| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
| |
|
|
|
|
|
|
| |
It's not available on all OSs, e_os.h already does the right thing
Reviewed-by: Richard Levitte <levitte@openssl.org>
MR: #1870
|
| |
|
|
|
|
|
|
|
| |
Clang rightly does not like extern symbols that are not declared
in any header file, as typically these are not intended for global
visibility and are exposed in error. This was indeed the case with
various file-scope objects in dtlsv1listentest.c.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
| |
Make it clear that if we are unable to get hold of the peer address then
*peer is cleared and the family set to AF_UNSPEC.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| |
|
|
|
|
|
|
|
| |
Adds a set of tests for the newly rewritten DTLSv1_listen function.
The test pokes various packets at the function and then checks
the return value and the data written out to ensure it is what we
would have expected.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The recently rewriten DTLSv1_listen code does not support fragmented
ClientHello messages because fragment reassembly requires server state
which is against the whole point of DTLSv1_listen. This change adds some
partial support for fragmented ClientHellos. It requires that the cookie
must be within the initial fragment. That way any non-initial ClientHello
fragments can be dropped and fragment reassembly is not required.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| |
|
|
|
|
|
| |
Adds a new function BIO_ADDR_clear to reset a BIO_ADDR back to an
unitialised state, and to set the family to AF_UNSPEC.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| |
|
|
|
| |
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
| |
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
| |
|
|
|
|
|
|
|
| |
The DTLSv1_listen function exposed details of the underlying BIO
abstraction and did not properly allow for IPv6. This commit changes the
"peer" argument to be a BIO_ADDR and makes it a first class function
(rather than a ctrl) to ensure proper type checking.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
| |
Also remove two mistakenly checked-in files.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
| |
|
|
| |
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| |
|
|
|
| |
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
|
| |
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
| |
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
| |
|
|
|
|
|
|
|
| |
Replace all magic numbers with #defined constants except in boolean
functions that return 0 for failure and 1 for success. Avoid a
couple memory leaks in error recovery code paths. Code style
improvements.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RT1556: doc/crypto/threads.pod
RT2024: Missing pages mentioned in crypto.pod
RT2890: Wrong size in ERR_string_error description.
RT3461: Better description of PEM Encryption
(Jeffrey Walton <noloader@gmail.com>)
Also, fix up formatting and removed some code examples
that encourage unsafe patterns, like unencrypted private
keys (Rich Salz)
RT4240: Document some speed flags (Tomas Mraz <tmraz@redhat.com>)
RT4260: Fix return value doc for X509_REQ_sign and X509_sign
(Laetitia Baudoin <lbaudoin@google.com>)
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
| |
|
|
|
|
| |
Fortunately, we only use socklen_t internally
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
| |
|
|
|
|
|
|
| |
Following on from earlier commits to prevent local symbols from being
exported in the shared libraries on Linux, this makes the equivalent changes
for Solaris.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
| |
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| |
|
|
|
|
|
| |
Add new function EC_KEY_priv2buf() to allocated and encode private
key octet in one call. Update and simplify ASN.1 and print routines.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| |
|
|
|
|
|
|
| |
Don't require an application to work out the appropriate buffer size for
ASN1_bn_print(), which is unsafe. Ignore the supplied buffer and allocate
it internally instead.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| |
|
|
| |
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| |
|
|
| |
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| |
|
|
|
|
|
| |
Update EC ASN.1 and print routines to use EC_KEY_oct2priv and
EC_KEY_priv2oct.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| |
|
|
|
|
|
|
| |
New functions EC_KEY_oct2priv and EC_KEY_priv2oct. These are private key
equivalents of EC_POINT_oct2point and EC_POINT_point2oct which convert
between the private key octet format and EC_KEY.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| |
|
|
| |
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| |
|
|
|
|
| |
Ensure we respect OPENSSL_NO_RDRAND
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
| |
A small typo crept in.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
| |
|
|
|
| |
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This uilds on the same way of checking for availability as we do in
TLSProxy. We use all IP factories we know of, starting with those who
know both IPv6 and IPv4 and ending with the one that only knows IPv4
and cache their possible success as foundation for checking the
available of each IP domain.
80-test_ssl.t has bigger chances of working on platforms that do not
run both IP domains.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
| |
This is an important move if scripts want to refer to the loaded
module without having perl think it needs to be loaded (again).
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add no-async option to Configure that forces ASYNC_NULL.
Related to RT1979
An embedded system or replacement C library (e.g. musl or uClibc)
may not support the *context APIs that are needed for async operation.
Compiles with musl. Ran unit tests, async tests skipped as expected.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
|
|
|
|
|
| |
Both getaddrinfo() and getnameinfo() have to be preceeded with a call
to BIO_sock_init().
Also, make sure to give gai_strerror() the actual error code.
Reviewed-by: Stephen Henson <steve@openssl.org>
|
| |
|
|
| |
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
| |
|
|
| |
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
| |
|
|
|
| |
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
| |
|
|
|
|
|
|
| |
Windows doesn't have h_error or hstrerror()
Reviewed-by: Richard Levitte <levitte@openssl.org>
MR: #1848
|
| |
|
|
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
RT: #4288, MR: #1831
|
| |
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| |
|
|
|
|
|
| |
Those even order that do not play nicely with Montgomery arithmetic
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
