- 03 2月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Also fix option processing in pkeyutl to allow use of (formerly) "out-of-order" switches that were needless implementation limitations. Handle documented "ENGINE" form with -keyform and -peerform. Better handling of OPENSSL_NO_ENGINE and OPENSSL_NO_RSA. RT2018 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 01 2月, 2016 5 次提交
-
-
由 Emilia Kasper 提交于
PACKET contents should be read-only. To achieve this, also - constify two user callbacks - constify BUF_reverse. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Now that we have the foundation for the "unified" build scheme in place, we add build.info files. They have been generated from the Makefiles in the same directories. Things that are platform specific will appear in later commits. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Viktor Dukhovni 提交于
This includes basic constraints, key usages, issuer EKUs and auxiliary trust OIDs (given a trust suitably related to the intended purpose). Added tests and updated documentation. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 31 1月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 30 1月, 2016 5 次提交
-
-
由 Richard Levitte 提交于
Not all architectures have a time_t defined the same way. To make sure we get the same result, we need to cast &checkoffset to (intmax_t *) and make sure that intmax_t is defined somehow. To make really sure we don't pass a variable with the wrong size down to opt_imax(), we use a temporary intmax_t. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
This is a time_t and can be zero or negative. So use 'M' (maximal signed int) not 'p' (positive int). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
The lflags configuration had a weird syntax with a % as separator. If it was present, whatever came before ended up as PEX_LIBS in Makefile (usually, this is LDFLAGS), while whatever came after ended up as EX_LIBS. This change splits that item into lflags and ex_libs, making their use more explicit. Also, PEX_LIBS in all the Makefiles are renamed to LDFLAGS. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 29 1月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
This extends the existing async functionality to SSL_shutdown(), i.e. SSL_shutdown() can now casuse an SSL_ERROR_WANT_ASYNC error to be returned from SSL_get_error() if async mode has been enabled. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 28 1月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Many options for supporting optimizations for legacy crypto on legacy platforms have been removed. This simplifies the source code and does not really penalize anyone. DES_PTR (always on) DES_RISC1, DES_RISC2 (always off) DES_INT (always 'unsigned int') DES_UNROLL (always on) BF_PTR (always on) BF_PTR2 (removed) MD2_CHAR, MD2_LONG (always 'unsigned char') IDEA_SHORT, IDEA_LONG (always 'unsigned int') RC2_SHORT, RC2_LONG (always 'unsigned int') RC4_LONG (only int and char (for assembler) are supported) RC4_CHUNK (always long), RC_CHUNK_LL (removed) RC4_INDEX (always on) And also make D_ENCRYPT macro more clear (@appro) This is done in consultation with Andy. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 27 1月, 2016 1 次提交
-
-
由 Rich Salz 提交于
This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 26 1月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
Now that we're using templates, we should warn people not to edit the resulting file. We do it through util/dofile.pl, which is enhanced with an option to tell what file it was called from. We also change the calls so the template files are on the command line instead of being redirected through standard input. That way, we can display something like this (example taken from include/openssl/opensslconf.h): /* WARNING: do not edit! */ /* Generated by Configure from include/openssl/opensslconf.h.in */ Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 25 1月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 23 1月, 2016 2 次提交
-
-
由 Richard Levitte 提交于
apps/CA.pl and tools/c_rehash are built from template files. So far, this was done by Configure, which created its own problems as it forced everyone to reconfigure just because one of the template files had changed. Instead, have those files created as part of the normal build in apps/ and in tools/. Furthermore, this prepares for a future where Configure may produce entirely other build files than Makefile, and the latter can't be guaranteed to be the holder of all information for other scripts. Instead, configdata.pm (described below) becomes the center of configuration information. This introduces a few new things: %config a hash table to hold all kinds of configuration data that can be used by any other script. configdata.pm a perl module that Configure writes. It currently holds the hash tables %config and %target. util/dofile.pl a script that takes a template on STDIN and outputs the result after applying configuration data on it. It's supposed to be called like this: perl -I$(TOP) -Mconfigdata < template > result or perl -I$(TOP) -Mconfigdata templ1 templ2 ... > result Note: util/dofile.pl requires Text::Template. As part of this changed, remove a number of variables that are really just copies of entries in %target, and use %target directly. The exceptions are $target{cflags} and $target{lflags}, they do get copied to $cflags and $lflags. The reason for this is that those variable potentially go through a lot of changes and would rather deserve a place in %config. That, however, is for another commit. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Isaacson 提交于
The code is trying to interpolate the value of the BASE_SECTION macro, but due to excess escaping, it instead prints the string "BASE_SECTION". Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 21 1月, 2016 2 次提交
-
-
由 Viktor Dukhovni 提交于
It is sometimes useful (especially in automated tests) to supply multiple trusted or untrusted certificates via separate files rather than have to prepare a single file containing them all. To that end, change verify(1) to accept these options zero or more times. Also automatically set -no-CAfile and -no-CApath when -trusted is specified. Improve verify(1) documentation, which could still use some work. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 20 1月, 2016 3 次提交
-
-
由 Rich Salz 提交于
Also remove depend/local_depend. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Rename 'update' to 'generate'. Rather than recurse, just explicitly call the three generate targets directly. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 19 1月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Some users want to disable SSL 3.0/TLS 1.0/TLS 1.1, and enable just TLS 1.2. In the future they might want to disable TLS 1.2 and enable just TLS 1.3, ... This commit makes it possible to disable any or all of the TLS or DTLS protocols. It also considerably simplifies the SSL/TLS tests, by auto-generating the min/max version tests based on the set of supported protocols (425 explicitly written out tests got replaced by two loops that generate all 425 tests if all protocols are enabled, fewer otherwise). Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 18 1月, 2016 2 次提交
-
-
由 Corinna Vinschen 提交于
Signed-off-by: NCorinna Vinschen <vinschen@redhat.com> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Remove lint, tags, dclean, tests. This is prep for a new makedepend scheme. This is temporary pending unified makefile, and might help it. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 15 1月, 2016 2 次提交
-
-
由 Benjamin Kaduk 提交于
The entropy-gathering daemon is used only on a small number of machines. Provide a configure knob so that EGD support can be disabled by default but re-enabled on those systems that do need it. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Rich Salz 提交于
It turns out that -pause calls the undocumented function SSL_set_debug. That just sets flag inside the SSL structure. That flag, despite the command is never used. So remove the flag, the field, and the function. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 14 1月, 2016 7 次提交
-
-
由 Richard Levitte 提交于
Tell open() O_BINARY on VMS doesn't make sense, as it's possible to use more precise file attributes. However, if we're still going to fdopen() it in binary mode, we must set the fd in binary context. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Viktor Dukhovni 提交于
Regenerated expired test certificates, good for the next 100 years. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 13 1月, 2016 3 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Viktor Dukhovni 提交于
Well, I'm not actually changing time_t, just changing how time_t valued opt values are converted from string to time_t. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Create Makefile's from Makefile.in Rename Makefile.org to Makefile.in Rename Makefiles to Makefile.in Address review feedback from Viktor and Richard Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 12 1月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-