- Jan 31, 2016
-
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Daniel Kahn Gillmor authored
Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
When the target is {something}-icc, we're doing some extra checks of the icc compiler. However, all such targets were cleaned away in March 2015, so this Configure section is dead code. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
- Jan 30, 2016
-
-
Rich Salz authored
Remove OPENSSL_IMPORT as its only purpose is to define OPENSSL_EXTERN. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
There was an unused macro in ssl_locl.h that used an internal type, so I removed it. Move bio_st from bio.h to ossl_type.h Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Rich Salz authored
Can't hurt and seems to prevent problems from some over-aggressive (LTO?) compilers. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
top_dir() are used to create directory names, top_file() should be used for files. In a Unixly environment, that doesn't matter, but... Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
PR#4280 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
Not all architectures have a time_t defined the same way. To make sure we get the same result, we need to cast &checkoffset to (intmax_t *) and make sure that intmax_t is defined somehow. To make really sure we don't pass a variable with the wrong size down to opt_imax(), we use a temporary intmax_t. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- Jan 29, 2016
-
-
Viktor Dukhovni authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Also remove $Makefile variable :) Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Viktor Dukhovni authored
As a side-effect of opaque x509, ex_flags were looked up too early, before additional policy cache updates. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Viktor Dukhovni authored
This is a time_t and can be zero or negative. So use 'M' (maximal signed int) not 'p' (positive int). Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Some last lflags to convert to ex_libs or a combo of lflags and ex_libs Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
The lflags configuration had a weird syntax with a % as separator. If it was present, whatever came before ended up as PEX_LIBS in Makefile (usually, this is LDFLAGS), while whatever came after ended up as EX_LIBS. This change splits that item into lflags and ex_libs, making their use more explicit. Also, PEX_LIBS in all the Makefiles are renamed to LDFLAGS. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
A few more sub-joins could be replaced with calls to add() and add_before() Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
This reverts commit a450326e . Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Remove depend hacks from demos/engines. Remove clean-depend; just call makedepend (or $CC -M) and use that. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Viktor Dukhovni authored
By default X509_check_trust() trusts self-signed certificates from the trust store that have no explicit local trust/reject oids encapsulated as a "TRUSTED CERTIFICATE" object. (See the -addtrust and -trustout options of x509(1)). This commit adds a flag that makes it possible to distinguish between that implicit trust, and explicit auxiliary settings. With flags |= X509_TRUST_NO_SS_COMPAT, a certificate is only trusted via explicit trust settings. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Emilia Kasper authored
The use of the uninitialized buffer in the RNG has no real security benefits and is only a nuisance when using memory sanitizers. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Rich Salz authored
This is a followin from !1738, we no longer need those variables. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Add tests for have_precompute_mult for the optimised curves (nistp224, nistp256 and nistp521) if present Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
During precomputation if the group given is well known then we memcpy a well known precomputation. However we go the wrong label in the code and don't store the data properly. Consequently if we call have_precompute_mult the data isn't there and we return 0. RT#3600 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
The function DH_check_pub_key() was missing some return value checks in some calls to BN functions. RT#4278 Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
A new return value for DH_check_pub_key was recently added: DH_CHECK_PUBKEY_INVALID. As this is a flag which can be ORed with other return values it should have been set to the value 4 not 3. RT#4278 Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
This extends the existing async functionality to SSL_shutdown(), i.e. SSL_shutdown() can now casuse an SSL_ERROR_WANT_ASYNC error to be returned from SSL_get_error() if async mode has been enabled. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-