- 08 12月, 2015 6 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
This change required some special treatment, as HMAC is intertwined with EVP_MD. For now, all local HMAC_CTX variables MUST be initialised with HMAC_CTX_EMPTY, or whatever happens to be on the stack will be mistaken for actual pointers to EVP_MD_CTX. This will change as soon as HMAC_CTX becomes opaque. Also, since HMAC_CTX_init() can fail now, its return type changes from void to int, and it will return 0 on failure, 1 on success. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 07 12月, 2015 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 06 12月, 2015 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> MR: #364
-
- 05 12月, 2015 5 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Kurt Roeckx 提交于
SSL_{CTX}_set_tmp_ecdh() allows to set 1 EC curve and then tries to use it. On the other hand SSL_{CTX_}set1_curves() allows you to set a list of curves, but only when SSL_{CTX_}set_ecdh_auto() was called to turn it on. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Kurt Roeckx 提交于
This only gets used to set a specific curve without actually checking that the peer supports it or not and can therefor result in handshake failures that can be avoided by selecting a different cipher. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
The new state machine code missed an allowed transition when resuming a session via EAP FAST. This commits adds the missing check for the transition. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 03 12月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Remove sign/verify and required_pkey_type fields of EVP_MD: these are a legacy from when digests were linked to public key types. All signing is now handled by the corresponding EVP_PKEY_METHOD. Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms already block unsupported types. Remove now obsolete EVP_dss1() and EVP_ecdsa(). Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 02 12月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Add CRYPTO_free_ex_index (for shared libraries) Unify and complete the documentation for all "ex_data" API's and objects. Replace xxx_get_ex_new_index functions with a macro. Added an exdata test. Renamed the ex_data internal datatypes. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 30 11月, 2015 4 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dr. Stephen Henson 提交于
Don't hard code EVP_sha* etc for signature algorithms: use table indices instead. Add SHA224 and SHA512 to tables. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 28 11月, 2015 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Change handshake hash array into a single digest context simplifying the handhake hash code. Use EVP_md5_sha1() if needed for handshake hashes in TLS 1.1 and earlier. Simplify PRF code to also use a single digest and treat EVP_md5_sha1() as a special case. Modify algorithm2 field of ciphers to use a single index value for handshake hash and PRF instead of a bitmap. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
Various updates following feedback from the recent commit of the new GOST2012 code. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 26 11月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 25 11月, 2015 6 次提交
-
-
由 Pascal Cuoq 提交于
If somewhere in SSL_new() there is a memory allocation failure, ssl3_free() can get called with s->s3 still being NULL. Patch also provided by Willy Tarreau <wtarreau@haproxy.com> Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NViktor Dukhovni <openssl-users@dukhovni.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 24 11月, 2015 2 次提交
-
-
由 Rich Salz 提交于
And a scalar !x --> x==0 test Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Dmitry Belyavsky 提交于
This patch contains the necessary changes to provide GOST 2012 ciphersuites in TLS. It requires the use of an external GOST 2012 engine. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 21 11月, 2015 9 次提交
-
-
由 Viktor Dukhovni 提交于
Though the callers check the function return value and ignore the size_t output argument on failure, it is still often not ideal to store (-1) in size_t on error. That might signal an unduly large buffer. Instead set the size_t to 0, to indicate no space. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Make it clear that this function is ssl specific. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Tidy up the libssl async calls and make sure all IO functions are covered. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
0 is a valid file descriptor so SSL_get_async_wait_fd should instead return -1 on error. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The ASYNC_in_job() function is redundant. The same effect can be achieved by using ASYNC_get_current_job(). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Initial API implemented for notifying applications that an ASYNC_JOB has completed. Currently only s_server is using this. The Dummy Async engine "cheats" in that it notifies that it has completed *before* it pauses the job. A normal async engine would not do that. Only the posix version of this has been implemented so far, so it will probably fail to compile on Windows at the moment. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Removed the function ASYNC_job_is_waiting() as it was redundant. The only time user code has a handle on a job is when one is waiting, so all they need to do is check whether the job is NULL. Also did some cleanups to make sure the job really is NULL after it has been freed! Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The following entry points have been made async aware: SSL_accept SSL_read SSL_write Also added is a new mode - SSL_MODE_ASYNC. Calling the above functions with the async mode enabled will initiate a new async job. If an async pause is encountered whilst executing the job (such as for example if using SHA1/RSA with the Dummy Async engine), then the above functions return with SSL_WANT_ASYNC. Calling the functions again (with exactly the same args as per non-blocking IO), will resume the job where it left off. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The al variable could be uninitialised in an error path. Reviewed-by: NRich Salz <rsalz@openssl.org>
-