- 23 5月, 2016 2 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 22 5月, 2016 4 次提交
-
-
由 Kurt Roeckx 提交于
Found by tis-interpreter Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1106
-
由 Kurt Roeckx 提交于
Found by tis-interpreter Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1106
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
RT#4471 Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 21 5月, 2016 4 次提交
-
-
由 FdaSilvaYY 提交于
tofree pointer is no more used... Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1103)
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Fix some code examples, trailing whitespace Fix TBA sections in verify, remove others. Remove empty sections Use Mixed Case not ALL CAPS in head2 Enhance doc-nits script. Remove extra =cut line Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The function InitOnceExceuteOnce is the best way to support the implementation of CRYPTO_THREAD_run_once() on Windows. Unfortunately WinXP doesn't have it. To get around that we had two different implementations: one for WinXP and one for later versions. Which one was used was based on the value of _WIN32_WINNT. This approach was starting to cause problems though because other parts of OpenSSL assume _WIN32_WINNT is going to be 0x0501 and crashes were occurring dependant on include file ordering. In addition a conditional based on _WIN32_WINNT had made its way into a public header file through commit 5c4328f0. This is problematic because the value of this macro can vary between OpenSSL build time and application build time. The simplest solution to this mess is just to always use the WinXP version of CRYPTO_THREAD_run_once(). Its perhaps slightly sub-optimal but probably not noticably. GitHub Issue #1086 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 20 5月, 2016 16 次提交
-
-
由 Rich Salz 提交于
Rename sk_xxx to OPENSSL_sk_xxx and _STACK to OPENSSL_STACK Rename lh_xxx API to OPENSSL_LH_xxx and LHASH_NODE to OPENSSL_LH_NODE Make lhash stuff opaque. Use typedefs for function pointers; makes the code simpler. Remove CHECKED_xxx macros. Add documentation; remove old X509-oriented doc. Add API-compat names for entire old API Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Richard Levitte 提交于
Giving setbuf() a 64-bit pointer isn't faulty, as the argument is passed by a 64-bit register anyway, so you only get a warning (MAYLOSEDATA2) pointing out that only the least significant 32 bits will be used. However, we know that a FILE* returned by fopen() and such really is a 32-bit pointer (a study of the system header files make that clear), so we temporarly turn off that warning when calling setbuf(). Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Matt Caswell 提交于
This adds an async IO test. There are two test runs. The first one does a normal handshake with lots of async IO events. The second one does the same but this time breaks up all the written records into multiple records of one byte in length. We do this all the way up until the CCS. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Matt Caswell 提交于
In the new state machine if using nbio and we get the header of a handshake message is one record with the body in the next, with an nbio event in the middle, then the connection was failing. This is because s->init_num was getting reset. We should only reset it after we have read the whole message. RT#4394 Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 David Benjamin 提交于
ChangeCipherSpec messages have a defined value. They also may not occur in the middle of a handshake message. The current logic will accept a ChangeCipherSpec with value 2. It also would accept up to three bytes of handshake data before the ChangeCipherSpec which it would discard (because s->init_num gets reset). Instead, require that s->init_num is 0 when a ChangeCipherSpec comes in. RT#4391 Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
The write BIO for handshake messages is bufferred so that we only write out to the network when we have a complete flight. There was some complexity in the buffering logic so that we switched buffering on and off at various points through out the handshake. The only real reason to do this was historically it complicated the state machine when you wanted to flush because you had to traverse through the "flush" state (in order to cope with NBIO). Where we knew up front that there was only going to be one message in the flight we switched off buffering to avoid that. In the new state machine there is no longer a need for a flush state so it is simpler just to have buffering on for the whole handshake. This also gives us the added benefit that we can simply call flush after every flight even if it only has one message in it. This means that BIO authors can implement their own buffering strategies and not have to be aware of the state of the SSL object (previously they would have to switch off their own buffering during the handshake because they could not rely on a flush being received when they really needed to write data out). This last point addresses GitHub Issue #322. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Richard Levitte 提交于
RT#4543 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Rich Salz 提交于
Add doc-nit-check to help find future issues. Make podchecker be almost clean. Remove trailing whitespace. Tab expansion Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
RT#1817 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
the fact that it's community-supported target. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
GH: #102 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Defintions of macros similar to _XOPEN_SOURCE belong in command line or in worst case prior first #include directive in source. As for macros is was allegedly controlling. One can argue that we are probably better off demanding S_IS* macros but there are systems that just don't comply, hence this compromise solution... Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
In the X509 app check that the obtained public key is valid before we attempt to use it. Issue reported by Yuan Jochen Kang. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 19 5月, 2016 14 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Ben Laurie 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Viktor Dukhovni 提交于
Since with SSL_VERIFY_NONE, the connection may continue and the session may even be cached, we should save some evidence that the chain was not sufficiently verified and would have been rejected with SSL_VERIFY_PEER. To that end when a CT callback returs failure we set the verify result to X509_V_ERR_NO_VALID_SCTS. Note: We only run the CT callback in the first place if the verify result is still X509_V_OK prior to start of the callback. RT #4502 Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Viktor Dukhovni 提交于
PEM_read(), PEM_read_bio(), PEM_get_EVP_CIPHER_INFO() and PEM_do_header(). Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Mat 提交于
adds missing check for defined(__GNUC__) Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1094)
-
由 Cynh 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org> GH: #1017
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
STORE doesn't exist for now HMAC doesn't have any error codes Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
- Adjust mkerr.pl to produce the line length we used for source reformating. - Have mkerr.pl keep track of preprocessor directive indentation Among others, do not spuriously throw away a #endif at the end of header files. - Make sure mkerr.pl specifies any header inclusion correctly Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Viktor Dukhovni 提交于
Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot continue due to malloc failure. Also, when X509_verify_cert() returns <= 0 make sure that the verification status does not remain X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns an error without setting an appropriate value of ctx->error. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-