| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
| |
Use './configure --enable-libtls' to build the library and install the
associated manpages. Note that the API and ABI of this library may
change still, though feedback is welcome.
ok deraadt@ jsing@ tedu@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This provides sufficient functionality to run openssl(1) from a Windows
console. This is based on the original select-based version from from
songdongsheng@live.cn. Changes:
* use nfds_t directly for iterating the fds.
* add WSAGetLastError -> errno mappings
* handle POLLHUP and the OOB data cases for revents
* handle sparse arrays of fds correctly
* KNF style updates
* teach poll how to handle file handles as well as sockets
This handles the socket/non-socket issue by alternating a loop between
WaitForMultipleObjects for non-sockets and and select for sockets. One
would think this would be terrible for performance, but as of this
writing, poll consumes about 6% of the time doing a bulk transfer
between a Linux box and 'openssl.exe s_server'.
I tried to implement this all in terms of WaitForMultipleObjects with a
select 'poll' at the end to get extra specific socket status. However,
the cost of setting up an event handle for each socket, setting the
WSAEventSelect attributes, and cleaning them up reliably was pretty
high. Since the event handle associated with a socket is also global,
creating a new one cancels the previous one or can be disabled
externally.
In addition, the 'FD_WRITE' status of a socket event handle does not
behave in an expected fashion, being triggered by an edge on a write
event rather than being level triggered.
Another fun horror story is how stdin in windows might be a console, it
might be a pipe, it might be something else. If these all worked in the
same way, it would be great. But, since a console-stdin can also signal
on a mouse or window event, it means we can easily get stuck in a
blocking read (you can't make stdin non-blocking) if the non-character
events are not filtered out. So, poll does that too.
See here for various additional horror stories:
http://www.postgresql.org/message-id/4351.1336927207@sss.pgh.pa.us
|
| |
|
|
|
|
|
| |
Check if we are using clang, rather than simply if we are on OS X.
Note: recent LLVM releases do not seem to need this anyway.
|
|
|
|
| |
We need to include VERSION for it to run.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The FreeBSD-native arc4random_buf implementation falls back to weak
sources of entropy if the sysctl fails. Remove these dangerous fallbacks
by overriding locally.
Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10)
if a program does not link to -lthr. Callbacks registered with
pthread_atfork() simply fail silently. So, it is not always possible to
detect a PID wraparound. I wish we could do better.
This improves arc4random_buf's safety compared to the native FreeBSD
implementation. Tested on FreeBSD 9 and 10.
ok beck@ deraadt@
|
|
|
|
|
|
|
|
| |
While the native OS X implementation is fork-safe, it does not seed
safely, as of the latest released OS X libc sources, version 997.90.3.
It only uses weak sources of entropy if accessing /dev/urandom fails.
ok beck@ deraadt@
|
|
|
|
|
|
|
|
|
| |
Simplify autoconf checks by using AC_CHECK_FUNCS/HEADERS.
Clarify some ambiguous dependencies around strnlen/strndup.
Unconditionally enable pidwraptest for all arc4random implementations.
Remove HAVE_VASPRINTF conditional, since asprintf requires vasprintf.
ok @doug
|
|
|
|
| |
ok doug@
|
|
|
|
| |
for example, asprintf/vasprintf are unmasked with _GNU_SOURCE in mingw
|
|
|
|
| |
This allows the proper compatibility header definition to be exposed.
|
|
|
|
| |
remove bash comparison, thanks kinichiro
|
|
|
|
|
| |
Surprisingly (or not), a lot of OpenSSL's inline assembly actually makes
things slower with a relatively modern compiler (read, gcc >= 4.x).
|
|
|
|
| |
use default of -std=gnu99 for it to be recognized
|
|
|
|
| |
this is the replacement for _BSD_SOURCE on newer glibc's
|
|
|
|
| |
from wouter@
|
|
|
|
|
|
|
| |
grab library version from VERSION file
build manpages only on changes
ok beck@
|
|
|
|
|
|
| |
Allow warnings to be reported without failing the entire build.
ok beck@
|
|
|
|
| |
ok beck@
|
|
|
|
| |
ok beck@
|
| |
|
| |
|
|
|
|
|
| |
still need to get man links working and ssl and apps
man pages added.
|
| |
|
| |
|
| |
|
| |
|
|
|