| Commit message (Collapse) | Author | Files | Lines |
|---|
|
ok jsing
|
|
Based on OpenSSL commit c5ebfcab713a82a1d46a51c8c2668c419425b387
tested in a bulk by sthen
ok jsing
|
|
ok jsing
|
|
These functions are no-ops. Their signature was changed by OpenSSL
to allow error checking. This way we return an error and do not
indicate the (non-)existence of memory leaks.
tested in a bulk by sthen
ok jsing
|
|
The original implementation is rather crazy and means that we effectively
have two lots of code that parse a ClientHello and two lots of code that
parse TLS extensions. Partially simplify this by passing a CBS containing
the extension block through to the session handling functions, removing the
need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
|
Parse up until the extensions (if any), then proceed with processing,
rather than gradually parsing while processing. This makes the code
cleaner, requires messages to be valid before processing and makes way
for upcoming changes.
ok inoguchi@ tb@
|
|
Discussed with jsing
|
|
|
|
|
|
Now that all handshake messages are created using CBB, remove the non-CBB
ssl3_handshake_msg_start()/ssl3_handshake_msg_finish() functions. Rename
the CBB variants by dropping the _cbb suffix.
ok bcook@ inoguchi@ tb@
|
|
|
|
|
|
- Added checking for session ticket reusing with using openssl(1) s_server and
s_client command in appstest.sh
- Confirm certificate verification status.
- Save s_server message to log file.
ok tb@ and jsing@
|
|
While here, we don't need the app_timer_* wrapper function, it only
obfuscates things, so delete it. Also while here, totalTime only needs
to be assigned once.
ok tb@
|
|
The CBB conversion resulted in the ticket encryption being handled
incorrectly, resulting in only the last block being used. Fix this and
restore the previous behaviour.
Issue found by inoguchi@ and sebastia@.
ok inoguchi@ and tb@
|
|
|
|
|
|
unconditional failure.
|
|
their own functions to make it easier to handle failures cleanly.
Discussed with jsing
|
|
We need to then remove the shadow i from the GET block. While there,
move retval's declaration to the beginning of the function.
As doConnection() now executes the body of the benchmark's test, rename
it to "run_test".
Shadow variable spotted by tb@.
ok tb@
|
|
|
|
|
|
Suggested by jsing
|
|
|
|
testing EVP_AEAD_CTX_open()
|
|
tests together. Make failure of the length tests non-fatal, as these are
failures of test cases, not of the program.
|
|
We currently only support nonces of length 12, so skip a few tests.
With input from jsing
|
|
CID #118791
ok jsing mestre
|
|
|
|
CID #183499.
input & ok jsing, ok mestre on first version
|
|
CID #154702.
input & ok inoguchi, ok mestre on first version
|
|
Now that all callers of tls12_get_sigandhash() have been converted to CBB,
collapse tls12_get_sigandhash() and tls12_get_sigandhash_cbb() into a
single function. Rename it to tls12_gethashandsig() to be representative
of the actual order of the sigalgs parameters, and perform some other
clean up.
ok inoguchi@ tb@
|
|
This removes a memorable BUF_MEM_grow() and associated comment.
ok inoguchi@ tb@
|
|
Move SSL_new/SSL_free up into benchmark() to restrict the responsibility
for the SSL object to a single scope. Make doConnection() return an int,
openssl-style. Some miscellaneous cleanup, too.
Discussed with tb, jsing, and jca. Basic idea from jsing, lots of patch
input from tb.
ok deraadt on an earlier version
ok tb jsing
|
|
ok inoguchi@ tb@
|
|
|
|
more precisely which options require which other options, add many
missing incompatibilities, mention the default for -e, and some
macro cleanup.
OK jmc@ tb@
|
|
|
|
ok tb@
|
|
ok tb@
|
|
ok inoguchi@ tb@
|
|
ok inoguchi@ tb@
|
|
from r1.45 and thereby avoid a use-after-free spotted by schwarze.
ok schwarze
|
|
From Nan at chinadtrace dot org. Thanks!
|
|
Prompted by a remark by jsing
|
|
the terminating NUL. EVP_read_pw_string_min() got this wrong, leading to
a one-byte buffer overrun in all callers of EVP_read_pw_string().
Found by mestre running 'openssl passwd' with MALLOC_OPTIONS including C.
Fix this by doing some basic sanity checking in EVP_read_pw_string_min().
Cap the len argument at BUFSIZ and ensure that min < len as well as
0 <= min and 1 <= len. The last two checks are important as these
numbers may end up in reallocarray().
ok bcook (on previous version), jsing, mestre
|
|
|
|
ok bcook@ beck@ tb@
|
|
|
|
Move all of the benchmark code -- loop initialization, the loops, and
the report printing -- into a new function, benchmark(). Eliminates
lots of duplicate code.
Regressions to 1.20 caught by tb@ and inoguchi@. Tweaked by tb@.
ok tb@, jsing@
|
