Adam Langley
ec1af3c419
Don't set client_version to the ServerHello version.
...
The client_version needs to be preserved for the RSA key exchange.
This change also means that renegotiation will, like TLS, repeat the old
client_version rather than advertise only the final version. (Either way,
version change on renego is not allowed.) This is necessary in TLS to work
around an SChannel bug, but it's not strictly necessary in DTLS.
(From BoringSSL)
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-16 14:44:17 +00:00
Matt Caswell
db812f2d70
Add more meaningful OPENSSL_NO_ECDH error message for suite b mode
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-16 14:14:09 +00:00
Matt Caswell
ad500fdc49
Rename gost2814789t.c to gost2814789test.c. The old name caused problems
...
for dummytest if gost is compiled out, since the name of the test is not
standard (dummytest segfaults). Also the old name caused problems for git
because the executable was not in the .gitignore file
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-16 14:14:03 +00:00
Matt Caswell
fd86c2b153
Add missing OPENSSL_NO_EC guards
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-16 14:13:56 +00:00
Matt Caswell
af6e2d51bf
Add OPENSSL_NO_ECDH guards
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-16 14:13:45 +00:00
Matt Caswell
55e530265a
Remove extraneous white space, and add some braces
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-16 00:00:25 +00:00
Matt Caswell
1904d21123
DTLS fixes for signed/unsigned issues
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-15 23:59:50 +00:00
Rich Salz
129c81b951
RT3497: The ticket that keeps on giving.
...
Don't remove c_rehash that wasn't created by make; this script
is created by configure.
This fix brought to you by the letter "f" and
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-12-15 12:26:02 -05:00
Kurt Roeckx
995207bedc
Allow using -SSLv2 again when setting Protocol in the config.
...
RT#3625
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-15 18:09:53 +01:00
Rich Salz
56999ba589
RT3497: Fix; don't remove header files
...
Doing 'config ; make clean' broke because clean removed
header files that normal build didn't create. So don't
remove those files. Hopefully will be better addressed by
Geoff's no-symlinks patch.
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-15 09:18:11 -05:00
Emilia Kasper
9669d2e1ad
Fix unused variable warning
...
The temporary variable causes unused variable warnings in opt mode with clang,
because the subsequent assert is compiled out.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-15 13:12:44 +01:00
Matt Caswell
24097938ad
Fixed memory leak if BUF_MEM_grow fails
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2014-12-13 00:02:20 +00:00
Rich Salz
c3f22253b1
RT1688: Add dependencies for parallel make
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-12-12 13:17:51 -05:00
Matt Caswell
fd0ba77717
make update
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-11 23:52:47 +00:00
Rich Salz
e03af1789f
Minor doc fixes.
...
In EVP_EncryptInit remove duplicate mention of EVP_idea_cbc()
In EVP_PKEY_CTX_ctrl.pod remove EVP_PKEY_get_default_digest_nid
since it is documented elsewhere.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-11 17:05:57 -05:00
Rich Salz
5ab65c50ef
RT3497: Clean up "dclean" targets
...
Some Makefiles had actions for "dclean" that really belonged
to the "clean" target. This is wrong because clean ends up,
well, not really cleaning everything.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-11 17:01:16 -05:00
Rich Salz
5cf37957fb
RT3543: Remove #ifdef LINT
...
I also replaced some exit/return wrappers in various
programs (from main) to standardize on return.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-10 17:31:04 -05:00
Rich Salz
a4a934119d
Remove old private pod2man
...
Include Richard's point to remove the 'sh -c' wrapper
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-10 17:10:59 -05:00
Kurt Roeckx
5b17b79a89
capi_ctrl, capi_vtrace: check for NULL after allocating and free it
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10 18:35:18 +01:00
Jonas Maebe
3a7581bf5a
tree_print: check for NULL after allocating err
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10 18:35:18 +01:00
Jonas Maebe
288b4e4f8f
tls1_heartbeat: check for NULL after allocating buf
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10 18:35:18 +01:00
Jonas Maebe
c27dc3981c
tls1_process_heartbeat: check for NULL after allocating buffer
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10 18:35:18 +01:00
Jonas Maebe
fed5b55252
SSL_set_session: check for NULL after allocating s->kssl_ctx->client_princ
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10 18:35:18 +01:00
Jonas Maebe
e9e688effb
serverinfo_process_buffer: check result of realloc(ctx->cert->key->serverinfo) and don't leak memory if it fails
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10 18:35:17 +01:00
Jonas Maebe
bf8e7047aa
ssl3_digest_cached_records: check for NULL after allocating s->s3->handshake_dgst
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10 18:35:17 +01:00
Jonas Maebe
9052ffda91
ssl3_get_certificate_request: check for NULL after allocating s->cert->ctypes
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10 18:35:17 +01:00
Jonas Maebe
d00b1d62d6
SSL_COMP_add_compression_method: exit if allocating the new compression method struct fails
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-10 18:35:17 +01:00
Matt Caswell
02a62d1a4a
Move bn internal functions into bn_int.h and bn_lcl.h
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:42 +00:00
Matt Caswell
e35af275d5
Update documentation following BN opaquify
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:36 +00:00
Matt Caswell
1939187922
Make bn opaque
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:27 +00:00
Matt Caswell
348d0d148a
Update apps for bn opaque change
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:19 +00:00
Matt Caswell
29e7a56d54
Disable engines that will fail to build when bn is made opaque
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:12 +00:00
Matt Caswell
2cbc8d7de5
Implement internally opaque bn access from ts
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:07 +00:00
Matt Caswell
aeb556f831
Implement internally opaque bn access from srp
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:02 +00:00
Matt Caswell
18125f7f55
Implement internally opaque bn access from rsa
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:57 +00:00
Matt Caswell
68c29f61a4
Implement internally opaque bn access from evp
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:52 +00:00
Matt Caswell
5784a52145
Implement internally opaque bn access from ec
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:47 +00:00
Matt Caswell
c0d4390194
Implement internally opaque bn access from dsa
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:41 +00:00
Matt Caswell
829ccf6ab6
Implement internally opaque bn access from dh
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:32 +00:00
Matt Caswell
76b2a02274
Implement internally opaque bn access from asn1
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:26 +00:00
Matt Caswell
7a5233118c
Prepare exptest for bn opaquify
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:19 +00:00
Matt Caswell
85bcf27ccc
Prepare for bn opaquify. Implement internal helper functions.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:12 +00:00
Matt Caswell
dd703de022
Remove internal bn dependancies from speed.c
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:39:38 +00:00
Geoff Thorpe
e52a3c3d14
Include <openssl/foo.h> instead of "foo.h"
...
Exported headers shouldn't be included as "foo.h" by code from the same
module, it should only do so for module-internal headers. This is
because the symlinking of exported headers (from include/openssl/foo.h
to crypto/foo/foo.h) is being removed, and the exported headers are
being moved to the include/openssl/ directory instead.
Change-Id: I4c1d80849544713308ddc6999a549848afc25f94
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-08 14:21:35 -05:00
Matt Caswell
41bf250130
Fixed memory leak in the event of a failure of BUF_MEM_grow
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-08 16:43:25 +00:00
Matt Caswell
76e6509085
Fix memory leak in SSL_new if errors occur.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-08 16:42:59 +00:00
Dr. Stephen Henson
7bca0a1db5
Remove fips directories from mkfiles.pl
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 14:01:47 +00:00
Dr. Stephen Henson
71a5f534f1
Remove references to deleted fips directory from Makefile.org
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
73e45b2dd1
remove OPENSSL_FIPSAPI
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
b2ecc05a9a
remove FIPS_*_SIZE_T
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00