- 15 8月, 2017 8 次提交
-
-
由 Rich Salz 提交于
This reverts commit c4d2e483. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4160)
-
由 Paul Yang 提交于
Although this piece of code will not be compiled at current stage, but there seems a plan to re-open the 'no-rsa' option in the future so this should be fixed. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4161)
-
由 Richard Levitte 提交于
Since OSSL_STORE_open() tries with the 'file' scheme loader first, and then on the loader implied by the URI if the former fails, the former leaves an error on the error stack. This is confusing, so let's clear the error stack on success. The implementation uses ERR_set_mark, ERR_pop_to_mark and ERR_clear_last_mark to make sure caller errors are preserved as much as possible. Fixes #4089 Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4094)
-
由 Richard Levitte 提交于
This allows callers to set a mark, and then clear it without removing the errors. Useful in case an error is encountered that should be returned up the call stack. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4094)
-
由 Richard Levitte 提交于
There already is a scrypt.c in crypto/kdf/, both becoming script.o or script.obj. With some linkers, the same object files name more than once means one of them is dropped, either when building shared libraries or when building executables from static libraries. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4164)
-
由 Richard Levitte 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4069)
-
由 Richard Levitte 提交于
Instead of having perl modules under test/testlib, util and util/perl, consolidate them all to be inside util/perl. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4069)
-
由 Rich Salz 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4160)
-
- 14 8月, 2017 2 次提交
-
-
由 Rich Salz 提交于
Write missing prime.pod and srp.pod Implement -c in find-doc-nits (for command options) Other fixes to some manpages Use B<-I<digest|cipher>> notation Split up multiple flags into a single entry in the synopsis. Add -1 and missing-help to list command. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4144)
-
由 Rich Salz 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4150)
-
- 13 8月, 2017 1 次提交
-
-
由 FdaSilvaYY 提交于
[skip ci] Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4149)
-
- 12 8月, 2017 4 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4137)
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4137)
-
由 Johannes Bauer 提交于
This fixes issue #3043, which ultimately was reported because documentation was not clear on the meaning of the "-ignore_err" option. Update both command line documentation and add this option to manpage. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4143)
-
- 11 8月, 2017 4 次提交
-
-
由 FdaSilvaYY 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4108)
-
由 Rich Salz 提交于
Use an inline rand.inc; this fixes Google's OSS-Fuzz builds. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4141)
-
由 Jon Spillett 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4139)
-
由 Jon Spillett 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4139)
-
- 10 8月, 2017 8 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix warning and don't use binary field certificate for ECDH CMS key only test. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4134)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4134)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4134)
-
由 David von Oheimb 提交于
Discussion is in https://github.com/openssl/openssl/issues/4127Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4131)
-
由 Benjamin Kaduk 提交于
If s->hit is set, s->session corresponds to a session created on a previous connection, and is a data structure that is potentially shared across other SSL objects. As such, there are thread-safety issues with modifying the structure without taking its lock (and of course all corresponding read accesses would also need to take the lock as well), which have been observed to cause double-frees. Regardless of thread-safety, the resumed session object is intended to reflect parameters of the connection that created the session, and modifying it to reflect the parameters from the current connection is confusing. So, modifications to the session object during ClientHello processing should only be performed on new connections, i.e., those where s->hit is not set. The code mostly got this right, providing such checks when processing SNI and EC point formats, but the supported groups (formerly supported curves) extension was missing it, which is fixed by this commit. However, TLS 1.3 makes the suppported_groups extension mandatory (when using (EC)DHE, which is the normal case), checking for the group list in the key_share extension processing. But, TLS 1.3 only [0] supports session tickets for session resumption, so the session object in question is the output of d2i_SSL_SESSION(), and will not be shared across SSL objects. Thus, it is safe to modify s->session for TLS 1.3 connections. [0] A psk_find_session callback can also be used, but the restriction that each callback execution must produce a distinct SSL_SESSION structure can be documented when the psk_find_session callback documentation is completed. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4123)
-
由 Tomas Mraz 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4122)
-
由 Benjamin Kaduk 提交于
When we are using the internal cache we have to make a copy of the session before removing it from the parent context's cache, since we want our copy to still be resumable. However, SSL_CTX_remove_session() just detaches the session from the SSL_CTX; it does not free the session. So, we must call SSL_SESSION_free() ourselves before overwriting the variable that we dup'd from. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4126)
-
由 Rich Salz 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4125)
-
- 09 8月, 2017 8 次提交
-
-
由 Xiaoyin Liu 提交于
In the generated HTML document, the `<pre>` tag is not closed. This patch also has a trivial code-style improvement, unrelated to the bug fix. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4088)
-
由 Paul Yang 提交于
Code Health (Tuesday?): Parameters' names are not correct. Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4117)
-
由 Paul Yang 提交于
This is a 'code health' commit to respond to this round of code health Tuesday... Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4099)
-
由 Matt Caswell 提交于
In particular this covers the scenario mentioned in #4014 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4072)
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4072)
-
由 Johannes Bauer 提交于
Building without the scrypt KDF is now possible, the OPENSSL_NO_SCRYPT define is honored in code. Previous this lead to undefined references. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4116)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4115)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4115)
-
- 08 8月, 2017 5 次提交
-
-
由 Johannes Bauer 提交于
Added manpage for the new scrypt EVP_PKEY_METHOD KDF interface. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NStephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4026)
-
由 Johannes Bauer 提交于
Added the pkey_meth_kdf_test tests which test the PKEY_METHOD macros (at the moment, of HKDF and scrypt). Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NStephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4026)
-
由 Johannes Bauer 提交于
Add an interface that allows accessing the scrypt KDF as a PKEY_METHOD. This fixes #4021 (at least for the scrypt portion of the issue). Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NStephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4026)
-
由 Rich Salz 提交于
Try to put DRBG and rand_bytes buffers in secure heap Read the TSC fewer times (but it's still not enabled). Short-circuit return in win RAND_poll_ex; other minor tweaks and format-fixes. Use the _bytes version of rdrand/rdseed Fix ia32cap checks. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4100)
-
由 Bernd Edlinger 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4111)
-