Calling EVP_DigestInit_ex which has already had the digest set up for it
should be possible. You are supposed to be able to pass NULL for the type.
However currently this seg faults.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit a01087027bd0c5ec053d4eabd972bd942bfcd92f)
In the event of an error |rr| could be NULL. Therefore don't assume you can
use |rr| in the error handling code.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 8c5a7b33c6269c3bd6bc0df6b4c22e4fba03b485)
Cleanse various intermediate buffers used by the PRF (backported version
from master).
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 35fafc4dbc0b3a717ad1b208fe2867e8c64867de)
Conflicts:
ssl/s3_enc.c
Ensure all malloc failures return -1.
Reported by Adam Langley (Google).
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 06c6a2b4a3a6e64303caa256398dd2dc16f9c35a)
BIO_debug_callback() no longer assumes the hexadecimal representation of
a pointer fits in 8 characters.
Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 460e920d8a274e27aab36346eeda6685a42c3314)
Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 0b142f022e2c5072295e00ebc11c5b707a726d74)
New function ASN1_STRING_clear_free which cleanses an ASN1_STRING
structure before freeing it.
Call ASN1_STRING_clear_free on PKCS#8 private key components.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a8ae0891d4bfd18f224777aed1fbb172504421f1)
They are moved to the COMPLEMENTOFDEFAULT instead.
This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit f417997a324037025be61737288e40e171a8218c)
Conflicts:
ssl/ssl_ciph.c
This patch uses warning/fatal constants instead of numbers with comments for
warning/alerts in d1_pkt.c and s3_pkt.c
RT#3725
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit fd865cadcb603918bdcfcf44e487721c657a1117)
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 918bb8652969fd53f0c390c1cd909265ed502c7e)
Conflicts:
crypto/bio/bss_dgram.c
Conflicts:
apps/cms.c
apps/s_cb.c
apps/s_server.c
apps/speed.c
crypto/dh/dh_pmeth.c
ssl/s3_pkt.c
The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 437b14b533fe7f7408e3ebca6d5569f1d3347b1a)
Some Cisco appliances use a pre-standard version number for DTLS. We support
this as DTLS1_BAD_VER within the code.
This change fixes d2i_SSL_SESSION for that DTLS version.
Based on an original patch by David Woodhouse <dwmw2@infradead.org>
RT#3704
Reviewed-by: Tim Hudson <tjh@openssl.org>
Conflicts:
ssl/ssl_asn1.c
Conflicts:
ssl/dtls1.h
Fixed various missing return value checks in ssl3_send_newsession_ticket.
Also a mem leak on error.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Conflicts:
ssl/s3_srvr.c
Conflicts:
ssl/s3_srvr.c
When OpenSSL is configured with no-ec, then the new evp_extra_test fails to
pass. This change adds appropriate OPENSSL_NO_EC guards around the code.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit a988036259a4e119f6787b4c585f506226330120)
called evp_test.c, so I have called this one evp_extra_test.c
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Conflicts:
crypto/evp/Makefile
test/Makefile
Conflicts:
test/Makefile
crypto/evp/evp_extra_test.c
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit bcfa19a8d19506c26b5f8d9d9934ca2aa5f96b43)
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 1549a265209d449b6aefd2b49d7d39f7fbe0689b)
The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a
bit too enthusiastically. Windows/DOSish platforms of all sorts get
identified as OPENSSL_SYS_MSDOS, and they get a different treatment
altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the
configuration. The answer is to restore those macro definitions for
the affected configuration targets.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit ba4bdee7184a5cea5bef8739eb360e5c2bc3b52c)
Conflicts:
Configure
The rationale for this move is that TERMIOS is default, supported by
POSIX-1.2001, and most definitely on Linux. For a few other systems,
TERMIO may still be the termnial interface of preference, so we keep
-DTERMIO on those in Configure.
crypto/ui/ui_openssl.c is simplified in this regard, and will define
TERMIOS for all systems except a select few exceptions.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 64e6bf64b36136d487e2fbf907f09612e69ae911)
Conflicts:
Configure
crypto/ui/ui_openssl.c
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 1d2932de4cefcc200f175863a42c311916269981)
Free up bio_err after memory leak data has been printed to it.
In int_free_ex_data if ex_data is NULL there is nothing to free up
so return immediately and don't reallocate it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 9c7a780bbebc1b6d87dc38a6aa3339033911a8bb)
use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs
to be the default.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit f4002412518703d07fee321d4c88ee0bbe1694fe)
Conflicts:
apps/s_client.c
apps/s_server.c
