl s_server -dtls
Start a client and obtain a session but no ticket:
openssl s_client -dtls -sess_out session.pem -no_ticket
Now start a client reusing the session, but allow a ticket:
openssl s_client -dtls -sess_in session.pem
The client will abort the handshake.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Add DSA tests.
Add tests to verify signatures against public keys. This will also check
that a public key is read in correctly.
Reviewed-by: Ben Laurie <ben@openssl.org>
L<foo|foo> is sub-optimal If the xref is the same as the title,
which is what we do, then you only need L<foo>. This fixes all
1457 occurrences in 349 files. Approximately. (And pod used to
need both.)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Commit 9ceb2426b0 (PACKETise ClientHello) broke session tickets by failing
to detect the session ticket extension in an incoming ClientHello. This
commit fixes the bug.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
- select an actual file handle for devnull
- do not declare $msgdata twice
- SKE records sometimes seem to come without sig
- in SKE parsing, use and use $pub_key_len when parsing $pub_key
Reviewed-by: Matt Caswell <matt@openssl.org>
Enhance the PACKET code readability, and fix a stale comment. Thanks
to Ben Kaduk (bkaduk@akamai.com) for pointing this out.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
