| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
BIO_set_retry_special(3), BIO_clear_retry_flags(3), BIO_get_retry_flags(3),
and the BIO_FLAGS_* constants
|
| | |
|
| | |
|
| |
|
|
|
| |
from Richard Levitte via OpenSSL commit 0e474b8b in the 1.1.1 branch,
which is still under a freee license
|
| | |
|
| |
|
|
|
|
|
| |
In udp mode, nc would always print that the connected succeeded
independently of whether that was actually the case. Don't do that.
idea/ok mpf
|
| |
|
|
|
|
|
|
| |
The connection test writes four X to the socket, which corrupts data
that we may want to pipe into nc. So don't do that if stdin is not a
tty but still do it in scan mode, this is needed according to chris.
based on a diff by and ok mpf
|
| |
|
|
| |
ok mpf as part of a larger diff
|
| |
|
|
| |
Avoids repeated use of ternary operator on globals.
|
| |
|
|
|
|
|
| |
This simply moves a chunk of code in this spaghetti mess into its own
function with minimal changes.
idea from a diff by mpf
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
jsing doesn't like it, but it's better than nothing.
ok jsing
|
| |
|
|
| |
and BIO_get_flags(3).
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
xmlsec needs this, nothing else. Our linkers link libxmlsec1-openssl,
only warns and since nothing uses this library in ports, this wasn't
noticed for a long time.
Reported by Thomas Mitterfellner
ok jsing
|
| |
|
|
|
|
| |
Provide regress coverage for BN_lshift1(), BN_rshift1(), BN_lshift() and
BN_rshift(), along with basic benchmarking functionality (run via
'make benchmark').
|
| |
|
|
|
|
|
| |
A SSL_set_security_level() call was added to the cipher list regress, which
expects a failure - however, it should succeed and fails for a completely
unrelated reason. Rework this regress so that it actually passes and tests
for the expected behaviour.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
BN_zero() is currently implemented using BN_set_word(), which means it can
fail, however almost nothing ever checks the return value. A long time
ago OpenSSL changed BN_zero() to always succeed and return void, however
kept BN_zero as a macro that calls a new BN_zero_ex() function, so that
it can be switched back to the "can fail" version.
Take a simpler approach - change BN_zero()/BN_one() to functions and make
BN_zero() always succeed. This will be exposed in the next bump, at which
point we can hopefully also remove the BN_zero_ex() function.
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
BIO_set_callback_ex(3), BIO_get_callback_ex(3), and BIO_callback_fn(3).
Document them, in part by merging from the OpenSSL 1.1.1 branch,
which is still under a free license,
but heavily tweaked by me, in particular:
* mention that BIO_set_callback_arg(3) is misnamed;
* keep our more detailed explanation of the "ret" argument;
* make the list of callback invocations more readable;
* and update the HISTORY section.
|
| |
|
|
|
|
|
|
|
|
| |
The overwhelming majority of callers of X509_check_purpose() in our tree
pass a purpose of -1. In this case X509_check_purpose() acts as a wrapper
of x509v3_cache_extensions() which makes sanity checks like non-negativity
of ASN.1 integers or canonicity of RFC 3779 extensions as well as checking
uniqueness of extensions.
from schwarze who beat an initial diff of mine into shape
|
| |
|
|
| |
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
jsing@ worries that cycle prevention might increase risk because
software that is not checking return values (and indeed, not checking
is likely common in practice) might silently behave incorrectly
with cycle prevention whereas without, it will likely either crash
right away through infinite recursion or at least hang in an infinite
loop when trying to use the cyclic chain, in both cases making it
likely that the bug will be found and fixed.
Besides, tb@ points out that BIO_set_next(3) ought to behave as
similarly as possible to BIO_push(3), but adding cycle prevention
to BIO_set_next(3) would be even less convincing because that
function does not provide a return value, encouraging users to
expect that it will always succeed. While a safe idiom for checking
the success of BIO_set_next(3) could easily be designed, let's be
realistic: application software would be highly unlikely to pick up
such an idiom.
|
| |
|
|
|
| |
ED25519_keypair(3), ED25519_sign(3), and ED25519_verify(3).
Document them.
|
| |
|
|
|
|
|
|
|
|
| |
unsigned char.
Casting to int is particularly useless because that's what the
compiler already does. We need to prevent sign extension, not write
down that we want sign extension.
OK deraadt, kn, miod, op
|
| |
|
|
|
|
|
|
|
| |
EVP_PKEY_new_raw_private_key(3), EVP_PKEY_new_raw_public_key(3),
EVP_PKEY_get_raw_private_key(3), and EVP_PKEY_get_raw_public_key(3).
Merge the documentation from the OpenSSL 1.1.1 branch, which is
still under a free license. I tweaked the text somewhat for
conciseness, and argument names for uniformity.
|
| |
|
|
| |
Document it.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Rework the loops walking the chains to be correct for empty chains as well.
This simplifies the checking at the cost of slightly more initialization
and will allow further refactoring in a subsequent check.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Align initialization in walk_backward() with walk_forward(), fix grammar
in a comment and move initialization of oldhead_len in a place consistent
with the other length initializations in that function
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Add helpers to create and destroy a linear chain of BIOs. Provide two
defines for the two lengths of the test chains and make them distinct
to rule out coincidences. As a bonus, the code becomes simpler.
|
| |
|
|
|
| |
Add helper that validate the chains. This deduplicates a lot of code and
makes the heart of the test much easier to read.
|
| | |
|
| |
|
|
|
|
| |
Some parts of this test rely on unportable behavior, so cannot run in
portable. This way we can run more tests for portable which is helpful
for analysis tools, better coverage, etc.
|
| | |
|
| | |
|
