- Apr 11, 2017
-
-
Matt Caswell authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3159)
-
Pauli authored
Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3170)
-
Pauli authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
Kurt Roeckx <kurt@openssl.org> Reviewed-by:
-
- Apr 10, 2017
-
-
Pauli authored
Reviewed-by:
-
Benjamin Kaduk authored
RFC 7301 mandates that the server SHALL respond with a fatal "no_application_protocol" alert when there is no overlap between the client's supplied list and the server's list of supported protocols. In commit 06217867 we changed from ignoring non-success returns from the supplied alpn_select_cb() to treating such non-success returns as indicative of non-overlap and sending the fatal alert. In effect, this is using the presence of an alpn_select_cb() as a proxy to attempt to determine whether the application has configured a list of supported protocols. However, there may be cases in which an application's architecture leads it to supply an alpn_select_cb() but have that callback be configured to take no action on connections that do not have ALPN configured; returning SSL_TLSEXT_ERR_NOACK from the callback would be the natural way to do so. Unfortunately, the aforementioned behavior change also treated SSL_TLSEXT_ERR_NOACK as indicative of no overlap and terminated the connection; this change supplies special handling for SSL_TLSEXT_ERR_NOACK returns from the callback. In effect, it provides a way for a callback to obtain the behavior that would have occurred if no callback was registered at all, which was not possible prior to this change. Reviewed-by:
-
Richard Levitte authored
The deprecation checking code here didn't work the same way as in Configure, and used $config{options} to find an --api= option that was never there. This is replaced with checking $config{api}, which is the controlling variable for deprecation. Reviewed-by: -
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Teach util/mkdef.pl to recognise these lines: #if OPENSSL_API_COMPAT < 0xXXXXXXXXL #if OPENSSL_API_COMPAT >= 0xXXXXXXXXL and add corresponding markers in util/*.num A final 'make update' sets those markers right for LONG and ZLONG. Reviewed-by: -
Richard Levitte authored
Replace all remaining uses of LONG and ZLONG with INT32 / ZINT32. Reviewed-by:
-
Richard Levitte authored
Don't compile code that still uses LONG when it's deprecated Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by:
-
- Apr 08, 2017
-
-
Andy Polyakov authored
Last modification effectively masked test failures, so that builds were reported successful even if they failed. Reviewed-by:
-
- Apr 07, 2017
-
-
Rich Salz authored
Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
Rich Salz authored
Forgot to include this commit as requested by review. Reviewed-by:
-
Rich Salz authored
Document thread-safety issues Have RSA_null return NULL (always fails) Reviewed-by:
-
Richard Levitte authored
When configured no-engine, we still refered to rand_engine_lock. Rework the lock init code to avoid that. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
We need it for the custom extensions API Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Style updates for the new custom extensions API Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
The old custom extensions API was not TLSv1.3 aware. Extensions are used extensively in TLSv1.3 and they can appear in many different types of messages. Therefore we need a new API to be able to cope with that. Reviewed-by:
-
Matt Caswell authored
This move prepares for the later addition of the new custom extensions API. The context codes have an additional "SSL_" added to their name to ensure we don't have name clashes with other applications. Reviewed-by:
-
Matt Caswell authored
Brings all the extensions code together. Reviewed-by:
-
Richard Levitte authored
This is especially harmful since OPENSSL_cleanup() has already called the RAND cleanup function Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
- Apr 06, 2017
-
-
Qin Long authored
Under UEFI build environment, we may encounter the OSSL_SSIZE macro re-definition error in e_os2.h if any module call OpenSSL API directly by including "openssl/xxxx.h" (caused by the predefined _WIN32/_WIN64 macro, which should have been un-defined under OPENSSL_SYS_UEFI). Though it's not one recommended usage, this patch could still eliminate the possible build issue by refining the OSSL_SSIZE definition under OPENSSL_SYS_UEFI. Reviewed-by:
-
Todd Short authored
Reviewed-by:
-
Richard Levitte authored
If no default method was yet given, RAND_get_rand_method() will set it up. Doing so just to clean it away seems pretty silly, so instead, use the default_RAND_meth variable directly. This also clears a possible race condition where this will try to init things, such as ERR or ENGINE when in the middle of a OPENSSL_cleanup. Fixes #3128 Reviewed-by:
-
- Apr 05, 2017
-
-
Richard Levitte authored
It's sheer luck that this was used for the first field only which also has the same type in all data structures, so the offsets were never wrong Reviewed-by:
-
- Apr 04, 2017
-
-
Andy Polyakov authored
Fixes GH#3116. Reviewed-by:
-
