- Sep 30, 2015
-
-
David Woodhouse authored
Much related/similar work also done by Ivan Nestlerode <ivan.nestlerode@sonos.com> +Replace FILE BIO's with dummy ops that fail. +Include <stdio.h> for sscanf() even with no-stdio (since the declaration is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment variable, since it can be larger than a 'long'. And we don't rely on the availability of strtoull(). +Remove OPENSSL_stderr(); not used. +Make OPENSSL_showfatal() do nothing (currently without stdio there's nothing we can do). +Remove file-based functionality from ssl/. The function prototypes were already gone, but not the functions themselves. +Remove unviable conf functionality via SYS_UEFI +Add fallback definition of BUFSIZ. +Remove functions taking FILE * from header files. +Add missing DECLARE_PEM_write_fp_const +Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out, so remove its prototype. +Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid(). +Eliminate SRP_VBASE_init() and supporting functions. Users will need to build the verifier manually instead. +Eliminate compiler warning for unused do_pk8pkey_fp(). +Disable TEST_ENG_OPENSSL_PKEY. +Disable GOST engine as is uses [f]printf all over the place. +Eliminate compiler warning for unused send_fp_chars(). Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Sep 29, 2015
-
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Problem was exposed in mingw64 build, or in other words on P64 platform. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
On Windows OPENSSL_EXPORT_VAR_AS_FUNCTION is defined and in a sense this modification simply harmonizes it with "VAR_AS_VAR". Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Nicholas Cooper authored
Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Sep 28, 2015
-
-
Alessandro Ghedini authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Michal Bozon authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Rich Salz authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
RFC 5077 section 3.3 says: If the server determines that it does not want to include a ticket after it has included the SessionTicket extension in the ServerHello, then it sends a zero-length ticket in the NewSessionTicket handshake message. Previously the client would fail upon attempting to allocate a zero-length buffer. Now, we have the client ignore the empty ticket and keep the existing session. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Jack Danger Canty authored
Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Sep 26, 2015
-
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Alessandro Ghedini authored
Some builds break, as documented in: https://github.com/openssl/openssl/pull/408#issuecomment-142971427 This fixes it. Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Sep 25, 2015
-
-
Rich Salz authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Rich Salz authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Rich Salz authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
The ossltest engine wraps the built-in implementation of aes128-cbc. Normally in an engine the cipher_data structure is automatically allocated by the EVP layer. However this relies on the engine specifying up front the size of that cipher_data structure. In the case of ossltest this value isn't available at compile time. This change makes the ossltest engine allocate its own cipher_data structure instead of leaving it to the EVP layer. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Alessandro Ghedini authored
Otherwise the ./config script fails with errors like: > Operating system: x86_64-whatever-linux2 > This system (linux-x86_64) is not supported. See file INSTALL for details. The failure was introduced by a93d3e06 . RT#4062 Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
The windows test uses the pseudo file "nul" to indicate no file for the -CApath option. This does not work on all versions of Windows. Instead use the new -no-CApath option. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
Add documentation to all the appropriate apps for the new -no-CApath and -no-CAfile options. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
For those command line options that take the verification options -CApath and -CAfile, if those options are absent then the default path or file is used instead. It is not currently possible to specify *no* path or file at all. This change adds the options -no-CApath and -no-CAfile to specify that the default locations should not be used to all relevant applications. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
Previously you could only set both the default path and file locations together. This adds the ability to set one without the other. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Andy Polyakov authored
As some of ARM processors, more specifically Cortex-Mx series, are Thumb2-only, we need to support Thumb2-only builds even in assembly. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Sep 24, 2015
-
-
Vladimir Kotal authored
Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Rich Salz authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Sep 23, 2015
-
-
Matt Caswell authored
Add a sanity check that the cookie_len returned by app_gen_cookie_cb is valid. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
Clarify that user code is required to allocate sufficient space for the addressing scheme in use in the call to DTLSv1_listen. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
Use sockaddr_storage not sockaddr for the client IP address to allow for IPv6. Also fixed a section of code which was conditional on OPENSSL_NO_DTLS1 which should not have been. Reviewed-by: Andy Polyakov <appro@openssl.org>
-