If the client sends a status_request extension in the ClientHello
and the server responds with a status_request extension in the
ServerHello then normally the server will also later send a
CertificateStatus message. However this message is *optional* even
if the extensions were sent. This adds a test to ensure that if
the extensions are sent then we can still omit the message.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
When it's the last item that is removed int_thread_hash == hash and we would
still call int_thread_release(&hash) while hash is already freed. So
int_thread_release would compare that dangling pointer to NULL which is
undefined behaviour. Instead do already what int_thread_release() would do,
and make the call do nothing instead.
Reviewed-by: Rich Salz <rsalz@openssl.org>
RT: #4155, MR: #1519
When EC is disabled, and an error occurs in ssl_generate_master_secret()
or RAND_bytes(), the error path does not free rsa_decrypt.
RT#4197
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
DTLS cookie generation and verification were exact copies of each
other save the last few lines. This refactors them to avoid code
copying.
Reviewed-by: Matt Caswell <matt@openssl.org>
After the recent change to use ossl_inline, builds were failing on some
platforms due to a missing usage of "inline".
Reviewed-by: Richard Levitte <levitte@openssl.org>
Add macro ossl_inline for use in public headers where a portable inline
is required. Change existing inline to use ossl_inline
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
This adds support for SSL/TLS configuration using configuration modules.
Sets of command value pairs are store and can be replayed through an
SSL_CTX or SSL structure using SSL_CTX_config or SSL_config.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rename to OPENSSL_mem_debug_{push,pop}.
Remove simple calls; keep only calls used in recursive functions.
Ensure we always push, to simplify so that we can always pop
Reviewed-by: Richard Levitte <levitte@openssl.org>
Just like *_clear_free routines. Previously undocumented, used
a half-dozen times within OpenSSL source.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Some URLs in the source code ended up getting mangled by indent. This fixes
it. Based on a patch supplied by Arnaud Lacombe <al@aerilon.ca>
Reviewed-by: Richard Levitte <levitte@openssl.org>
SSL_CIPHER_description() was returning "unknown" for the encryption
in the new ChaCha20/Poly1305 TLS ciphersuites.
RT#4183
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.
Reviewed-by: Tim Hudson <tjh@openssl.org>
