- Feb 03, 2016
-
-
Richard Levitte authored
This makes use of TLSProxy, which was expanded to use IO::Socket::IP (which is a core perl module) or IO::Socket::INET6 (which is said to be more popular) instead IO::Socket::INET if one of them is installed. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Richard Levitte authored
s_socket.c gets brutally cleaned out and now consists of only two functions, one for client and the other for server. They both handle AF_INET, AF_INET6 and additionally AF_UNIX where supported. The rest is just easy adaptation. Both s_client and s_server get the new flags -4 and -6 to force the use of IPv4 or IPv6 only. Also, the default host "localhost" in s_client is removed. It's not certain that this host is set up for both IPv4 and IPv6. For example, Debian has "ip6-localhost" as the default hostname for [::1]. The better way is to default |host| to NULL and rely on BIO_lookup() to return a BIO_ADDRINFO with the appropriate loopback address for IPv4 or IPv6 as indicated by the |family| parameter. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Richard Levitte authored
The control commands that previously took a struct sockaddr * have been changed to take a BIO_ADDR * instead. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Richard Levitte authored
This adds a couple of simple tests to see that SSL traffic using the reimplemented BIO_s_accept() and BIO_s_connect() works as expected, both on IPv4 and on IPv6. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Richard Levitte authored
Future commits will change our use to newer functions and the pragmas will go away at that time. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Richard Levitte authored
Added functions: BIO_socket BIO_connect BIO_listen BIO_accept_ex BIO_closesocket BIO_sock_info These get deprecated: BIO_gethostbyname BIO_get_port BIO_get_host_ip BIO_get_accept_socket BIO_accept Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Richard Levitte authored
Because of the way bio_lcl.h is organised, we must not include internal/cryptlib.h before it. As a matter of fact, bio_lcl.h includes internal/cryptlib.h on its own. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Richard Levitte authored
Because different platforms have different levels of support for IPv6, different kinds of sockaddr variants, and some have getaddrinfo et al while others don't, we could end up with a mess if ifdefs, duplicate code and other maintainance nightmares. Instead, we're introducing wrappers around the common form for socket communication: BIO_ADDR, closely related to struct sockaddr and some of its variants. BIO_ADDRINFO, closely related to struct addrinfo. With that comes support routines, both convenient creators and accessors, plus a few utility functions: BIO_parse_hostserv, takes a string of the form host:service and splits it into host and service. It checks for * in both parts, and converts any [ipv6-address] syntax to ust the IPv6 address. BIO_lookup, looks up information on a host. All routines handle IPv4 (AF_INET) and IPv6 (AF_INET6) addresses, and there is support for local sockets (AF_UNIX) as well. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Emilia Kasper authored
Accept leading 0-byte in PKCS1 type 1 padding. Internally, the byte is stripped by BN_bn2bin but external callers may have other expectations. Reviewed-by: Kurt <Roeckx<kurt@openssl.org>
-
Michael Lee authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Emilia Kasper authored
CRIME protection: disable compression by default, even if OpenSSL is compiled with zlib enabled. Applications can still enable compression by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using the SSL_CONF library to configure compression. SSL_CONF continues to work as before: SSL_CONF_cmd(ctx, "Options", "Compression") enables compression. SSL_CONF_cmd(ctx, "Options", "-Compression") disables compression (now no-op by default). The command-line switch has changed from -no_comp to -comp. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Viktor Dukhovni authored
Also fix option processing in pkeyutl to allow use of (formerly) "out-of-order" switches that were needless implementation limitations. Handle documented "ENGINE" form with -keyform and -peerform. Better handling of OPENSSL_NO_ENGINE and OPENSSL_NO_RSA. RT2018 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
FdaSilvaYY authored
... related to engine_ref_debug macro. Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
- Feb 02, 2016
-
-
Rich Salz authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
It turns out that the combination splitpath() could return an empty string for the directory part. This doesn't play well with catdir(). Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Add new function BN_bn2binpad() which checks the length of the output buffer and pads the result with zeroes if necessary. New functions BN_bn2lebinpad() and BN_lebin2bn() which use little endian format. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dmitry-Me authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Emilia Kasper authored
Remove ancient unused configuration file in crypto/conf. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Feb 01, 2016
-
-
Rich Salz authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Hubert Kario authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Emilia Kasper authored
PACKET contents should be read-only. To achieve this, also - constify two user callbacks - constify BUF_reverse. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Iteratively improved with Richard and Andy. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dmitry-Me authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Nothing else will run the unified scheme for now. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
Now that we have the foundation for the "unified" build scheme in place, we add build.info files. They have been generated from the Makefiles in the same directories. Things that are platform specific will appear in later commits. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
The "unified" build scheme revolves around small information files, build.info, which each describe their own bit of everything that needs to be built, using a mini-language described in Configurations/README. The information in build.info file contain references to source files and final result. Object files are not mentioned at all, they are simply from source files. Because of this, all the *_obj items in Configurations/*.conf are renamed to *_asm_src and the files listed in the values are change from object files to their corresponding source files. For the sake of the other build schemes, Configure generates corresponding *_obj entries in %target. Furthermore, the "unified" build scheme supports having a build directory tree separate from the source directry tree. All paths in a build.info file is assumed to be relative to its location, either within the source tree or within the build tree. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Viktor Dukhovni authored
When auxiliary data contains only reject entries, continue to trust self-signed objects just as when no auxiliary data is present. This makes it possible to reject specific uses without changing what's accepted (and thus overring the underlying EKU). Added new supported certs and doubled test count from 38 to 76. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Viktor Dukhovni authored
This includes basic constraints, key usages, issuer EKUs and auxiliary trust OIDs (given a trust suitably related to the intended purpose). Added tests and updated documentation. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-