- 06 4月, 2016 3 次提交
-
-
由 Matt Caswell 提交于
Misc fixes for no-ocsp Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
When config'd with "no-async" the ASYNC_NULL implementation is used, so async symbols still exist. We should still init the NULL implementation so that when we get the async ctx it is NULL rather than undefined. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 05 4月, 2016 5 次提交
-
-
由 Rich Salz 提交于
This reverts commit 620d540b. It wasn't reviewed. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NStephen Henson <steve@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NStephen Henson <steve@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 FdaSilvaYY 提交于
Issue #182 Reviewed-by: NStephen Henson <steve@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 04 4月, 2016 3 次提交
-
-
由 Andy Polyakov 提交于
RT#4483 [poly1305-armv4.pl: remove redundant #ifdef __thumb2__] [poly1305-ppc*.pl: presumably more accurate benchmark results] Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Emilia Kasper 提交于
These leaks affect 1.1.0 dev branch only; introduced around commit f93ad22f Found with LibFuzzer Reviewed-by: NBen Laurie <ben@openssl.org>
-
由 Richard Levitte 提交于
It was harmless in this case, but best avoid the annoying warnings. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 03 4月, 2016 11 次提交
-
-
由 Viktor Dukhovni 提交于
A new X509_VERIFY_PARAM_set_auth_level() function sets the authentication security level. For verification of SSL peers, this is automatically set from the SSL security level. Otherwise, for now, the authentication security level remains at (effectively) 0 by default. The new "-auth_level" verify(1) option is available in all the command-line tools that support the standard verify(1) options. New verify(1) tests added to check enforcement of chain signature and public key security levels. Also added new tests of enforcement of the verify_depth limit. Updated documentation. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
Also fixed a style issue Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
Numerous fixups based on feedback of the DSA opacity changes. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
Move the dsa_method structure out of the public header file, and provide getter and setter functions for creating and modifying custom DSA_METHODs. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
Move the dsa_st structure out of the public header file. Add some accessor functions to enable access to the internal fields, and update all internal usage to use the new functions. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Kirill Marinushkin 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Kirill Marinushkin 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Kirill Marinushkin 提交于
Currently on every BIO mem read operation the remaining data is reallocated. This commit solves the issue. BIO mem structure includes additional pointer to the read position. On every read the pointer moves instead of reallocating the memory for the remaining data. Reallocation accures before write and some ioctl operations, if the read pointer doesn't point on the beginning of the buffer. Also the flag is added to rewind the read pointer without losing the data. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Mat 提交于
InitOnceExecuteOnce returns nonzero on success: MSDN: "If the function succeeds, the return value is nonzero." So return 1 if it is nonzero, 0 others. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Don't decode a public key in X509_PUBKEY_get0(): that is handled when the key is parsed using x509_pubkey_decode() instead. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 01 4月, 2016 1 次提交
-
-
由 Andy Polyakov 提交于
This minimizes inter-block overhead. Performance gain naturally varies from case to case, up to 10% was spotted so far. There is one thing to recognize, given same circumstances gain would be higher faster computational part is. Or in other words biggest improvement coefficient would have been observed with assembly. Reviewed-by: NEmilia Käsper <emilia@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 31 3月, 2016 5 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
CRYPTO_mem_leaks attempts to adjust the count of bytes leaks to not include the BIO that is being used to print the results out. However this does not work properly. In all internal cases we switch off recording the memory allocation during creation of the BIO so it makes no difference. In other cases if the BIO allocates any additional memory during construction then the adjustment will be wrong anyway. It also skips over the BIO memory during print_leak anyway, so the BIO memory is never added into the total. In other words this was broken in lots of ways and has been since it was first added. The simplest solution is just to make it the documented behaviour that you must turn off memory logging when creating the BIO, and remove all the adjustment stuff completely. The adjustment code was only ever in master and never made it to a release branch so there is no loss of functionality. This commit also fixes a compilation failure when using enable-crypto-mdebug. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Ben Laurie 提交于
Fix buffer overrun in asn1_get_length(). Reproducer: asn1parse-reproduce crash-6bfd417f47bc940f6984f5e639b637fd4e6074bc Fix length calculations. Reproducer: asn1parse-reproduce crash-1819d0e54cd2b0430626c59053e6077ef04c2ffb Reproducer: asn1parse-reproduce crash-9969db8603e644ddc0ba3459b51eac7a2c4b729b Make i long. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
On VMS, the C compiler can work with 32-bit and 64-bit pointers, and the command line determines what the initial pointer size shall be. However, there is some functionality that only works with 32-bit pointers. In this case, it's gethostbyname(), getservbyname() and accompanying structures, so we need to make sure that we define our own pointers as 32-bit ones. Furthermore, there seems to be a bug in VMS C netdb.h, where struct addrinfo is always defined with 32-bit pointers no matter what, but the functions handling it are adapted to the initial pointer size. This leads to pointer size warnings when compiling with /POINTER_SIZE=64. The workaround is to force struct addrinfo to be the 64-bit variant if the initial pointer size is 64. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Richard Levitte 提交于
'proto' wasn't properly used as a fallback in all appropriate cases. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 30 3月, 2016 9 次提交
-
-
由 Dr. Stephen Henson 提交于
Cache the decoded public key when an X509_PUBKEY structure is initially parsed so no locking is required. Ignore any decode errors. When an application calls X509_PUBKEY_get0() subsequently it will either get the cached key or the decode operation will be repeated which will return an appropriate error. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Richard Levitte 提交于
Also, have it always be built, even though it's only (currently) used on VMS. That will assure it will get the same changes as all others. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Viktor Dukhovni 提交于
Previously, it was sufficient to have certSign in keyUsage when the basicConstraints extension was missing. That is still accepted in a trust anchor, but is no longer accepted in an intermediate CA. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The zlib config option was broken by the BIO opacity changes. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 David Benjamin 提交于
The private key is a scalar and should be sized by the order, not the degree. See RFC 5915. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
Move the the BIO_METHOD and BIO structures into internal header files, provide appropriate accessor methods and update all internal code to use the new accessors where appropriate. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
BIO_METHODs are soon to be opaque so we need to have functions available to set them up. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 29 3月, 2016 2 次提交
-
-
由 Andy Polyakov 提交于
RT#4439 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Andy Polyakov 提交于
The space saving is >5x on x86_64 at ~40% performance penalty. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 24 3月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
In this OpenSSL version, we deliver engines with lower case symbol names. The DSO symbol finder must be updated to allow for mixed case symbols or it won't fine them. Reviewed-by: NRich Salz <rsalz@openssl.org>
-