- 08 3月, 2016 7 次提交
-
-
由 David Woodhouse 提交于
Strictly speaking, it isn't stdio and file access which offend me here; it's the fact that UEFI doesn't provide a strdup() function. But the fact that it's pointless without file access is a good enough excuse for compiling it out. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 David Woodhouse 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 David Woodhouse 提交于
This isn't a file access function; it's still present. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 David Woodhouse 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Matt Caswell 提交于
Add the ASYNC_is_capable() function and use it in speed. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Swap the use of CRYPTO_LOCK_INIT in the init code to use the new threading API mechanism for locking. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Make PKCS8_PRIV_KEY_INFO opaque. Several accessor functions already exist for this structure. Two new ones were added to handle attributes. The old handling of broken formats has been removed and the corresponding structures simplified. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 07 3月, 2016 2 次提交
-
-
由 Matt Caswell 提交于
The 0x00010000L OPENSSL_INIT flag appeared twice. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 clucey 提交于
1. Cleaned up eventfd handling 2. Reworked socket setup code to allow other algorithms to be added in future 3. Fixed compile errors for static build 4. Added error to error stack in all cases of ALG_PERR/ALG_ERR 5. Called afalg_aes_128_cbc() from bind() to avoid race conditions 6. Used MAX_INFLIGHT define in io_getevents system call 7. Coding style fixes Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 05 3月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add support for application supplied any defined by callback. An application can change the selector value if it wishes. This is mainly intended for values which are only known at runtime, for example dynamically created OIDs. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 04 3月, 2016 3 次提交
-
-
由 Rob Percival 提交于
Previously, the remaining CT log entries would not be loaded. Also, CTLOG_STORE_load_file would return 1 even if a log entry was invalid, resulting in no errors being shown. Reviewed-by: NBen Laurie <ben@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rob Percival 提交于
Disabled by default, but can be enabled by setting the ct_validation_callback on a SSL or SSL_CTX. Reviewed-by: NBen Laurie <ben@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Alessandro Ghedini 提交于
This patch implements the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in RFC 5869. It is required to implement the QUIC and TLS 1.3 protocols (among others). Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 03 3月, 2016 6 次提交
-
-
由 Emilia Kasper 提交于
1) Simplify code with better PACKET methods. 2) Make broken SNI parsing explicit. SNI was intended to be extensible to new name types but RFC 4366 defined the syntax inextensibly, and OpenSSL has never parsed SNI in a way that would allow adding a new name type. RFC 6066 fixed the definition but due to broken implementations being widespread, it appears impossible to ever extend SNI. 3) Annotate resumption behaviour. OpenSSL doesn't currently handle all extensions correctly upon resumption. Annotate for further clean-up. 4) Send an alert on ALPN protocol mismatch. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Utility functions to pass a string or hex string to EVP_PKEY_CTX_ctrl(). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Handle KDF in ECDH_compute_key instead of requiring each implementation support it. This modifies the compute_key method: now it allocates and populates a buffer containing the shared secret. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Christian Heimes 提交于
This patch provides getters for default_passwd_cb and userdata for SSL and SSL_CTX. The getter functions are required to port Python's ssl module to OpenSSL 1.1.0. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 02 3月, 2016 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rob Percival 提交于
Specifies a callback that will, in the future, be used by the SSL code to decide whether to abort a connection on Certificate Transparency grounds. Reviewed-by: NBen Laurie <ben@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rob Percival 提交于
Tests included in future commit, which adds CT policy validation. Reviewed-by: NBen Laurie <ben@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 29 2月, 2016 5 次提交
-
-
由 Matt Caswell 提交于
Implementation experience has shown that the original plan for async wait fds was too simplistic. Originally the async logic created a pipe internally and user/engine code could then get access to it via API calls. It is more flexible if the engine is able to create its own fd and provide it to the async code. Another issue is that there can be a lot of churn in the fd value within the context of (say) a single SSL connection leading to continually adding and removing fds from (say) epoll. It is better if we can provide some stability of the fd value across a whole SSL connection. This is problematic because an engine has no concept of an SSL connection. This commit refactors things to introduce an ASYNC_WAIT_CTX which acts as a proxy for an SSL connection down at the engine layer. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
VisualStudio 2015 has a bug where an internal compiler error was occurring. By reordering the DEFINE_STACK_OF declarations for SSL_CIPHER and SSL_COMP until after the ssl3.h include everything seems ok again. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dr. Stephen Henson 提交于
Add X25519 to TLS supported curve list. Reject attempts to configure keys which cannot be used for signing. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Dr. Stephen Henson 提交于
Add a flag to EC_METHOD for curves which do not support signing. New function EC_KEY_can_sign() returns 1 is key can be used for signing. Return an explicit error is an attempt is made to sign with no signing curves. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Dr. Stephen Henson 提交于
Use standard X25519 and X448 names for OIDs. Delete EdDSA OIDs: for now they wont be used and EdDSA may use a different format. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 27 2月, 2016 3 次提交
-
-
由 FdaSilvaYY 提交于
Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Rob Percival 提交于
Reviewed-by: NBen Laurie <ben@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rob Percival 提交于
Reviewed-by: NBen Laurie <ben@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 26 2月, 2016 2 次提交
-
-
由 Alessandro Ghedini 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 25 2月, 2016 2 次提交
-
-
由 Emilia Kasper 提交于
The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory management semantics; the returned pointer was sometimes newly allocated, and sometimes owned by the callee. The calling code has no way of distinguishing these two cases. Specifically, SRP servers that configure a secret seed to hide valid login information are vulnerable to a memory leak: an attacker connecting with an invalid username can cause a memory leak of around 300 bytes per connection. Servers that do not configure SRP, or configure SRP but do not configure a seed are not vulnerable. In Apache, the seed directive is known as SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note that OpenSSL makes no strong guarantees about the indistinguishability of valid and invalid logins. In particular, computations are currently not carried out in constant time. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 23 2月, 2016 5 次提交
-
-
由 Rich Salz 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 David Woodhouse 提交于
Adding -nostdinc to the EDK2 showed that we were including <inttypes.h> for some UEFI builds, because the check for __STDC_VERSION__ happens before the check for OPENSSL_SYS_UEFI. Fix that. Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
The commit 1288f26f says that it fixes no-async, but instead seems to break it. Therefore revert that change and fix no-async. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 David Woodhouse 提交于
Provide an appropriate definition of PRIu64 for the EDK2 build, since we don't have <inttypes.h> there. Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 22 2月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-