- Mar 22, 2018
-
-
Andy Polyakov authored
Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4159)
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Some platforms, cough-DJGPP, fail to compile claiming that requested alignment is greater than maximum possible. Supposedly original alignment was result of an attempt to utilize AVX2... Reviewed-by:
-
Andy Polyakov authored
In other words no-sock DJGPP build should suppress syslogging. Reviewed-by:
-
Andy Polyakov authored
At earlier point e_os.h was omitted from a number of headers (in order to emphasize OS neutrality), but this affected o_fopen.c, which is not OS-neutral, and contains some DJGPP-specific code. Reviewed-by:
-
- Mar 21, 2018
-
-
Pauli authored
The strsignal call is not supported by some machines, so avoid its use. Reviewed-by:
-
Patrick Steuer authored
Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
Kurt Roeckx authored
Reviewed-by: -
FdaSilvaYY authored
Add missing guards around STRP-related fields Remove two unneeded global variables: my 2'cents to #4679 Merge definition and instantiation of srpsrvparm global. Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
-
Matt Caswell authored
Fixes #5711 Reviewed-by:
-
Philippe Antoine authored
Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
-
David Benjamin authored
In particular, x and y may be NULL, as used in ecdsa_ossl.c. Make use of this in ecdh_ossl.c as well, to save an otherwise unnecessary temporary. Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
-
Bernd Edlinger authored
Various code-cleanups. Use SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY) insead of handling SSL_ERROR_WANT_READ everywhere. Turn off the linger option on connected sockets to avoid failure. Add BIO_set_conn_mode(conn, BIO_SOCK_NODELAY) to improve thruput. Reviewed-by:
-
Jack Bates authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
-
Matt Caswell authored
For DTLS/SCTP we were waiting for a dry event during the call to tls_finish_handshake(). This function just tidies up various internal things, and after it completes the handshake is over. I can find no good reason for waiting for a dry event here, and nothing in RFC6083 suggests to me that we should need to. More importantly though it seems to be wrong. It is perfectly possible for a peer to send app data/alerts/new handshake while we are still cleaning up our handshake. If this happens then we will never get the dry event and so we cannot continue. Reviewed-by:
-
Matt Caswell authored
At a couple of points in a DTLS/SCTP handshake we need to wait for a dry event before continuing. However if an alert has been sent by the peer then we will never receive that dry event and an infinite loop results. This commit changes things so that we attempt to read a message if we are waiting for a dry event but haven't got one yet. This should never succeed, but any alerts will be processed. Fixes #4763 Reviewed-by:
-
Peter Wu authored
Fixes regression from #5667. Reviewed-by:
-
Andy Polyakov authored
At earlier point e_os.h was omitted from a number of headers (in order to emphasize OS neutrality), but this affected o_fopen.c and randfile.c which are not OS-neutral, and contain some Win32-specific code. Reviewed-by:
-
Matthias Kraft authored
Although it deviates from the actual prototype of DSO_dsobyaddr(), this is now ISO C compliant and gcc -Wpedantic accepts the code. Added DATA segment checking to catch ptrgl virtual addresses. Avoid memleaks with every AIX/dladdr() call. Removed debug-fprintf()s. Added test case for DSO_dsobyaddr(), which will eventually call dladdr(). Removed unecessary AIX ifdefs again. The implementation can only lookup function symbols, no data symbols. Added PIC-flag to aix*-cc build targets. As AIX is missing a dladdr() implementation it is currently uncertain our exit()-handlers can still be called when the application exits. After dlclose() the whole library might have been unloaded already. Signed-off-by:
Matthias Kraft <makr@gmx.eu> Reviewed-by:
-
Benjamin Kaduk authored
The sid_ctx is something of a "certificate request context" or a "session ID context" -- something from the application that gives extra indication of what sort of thing this session is/was for/from. Without a sid_ctx, we only know that there is a session that we issued, but it could have come from a number of things, especially with an external (shared) session cache. Accordingly, when resuming, we will hard-error the handshake when presented with a session with zero-length sid_ctx and SSL_VERIFY_PEER is set -- we simply have no information about the peer to verify, so the verification must fail. In order to prevent these future handshake failures, proactively decline to add the problematic sessions to the session cache. Reviewed-by:
-
- Mar 20, 2018
-
-
Pauli authored
The comment in EVP_DigestInit.pod is: > Returns the NID of the public key signing algorithm associated with this digest. For example EVP_sha1() is associated with RSA so this will return B<NID_sha1WithRSAEncryption>. Since digests and signature algorithms are no longer linked this function is only retained for compatibility reasons. I.e. there is no link anymore. Reviewed-by:
-
Eric Covener authored
WCOREDUMP and vsyslog are not portable Reviewed-by:
-
Johannes Bauer authored
Give meaningful error messages when the user incorrectly uses pkeyutl. Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> Reviewed-by:
-
Matt Caswell authored
The travis logs are going above 4Mb causing the builds to fail. One test creates excessive output. This change reduces that output by approx 180k. [extended tests] Reviewed-by:
-
Matt Caswell authored
Broken by commit 3e3c7c36 . Fixes #5681 Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5688)
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by:
-
Richard Levitte authored
Without it, the RAND_POOL typedef is missing Reviewed-by:
-
- Mar 19, 2018
-
-
Dr. Matthias St. Pierre authored
[extended tests] The test_rand_reseed assumed that the global DRBGs were not used previously. This assumption is false when the tests are executed in random order (OPENSSL_TEST_RAND_ORDER). So we uninstantiate them first and add a test for the first instantiation. Reviewed-by:
-
Richard Levitte authored
We did the SSL_CONF_cmd() pass last of all things that could affect the SSL ctx. However, the results of this, for example: -max_protocol TLSv1.3 -tls1_2 ... would mean that the protocol min got set to TLSv1.2 and the protocol max to TLSv1.3, when they should clearly both be TLSv1.2. However, if we see the SSL_CONF_cmd() switches as generic and those internal to s_client and s_server as specialisations, we get something that makes a little more sense. Reviewed-by:Tim Hudson <tjh@openssl.org> Reviewed-by:
-
Todd Short authored
Reviewed-by:
-
Todd Short authored
Reviewed-by:
-
Richard Levitte authored
The error string header files aren't supposed to be included directly, so there's no point testing that they can. Reviewed-by:
-
Richard Levitte authored
Have all test programs using that function specify those versions. Additionally, have the remaining test programs that use SSL_CTX_new directly specify at least the maximum protocol version. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
If for nothing else, they are needed when doing a regression test Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
