- May 21, 2016
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- May 20, 2016
-
-
Matt Caswell authored
The function InitOnceExceuteOnce is the best way to support the implementation of CRYPTO_THREAD_run_once() on Windows. Unfortunately WinXP doesn't have it. To get around that we had two different implementations: one for WinXP and one for later versions. Which one was used was based on the value of _WIN32_WINNT. This approach was starting to cause problems though because other parts of OpenSSL assume _WIN32_WINNT is going to be 0x0501 and crashes were occurring dependant on include file ordering. In addition a conditional based on _WIN32_WINNT had made its way into a public header file through commit 5c4328f0 . This is problematic because the value of this macro can vary between OpenSSL build time and application build time. The simplest solution to this mess is just to always use the WinXP version of CRYPTO_THREAD_run_once(). Its perhaps slightly sub-optimal but probably not noticably. GitHub Issue #1086 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Rename sk_xxx to OPENSSL_sk_xxx and _STACK to OPENSSL_STACK Rename lh_xxx API to OPENSSL_LH_xxx and LHASH_NODE to OPENSSL_LH_NODE Make lhash stuff opaque. Use typedefs for function pointers; makes the code simpler. Remove CHECKED_xxx macros. Add documentation; remove old X509-oriented doc. Add API-compat names for entire old API Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
Giving setbuf() a 64-bit pointer isn't faulty, as the argument is passed by a 64-bit register anyway, so you only get a warning (MAYLOSEDATA2) pointing out that only the least significant 32 bits will be used. However, we know that a FILE* returned by fopen() and such really is a 32-bit pointer (a study of the system header files make that clear), so we temporarly turn off that warning when calling setbuf(). Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- May 19, 2016
-
-
Andy Polyakov authored
GH: #102 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Defintions of macros similar to _XOPEN_SOURCE belong in command line or in worst case prior first #include directive in source. As for macros is was allegedly controlling. One can argue that we are probably better off demanding S_IS* macros but there are systems that just don't comply, hence this compromise solution... Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Ben Laurie authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Viktor Dukhovni authored
Since with SSL_VERIFY_NONE, the connection may continue and the session may even be cached, we should save some evidence that the chain was not sufficiently verified and would have been rejected with SSL_VERIFY_PEER. To that end when a CT callback returs failure we set the verify result to X509_V_ERR_NO_VALID_SCTS. Note: We only run the CT callback in the first place if the verify result is still X509_V_OK prior to start of the callback. RT #4502 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Viktor Dukhovni authored
PEM_read(), PEM_read_bio(), PEM_get_EVP_CIPHER_INFO() and PEM_do_header(). Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- May 18, 2016
-
-
Cynh authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> GH: #1017
-
Richard Levitte authored
STORE doesn't exist for now HMAC doesn't have any error codes Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Viktor Dukhovni authored
Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot continue due to malloc failure. Also, when X509_verify_cert() returns <= 0 make sure that the verification status does not remain X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns an error without setting an appropriate value of ctx->error. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
RT#1466 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Also adds 'esc_2254' to the possible command line name options RT#1466 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Tidy up and simplify OBJ_dup() and OBJ_create(). Sanity check added OIDs: don't allow duplicates. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
A number of the METHOD functions weren't properly handling malloc failures. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
There were some unchecked calls to OPENSSL_strdup(). Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Kazuki Yamaguchi authored
chacha20_poly1305_init_key() dereferences NULL when called with inkey != NULL && iv == NULL. This function is called by EVP_EncryptInit_ex() family, whose documentation allows setting key and iv in separate calls. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- May 17, 2016
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Add some functions that were missing when a number of X509 objects became opaque (thanks, Roumen!) Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
An if checks the value of |type| to see if it is V_ASN1_VISIBLESTRING twice. We only need to do it once. GitHub Issue #656 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- May 16, 2016
-
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Due to short-circuiting we only need to check "cipher" for NULL once. PR#699 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Steffan Karger authored
CLA: none; trivial Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1070
-
Viktor Dukhovni authored
Document thread-safe lock creation Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
RT#2534 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
FdaSilvaYY authored
Add a status return value instead of void. Add some sanity checks on reference counter value. Update the docs. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
FdaSilvaYY authored
Fix some missing OBJ_dup failure checks. Merged from https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E ! Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1057)
-
- May 14, 2016
-
-
Kirill Marinushkin authored
Currently point to wrong address Signed-off-by: Kirill Marinushkin <k.marinushkin@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-