summaryrefslogtreecommitdiff
path: root/ssl/ssl_asn1.c
Commit message (Collapse)AuthorAgeFilesLines
* ASN.1: adapt SSL_SESSION_ASN1 by explicitely embedding INTxx et alRichard Levitte2017-04-131-7/+7
| | | | | | Fixes #3191 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3200)
* Convert SSL_SESSION_ASN1 to use size specific integersRichard Levitte2017-04-041-16/+16
| | | | | | | | | This increases portability of SSL_SESSION files between architectures where the size of |long| may vary. Before this, SSL_SESSION files produced on a 64-bit long architecture may break on a 32-bit long architecture. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3120)
* Fix i2d_SSL_SESSION pp output parameter should point to end of asn1 data.Bernd Edlinger2017-02-221-2/+2
| | | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2607) (cherry picked from commit a0179d0afb621a0875ddcfd939719a9628ac4444)
* Indent ssl/Emilia Kasper2016-08-181-1/+1
| | | | | | | | | Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Copyright consolidation 01/10Rich Salz2016-05-171-54/+7
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Remove /* foo.c */ commentsRich Salz2016-01-261-1/+0
| | | | | | | | | | | | This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Rename some BUF_xxx to OPENSSL_xxxRich Salz2015-12-161-2/+2
| | | | | | | | | Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} Add #define's for the old names. Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Enable -Wmissing-variable-declarations andBen Laurie2015-09-111-1/+1
| | | | | | | -Wincompatible-pointer-types-discards-qualifiers (the latter did not require any code changes). Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove support for OPENSSL_NO_TLSEXTMatt Caswell2015-05-221-14/+0
| | | | | | | | | | Given the pervasive nature of TLS extensions it is inadvisable to run OpenSSL without support for them. It also means that maintaining the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably not well tested). Therefore it is being removed. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove Kerberos support from libsslMatt Caswell2015-05-131-22/+0
| | | | | | | Remove RFC2712 Kerberos support from libssl. This code and the associated standard is no longer considered fit-for-purpose. Reviewed-by: Rich Salz <rsalz@openssl.org>
* ssl/ssl_asn1.c: Fix typo introduced via cc5b6a03a320f1mancha security2015-05-051-1/+1
| | | | | | Signed-off-by: mancha security <mancha1@zoho.com> Signed-off-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Remove goto inside an if(0) blockRich Salz2015-05-011-4/+0
| | | | | | | There were a dozen-plus instances of this construct: if (0) { label: ..... } Reviewed-by: Tim Hudson <tjh@openssl.org>
* free null cleanup finaleRich Salz2015-05-011-4/+2
| | | | | | Don't check for NULL before calling OPENSSL_free Reviewed-by: Richard Levitte <levitte@openssl.org>
* The wrong ifdef is used to guard usage of PSK codeKurt Cancemi2015-04-101-1/+1
| | | | | | | PR#3790 Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Rewrite ssl_asn1.c using new ASN.1 code.Dr. Stephen Henson2015-04-031-439/+275
| | | | | | | Complete reimplementation of d2i_SSL_SESSION and i2d_SSL_SESSION using new ASN.1 code and eliminating use of old ASN.1 macros. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix d2i_SSL_SESSION for DTLS1_BAD_VERMatt Caswell2015-02-271-1/+3
| | | | | | | | | | | | | Some Cisco appliances use a pre-standard version number for DTLS. We support this as DTLS1_BAD_VER within the code. This change fixes d2i_SSL_SESSION for that DTLS version. Based on an original patch by David Woodhouse <dwmw2@infradead.org> RT#3704 Reviewed-by: Tim Hudson <tjh@openssl.org>
* Correct reading back of tlsext_tick_lifetime_hint from ASN1.Matt Caswell2015-02-101-3/+1
| | | | | | | | | | | | | | | | | When writing out the hint, if the hint > 0, then we write it out otherwise we skip it. Previously when reading the hint back in, if were expecting to see one (because the ticket length > 0), but it wasn't present then we set the hint to -1, otherwise we set it to 0. This fails to set the hint to the same as when it was written out. The hint should never be negative because the RFC states the hint is unsigned. It is valid for a server to set the hint to 0 (this means the lifetime is unspecified according to the RFC). If the server set it to 0, it should still be 0 when we read it back in. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Add flags field to SSL_SESSION.Dr. Stephen Henson2015-02-031-0/+23
| | | | | | | Add a "flags" field to SSL_SESSION. This will contain various flags such as encrypt-then-mac and extended master secret support. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Run util/openssl-format-source -v -c .Matt Caswell2015-01-221-472/+463
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Remove SSLv2 supportKurt Roeckx2014-12-041-45/+6
| | | | | | The only support for SSLv2 left is receiving a SSLv2 compatible client hello. Reviewed-by: Richard Levitte <levitte@openssl.org>
* fix coverity issue 966597 - error line is not always initialisedTim Hudson2014-05-071-0/+4
|
* Version skew reduction: trivia (I hope).Ben Laurie2012-06-031-1/+0
|
* Use correct tag for SRP username.Dr. Stephen Henson2011-10-251-1/+1
|
* Fix d2i_SSL_SESSION.Bodo Möller2011-09-051-0/+13
|
* Add SRP support.Ben Laurie2011-03-121-0/+37
|
* Include openssl/crypto.h first in several other files so FIPS renamingDr. Stephen Henson2011-02-161-0/+1
| | | | is picked up.
