- 20 May, 2016 3 commits
-
-
Matt Caswell authored
The write BIO for handshake messages is bufferred so that we only write out to the network when we have a complete flight. There was some complexity in the buffering logic so that we switched buffering on and off at various points through out the handshake. The only real reason to do this was historically it complicated the state machine when you wanted to flush because you had to traverse through the "flush" state (in order to cope with NBIO). Where we knew up front that there was only going to be one message in the flight we switched off buffering to avoid that. In the new state machine there is no longer a need for a flush state so it is simpler just to have buffering on for the whole handshake. This also gives us the added benefit that we can simply call flush after every flight even if it only has one message in it. This means that BIO authors can implement their own buffering strategies and not have to be aware of the state of the SSL object (previously they would have to switch off their own buffering during the handshake because they could not rely on a flush being received when they really needed to write data out). This last point addresses GitHub Issue #322. Reviewed-by:Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
RT#4543 Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
-
Rich Salz authored
Add doc-nit-check to help find future issues. Make podchecker be almost clean. Remove trailing whitespace. Tab expansion Reviewed-by:Richard Levitte <levitte@openssl.org>
-
- 19 May, 2016 15 commits
-
-
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Dr. Stephen Henson authored
RT#1817 Reviewed-by: -
Andy Polyakov authored
the fact that it's community-supported target. Reviewed-by: -
Andy Polyakov authored
GH: #102 Reviewed-by: -
Andy Polyakov authored
Defintions of macros similar to _XOPEN_SOURCE belong in command line or in worst case prior first #include directive in source. As for macros is was allegedly controlling. One can argue that we are probably better off demanding S_IS* macros but there are systems that just don't comply, hence this compromise solution... Reviewed-by: -
Matt Caswell authored
In the X509 app check that the obtained public key is valid before we attempt to use it. Issue reported by Yuan Jochen Kang. Reviewed-by:Viktor Dukhovni <viktor@openssl.org>
-
Rich Salz authored
Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Ben Laurie authored
Reviewed-by:
-
Viktor Dukhovni authored
Since with SSL_VERIFY_NONE, the connection may continue and the session may even be cached, we should save some evidence that the chain was not sufficiently verified and would have been rejected with SSL_VERIFY_PEER. To that end when a CT callback returs failure we set the verify result to X509_V_ERR_NO_VALID_SCTS. Note: We only run the CT callback in the first place if the verify result is still X509_V_OK prior to start of the callback. RT #4502 Reviewed-by:Tim Hudson <tjh@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by:Dr. Stephen Henson <steve@openssl.org>
-
Viktor Dukhovni authored
PEM_read(), PEM_read_bio(), PEM_get_EVP_CIPHER_INFO() and PEM_do_header(). Reviewed-by:
-
- 18 May, 2016 21 commits
-
-
Mat authored
adds missing check for defined(__GNUC__) Reviewed-by:
-
Cynh authored
Signed-off-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
Matt Caswell <matt@openssl.org> GH: #1017
-
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
STORE doesn't exist for now HMAC doesn't have any error codes Reviewed-by: -
Richard Levitte authored
- Adjust mkerr.pl to produce the line length we used for source reformating. - Have mkerr.pl keep track of preprocessor directive indentation Among others, do not spuriously throw away a #endif at the end of header files. - Make sure mkerr.pl specifies any header inclusion correctly Reviewed-by: -
Viktor Dukhovni authored
Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot continue due to malloc failure. Also, when X509_verify_cert() returns <= 0 make sure that the verification status does not remain X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns an error without setting an appropriate value of ctx->error. Reviewed-by: -
Viktor Dukhovni authored
Reviewed-by: -
hesiod authored
Reviewed-by:
-
Richard Levitte authored
RT#1466 Reviewed-by: -
Richard Levitte authored
RT#1466 Reviewed-by: -
Richard Levitte authored
Also adds 'esc_2254' to the possible command line name options RT#1466 Reviewed-by: -
Dr. Stephen Henson authored
Tidy up and simplify OBJ_dup() and OBJ_create(). Sanity check added OIDs: don't allow duplicates. Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
A number of the METHOD functions weren't properly handling malloc failures. Reviewed-by: -
Matt Caswell authored
There were some unchecked calls to OPENSSL_strdup(). Reviewed-by: -
Matt Caswell authored
In the CAPI engine there were some unchecked calls to OPENSSL_strdup(). GH Issue #830 Reviewed-by: -
FdaSilvaYY authored
Reviewed-by:
-
FdaSilvaYY authored
Reviewed-by:
-
FdaSilvaYY authored
Discard useless static engine_id Add a const qualifier Fix some spelling Reviewed-by:
-
Kazuki Yamaguchi authored
chacha20_poly1305_init_key() dereferences NULL when called with inkey != NULL && iv == NULL. This function is called by EVP_EncryptInit_ex() family, whose documentation allows setting key and iv in separate calls. Reviewed-by:
-
- 17 May, 2016 1 commit
-
-
Rich Salz authored
Reviewed-by:
-
