summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2016-02-05GH601: Various spelling fixes.FdaSilvaYY
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-05RT4070: Improve struct/union regexpEllinger, Wesley M
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-05Make DTLSv1_listen a first class function and change its typeMatt Caswell
The DTLSv1_listen function exposed details of the underlying BIO abstraction and did not properly allow for IPv6. This commit changes the "peer" argument to be a BIO_ADDR and makes it a first class function (rather than a ctrl) to ensure proper type checking. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-05RT4292: Remove ===== lineRich Salz
Also remove two mistakenly checked-in files. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-02-05RT1596: Add clarifying doc.Rich Salz
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05GH628: Add -help to all apps docs.A J Mohan Rao
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-05GH628: Add -help to all apps docs.Rich Salz
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-05Ensure correct chain depth for policy checks with DANE bare key TAViktor Dukhovni
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-02-05Long overdue cleanup of X509 policy tree verificationViktor Dukhovni
Replace all magic numbers with #defined constants except in boolean functions that return 0 for failure and 1 for success. Avoid a couple memory leaks in error recovery code paths. Code style improvements. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-02-05Various RT doc fixesRich Salz
RT1556: doc/crypto/threads.pod RT2024: Missing pages mentioned in crypto.pod RT2890: Wrong size in ERR_string_error description. RT3461: Better description of PEM Encryption (Jeffrey Walton <noloader@gmail.com>) Also, fix up formatting and removed some code examples that encourage unsafe patterns, like unencrypted private keys (Rich Salz) RT4240: Document some speed flags (Tomas Mraz <tmraz@redhat.com>) RT4260: Fix return value doc for X509_REQ_sign and X509_sign (Laetitia Baudoin <lbaudoin@google.com>) Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-05enable leak checking for danetestDr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-05Fix return code in CRYPTO_mem_leaks_fp()Dr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-05If memory debugging enabled return error on leaks.Dr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-05Restore -no_comp switch for backwards compatible behaviourViktor Dukhovni
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-05VMS lacks socklen_t, give it oneRichard Levitte
Fortunately, we only use socklen_t internally Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-05Initialize variableRichard Levitte
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-05Don't export local symbols on SolarisMatt Caswell
Following on from earlier commits to prevent local symbols from being exported in the shared libraries on Linux, this makes the equivalent changes for Solaris. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-05make updateDr. Stephen Henson
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05Add EC_KEY_priv2buf()Dr. Stephen Henson
Add new function EC_KEY_priv2buf() to allocated and encode private key octet in one call. Update and simplify ASN.1 and print routines. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05Allocate ASN1_bn_print buffer internally.Dr. Stephen Henson
Don't require an application to work out the appropriate buffer size for ASN1_bn_print(), which is unsafe. Ignore the supplied buffer and allocate it internally instead. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05Use BN_bn2binpadDr. Stephen Henson
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05use enum type for do_EC_KEY_printDr. Stephen Henson
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05update EC ASN1 and print routinesDr. Stephen Henson
Update EC ASN.1 and print routines to use EC_KEY_oct2priv and EC_KEY_priv2oct. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05Add EC_KEY_oct2priv and EC_KEY_priv2octDr. Stephen Henson
New functions EC_KEY_oct2priv and EC_KEY_priv2oct. These are private key equivalents of EC_POINT_oct2point and EC_POINT_point2oct which convert between the private key octet format and EC_KEY. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05Add ASN1_buf_print to print a buffer in ASN1_bn_print format.Dr. Stephen Henson
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-04Don't use RDRAND if told not toMatt Caswell
Ensure we respect OPENSSL_NO_RDRAND Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-05Initialise with -1 rather than 1Richard Levitte
A small typo crept in. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-04Add new DTLS-SRTP protection profiles from RFC 7714Dmitry Sobinov
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-04Add checks for IPv4 and IPv6 in OpenSSL::Test::Utils and use themRichard Levitte
This uilds on the same way of checking for availability as we do in TLSProxy. We use all IP factories we know of, starting with those who know both IPv6 and IPv4 and ending with the one that only knows IPv4 and cache their possible success as foundation for checking the available of each IP domain. 80-test_ssl.t has bigger chances of working on platforms that do not run both IP domains. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-04Update crypto/bio/build.infoRichard Levitte
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-04Fix pkeyutl inability to directly access keys on hardware tokensMouse
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-04Change the transfer perl module so the real module gets properly registeredRichard Levitte
This is an important move if scripts want to refer to the loaded module without having perl think it needs to be loaded (again). Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-04Add option to disable asyncTodd Short
Add no-async option to Configure that forces ASYNC_NULL. Related to RT1979 An embedded system or replacement C library (e.g. musl or uClibc) may not support the *context APIs that are needed for async operation. Compiles with musl. Ran unit tests, async tests skipped as expected. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-04Make sure getaddrinfo and getnameinfo works as intended on WindowsRichard Levitte
Both getaddrinfo() and getnameinfo() have to be preceeded with a call to BIO_sock_init(). Also, make sure to give gai_strerror() the actual error code. Reviewed-by: Stephen Henson <steve@openssl.org>
2016-02-04If egd is disabled by default, it should be possible to enableRichard Levitte
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-04Add ec -check optionDr. Stephen Henson
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-04Fix potential buffer overrunDmitry-Me
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-04Use WSAGetLastError() on windowsKurt Roeckx
Windows doesn't have h_error or hstrerror() Reviewed-by: Richard Levitte <levitte@openssl.org> MR: #1848
2016-02-04Restore xmm7 from the correct address on win64Kurt Roeckx
Reviewed-by: Richard Levitte <levitte@openssl.org> RT: #4288, MR: #1831
2016-02-04update OID tablesDr. Stephen Henson
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-04Add Curve OIDs from draft-josefsson-pkix-newcurvesDr. Stephen Henson
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-04RT2887: Add more packet and handshake typesDaniel Black
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-04Fix BN_gcd errors for some curvesBilly Brumley
Those even order that do not play nicely with Montgomery arithmetic Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-04RT3095: allow NULL key for single-shot HMACEmilia Kasper
In HMAC_Init_ex, NULL key signals reuse, but in single-shot HMAC, we can allow it to signal an empty key for convenience. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-04bio_err.c: remove a reappeared filename commentViktor Szakats
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-04Make fallback addresses static so that we can initialize itKurt Roeckx
Reviewed-by: Richard Levitte <levitte@openssl.org> MR: #1841
2016-02-04Only use TLS1.2 when it's availableRichard Levitte
Reviewed-by: Ben Laurie <ben@openssl.org>
2016-02-04Have 70-test_clienthello.t be selective on when it can be runRichard Levitte
The test program clienthello checks TLS extensions, so there's no point running it when no TLS protocol is available. Reviewed-by: Ben Laurie <ben@openssl.org>
2016-02-04Have OpenSSL::Test::Utils::available_protocols load configdata as wellRichard Levitte
Otherwise, it could typically always return an empty list, since it's often called first if at all. Reviewed-by: Ben Laurie <ben@openssl.org>
2016-02-03RT2752: Add some EKU OID'sRich Salz
And some others found in the Internet. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-26 09:12:05 +0000