* Fix warnings.Ben Laurie2010-06-121-2/+1
|
* PR: 2160Dr. Stephen Henson2010-02-011-2/+2
| | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Make session tickets work with DTLS.
* Generate stateless session ID just after the ticket is received insteadDr. Stephen Henson2009-10-301-26/+0
| | | | | | of when a session is loaded. This will mean that applications that just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION() will still work.
* Fix statless session resumption so it can coexist with SNIDr. Stephen Henson2009-10-301-6/+13
|
* PR: 2009Dr. Stephen Henson2009-09-021-4/+4
| | | | | | | | | | | Submitted by: "Alexei Khlebnikov" <alexei.khlebnikov@opera.com> Approved by: steve@openssl.org Avoid memory leak and fix error reporting in d2i_SSL_SESSION(). NB: although the ticket mentions buffer overruns this isn't a security issue because the SSL_SESSION structure is generated internally and it should never be possible to supply its contents from an untrusted application (this would among other things destroy session cache security).
* Update from 1.0.0-stable.Dr. Stephen Henson2009-08-051-1/+2
|
* Update from 0.9.8-stableDr. Stephen Henson2009-06-301-1/+34
|
* Aftermath of a clashing size_t fix (now only format changes).Ben Laurie2008-11-131-1/+1
|
* Revert the size_t modifications from HEAD that had led to moreGeoff Thorpe2008-11-121-1/+1
| | | | | | knock-on work than expected - they've been extracted into a patch series that can be completed elsewhere, or in a different branch, before merging back to HEAD.
* More size_tification.Ben Laurie2008-11-011-1/+1
|
* Some precautions to avoid potential security-relevant problems.Bodo Möller2008-09-141-1/+1
|
* Fix from stable branch.Dr. Stephen Henson2007-10-171-5/+8
|
* Fix warning and make no-tlsext work.Dr. Stephen Henson2007-08-121-1/+4
|
* RFC4507 (including RFC4507bis) TLS stateless session resumption supportDr. Stephen Henson2007-08-111-7/+62
| | | | for OpenSSL.
* Remove ECC extension information from external representationBodo Möller2006-04-051-64/+5
| | | | | of the session -- we don't really need it once the handshake has completed.
* Implement Supported Elliptic Curves Extension.Bodo Möller2006-03-301-7/+31
| | | | Submitted by: Douglas Stebila
* Simplify ASN.1 for point format listBodo Möller2006-03-261-27/+5
| | | | Submitted by: Douglas Stebila
* Resolve signed vs. unsigned issuesRichard Levitte2006-03-131-4/+4
|
* Implement the Supported Point Formats Extension for ECC ciphersuitesBodo Möller2006-03-111-7/+63
| | | | Submitted by: Douglas Stebila
* add initial support for RFC 4279 PSK SSL ciphersuitesNils Larsch2006-03-101-2/+87
| | | | | | PR: 1191 Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation Reviewed by: Nils Larsch
* Fix signed/unsigned char clashes.Richard Levitte2006-01-041-2/+2
|
* Support TLS extensions (specifically, HostName)Bodo Möller2006-01-021-1/+36
| | | | Submitted by: Peter Sylvester
* Avoid warnings on VC++ 2005.Dr. Stephen Henson2005-12-051-1/+1
|
* Make kerberos ciphersuite code compile again.Dr. Stephen Henson2005-04-201-5/+5
| | | | Avoid more shadow warnings.
View Lorry Controller Status