- Apr 13, 2016
-
-
Matt Caswell authored
EVP_cleanup() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
BIO_sock_cleanup() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
CRYPTO_cleanup_all_ex_data() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
RAND_cleanup() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
The conditional compile logic wasn't quite right in speed.c for when both OPENSSL_NO_DSA and OPENSSL_NO_EC are defined. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
SSL_COMP_free_compression_methods() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
ERR_free_strings() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
COMP_zlib_cleanup() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Richard Levitte authored
Setting the debug callback on the in and out BIOs were done too early. No debug callback was set on the zlib filter BIO. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Apr 11, 2016
-
-
Kazuki Yamaguchi authored
Add an accessor for SSL_CTX. Since libssl was made opaque, there is no way for users to access the cipher_list, while users can set the cipher_list by SSL_CTX_set_cipher_list(). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Fix a compile failure with no-posix-io Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
The function pqueue_print is not exported and is never called. Therefore we should delete it. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
The no-tls option was failing in the tests. This fixes it. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Misc fixes to get no-nextprotoneg config option working again. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
When a file is opened with BIO_new_file(), make sure that the internal mode TEXT vs BINARY setting reflects what's given in the mode string. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Apr 09, 2016
-
-
Emilia Kasper authored
Code without PEDANTIC has intentional "undefined" behaviour. To get best coverage for both PEDANTIC and non-PEDANTIC codepaths, run the sanitizer builds in two different configurations: 1) Without PEDANTIC but with alignment checks disabled. 2) With PEDANTIC. To not overload Travis too much, run one build with clang and the other with gcc (chosen at random). Also remove a micro-optimization in CAST code to be able to -fsanitize=shift. Whether shift sanitization is meaningful for crypto or an obstacle is debatable but since this appears to be the only offender, we might as well keep the check for now. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Emilia Kasper authored
In Travis, do --strict-warnings on BUILDONLY configurations. This ensures that the tests run even if --strict-warnings fail, and avoids hiding unrelated test failures. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
The simple reason is that the pre-generated files are mainly for Unix. The VMS variants look slightly different, so comparing will always fail. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Richard Levitte authored
Don't add / in file specs on VMS. The directory "separator" is part of the directory spec. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Beat Bolli authored
Rename the function to RSA_PKCS1_OpenSSL. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
A number of new functions have been added following the DH and DH_METHOD opacity commits. This commit provides documentation for those functions. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Move the dh_method structure into an internal header file and provide relevant accessors for the internal fields. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Move the dh_st structure into an internal header file and provide relevant accessors for the internal fields. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Apr 08, 2016
-
-
Rich Salz authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Apr 07, 2016
-
-
Andy Polyakov authored
As it turns out branch hints grew as kind of a misconception. In addition their interpretation by GNU assembler is affected by assembler flags and can end up with opposite meaning on different processors. As we have to loose quite a lot on misinterprerations, especially on newer processors, we just omit them altogether. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Andy Polyakov authored
Since NDEBUG is defined unconditionally on command line for release builds, we can omit *_DEBUG options in favour of effective "all-on" in debug builds exercised though CI. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Andy Polyakov authored
... and refine /MT vs. /MD flag handling. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Without proper cleanup after DLL link failure second attempt to run nmake would actually proceed and failure will be "shifted" to run time. This is because libcrypto.lib import library is generated even if DLL link fails. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
pointers, except for minimal std[in|out|err]. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Viktor Dukhovni authored
Signed-off-by: Rob Percival <robpercival@google.com> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Viktor Dukhovni authored
Suppress CT callbacks with aNULL or PSK ciphersuites that involve no certificates. Ditto when the certificate chain is validated via DANE-TA(2) or DANE-EE(3) TLSA records. Also skip SCT processing when the chain is fails verification. Move and consolidate CT callbacks from libcrypto to libssl. We also simplify the interface to SSL_{,CTX_}_enable_ct() which can specify either a permissive mode that just collects information or a strict mode that requires at least one valid SCT or else asks to abort the connection. Simplified SCT processing and options in s_client(1) which now has just a simple pair of "-noct" vs. "-ct" options, the latter enables the permissive callback so that we can complete the handshake and report all relevant information. When printing SCTs, print the validation status if set and not valid. Signed-off-by: Rob Percival <robpercival@google.com> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Viktor Dukhovni authored
The original check for != SSL_VERIFY_NONE can give surprising results when flags SSL_VERIFY_PEER is not set, but other flags are. Note that SSL_VERIFY_NONE (0) is not a flag bit, it is rather the absense of all other flag bits. Signed-off-by: Rob Percival <robpercival@google.com> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-