- Mar 30, 2016
-
-
Richard Levitte authored
Since OpenSSL::Test only redirects stderr to /dev/null when being run through non-verbose test harness, this change allows the stderr output to be displayed when verbosity is requested. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Richard Levitte authored
The intention with that option is to allow extra flags to the perl interpreter itself. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Dr. Stephen Henson authored
Cache the decoded public key when an X509_PUBKEY structure is initially parsed so no locking is required. Ignore any decode errors. When an application calls X509_PUBKEY_get0() subsequently it will either get the cached key or the decode operation will be repeated which will return an appropriate error. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Ben Laurie authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Ben Laurie authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
BIO_f_linebuffer() is now built by default instead of just on VMS, but the prototype in the header was still only available on VMS. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
There are rare cases when an object file will only be used when building a shared library. To enable this, we introduce SHARED_SOURCE: SHARED_SOURCE[libfoo]=dllmain.c Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
Also, have it always be built, even though it's only (currently) used on VMS. That will assure it will get the same changes as all others. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Viktor Dukhovni authored
Previously, it was sufficient to have certSign in keyUsage when the basicConstraints extension was missing. That is still accepted in a trust anchor, but is no longer accepted in an intermediate CA. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Mar 29, 2016
-
-
Matt Caswell authored
The zlib config option was broken by the BIO opacity changes. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Benjamin Kaduk authored
The API contract is more tight than was previously documented -- the returned string must be NUL-terminated, and the supplied buffer includes space for the trailing NUL, so the maximum length that can be read in is reduced. Clarify that the NUL is not included in the returned length, and fix the spelling of "NUL-terminated" in a nearby spot. Adjust punctuation to make a modest improvement to the grammar. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Todd Short authored
The SSL, SSL_CTX, and SSL_SESSION indices were being referenced incorrectly in the "_get_ex_new_index" functions. Remove the STORE EX_DATA index; that functionality is gone. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
"vms-generic" already has some values, which were discarded. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
The warning MAYLOSEDATA3 is one you will always get when compiling source that calculates the difference between two pointers with /POINTER_SIZE=64. The reason is quite simple, ptrdiff_t is always a 32-bit integer regardless of pointer size, so the result of 'ptr1 - ptr2' can potentially be larger than a 32-bit integer. The compiler simply warns you of that possibility. However, we only use pointer difference within objects and strings, all of them well within 2^32 bytes in size, so that operation is harmless with our source, and we can therefore safely turn off that warning. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
David Benjamin authored
The private key is a scalar and should be sized by the order, not the degree. See RFC 5915. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Add the documentation for new BIO functions added as a result of making BIO and BIO_METHOD opaque. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Move the the BIO_METHOD and BIO structures into internal header files, provide appropriate accessor methods and update all internal code to use the new accessors where appropriate. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
BIO_METHODs are soon to be opaque so we need to have functions available to set them up. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
FdaSilvaYY authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
RT#4439 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Andy Polyakov authored
The space saving is >5x on x86_64 at ~40% performance penalty. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Mar 27, 2016
-
-
Kurt Roeckx authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> MR: #2452
-
Kurt Roeckx authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> MR: #2452
-
David Benjamin authored
Session resumption involves a version check, so version negotiation must happen first. Currently, the DTLS implementation cannot do session resumption in DTLS 1.0 because the ssl_version check always checks against 1.2. Switching the order also removes the need to fixup ssl_version in DTLS version negotiation. Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> RT: #4392, MR: #2452
-
Kurt Roeckx authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> MR: #2452
-
Fedor Indutny authored
We now send the highest supported version by the client, even if the session uses an older version. This fixes 2 problems: - When you try to reuse a session but the other side doesn't reuse it and uses a different protocol version the connection will fail. - When you're trying to reuse a session with an old version you might be stuck trying to reuse the old version while both sides support a newer version Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> GH: #852, MR: #2452
-
Richard Levitte authored
According to documentation, perl's Math::BigInt does floored division, i.e. the bdiv function does 1 / -4 = -1. OpenSSL's BN_div, as well as bc, do truncated division, i.e. 1 / -4 = 0. We need to compensate for that difference in test/recipes/bc.pl to make sure to verify the bntest results under its own conditions, by dividing the absolute values of the given numbers and fixup the result's negativity afterwards. Closes RT#4485 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- Mar 25, 2016
-
-
Jeffrey Walton authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
These logical names are used to make the C RTL change certain behaviors, sometimes to make it act more like Unix. While they can make life easier in some cases, they can be disruptive as well. When building and testing OpenSSL, the latter is the case, so we ask people to avoid using them. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Mar 24, 2016
-
-
Rich Salz authored
This allows developer to glue DLL built with VC into their application compiled with Borland C. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Rich Salz authored
And thanks to Miod Vallat for the nudge about ERR_PACK :) Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Mar 23, 2016
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-