- 14 4月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Document removal of no-aes, no-hmac, no-rsa, no-sha and no-md5. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 13 4月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 10 4月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
In Travis, do --strict-warnings on BUILDONLY configurations. This ensures that the tests run even if --strict-warnings fail, and avoids hiding unrelated test failures. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 09 4月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 06 4月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 03 4月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 30 3月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 21 3月, 2016 3 次提交
-
-
由 Matt Caswell 提交于
Rijndael is an old name for AES. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Richard Levitte 提交于
This removes all scripts that deal with MINFO as well, since that's only used by mk1mf. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Rich Salz 提交于
Don't have #error statements in header files, but instead wrap the contents of that file in #ifndef OPENSSL_NO_xxx This means it is now always safe to include the header file. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 18 3月, 2016 3 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Borland C++ 4.5 is very old and our "support" for it is already non-existent, we might as well remove it. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 16 3月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
- Remove duplicate entry - Add author for SSL_CIPHER query functions - Note HKDF support in CHANGES and NEWS [ci skip] Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 11 3月, 2016 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 09 3月, 2016 2 次提交
-
-
由 Matt Caswell 提交于
Update the CHANGES and NEWS files with information about the recently added AFALG engine and pipelining. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 08 3月, 2016 3 次提交
-
-
由 Todd Short 提交于
* Perform ALPN after the SNI callback; the SSL_CTX may change due to that processing * Add flags to indicate that we actually sent ALPN, to properly error out if unexpectedly received. * clean up ssl3_free() no need to explicitly clear when doing memset * document ALPN functions Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Todd Short 提交于
Add functions to determine authentication, key-exchange, FIPS and AEAD. Reviewed-by: NEmilia Käsper <emilia@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Todd Short 提交于
* Perform ALPN after the SNI callback; the SSL_CTX may change due to that processing * Add flags to indicate that we actually sent ALPN, to properly error out if unexpectedly received. * clean up ssl3_free() no need to explicitly clear when doing memset * document ALPN functions Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 07 3月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
- Always prefer forward-secure handshakes. - Consistently order ECDSA above RSA. - Next, always prefer AEADs to non-AEADs, irrespective of strength. - Within AEADs, prefer GCM > CHACHA > CCM for a given strength. - Prefer TLS v1.2 ciphers to legacy ciphers. - Remove rarely used DSS, IDEA, SEED, CAMELLIA, CCM from the default list to reduce ClientHello bloat. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 04 3月, 2016 3 次提交
-
-
由 Rob Percival 提交于
Reviewed-by: NBen Laurie <ben@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Change the ECC default curve list to be this, in order: x25519, secp256r1, secp521r1, secp384r1, brainpoolP256r1, brainpoolP384r1, and brainpool512r1. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
RC4 based ciphersuites in libssl have been disabled by default. They can be added back by building OpenSSL with the "enable-weak-ssl-ciphers" Configure option at compile time. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 03 3月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
1) Simplify code with better PACKET methods. 2) Make broken SNI parsing explicit. SNI was intended to be extensible to new name types but RFC 4366 defined the syntax inextensibly, and OpenSSL has never parsed SNI in a way that would allow adding a new name type. RFC 6066 fixed the definition but due to broken implementations being widespread, it appears impossible to ever extend SNI. 3) Annotate resumption behaviour. OpenSSL doesn't currently handle all extensions correctly upon resumption. Annotate for further clean-up. 4) Send an alert on ALPN protocol mismatch. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 01 3月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 29 2月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 27 2月, 2016 2 次提交
-
-
由 FdaSilvaYY 提交于
Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Matt Caswell 提交于
The ubsec engine is now considered obsolete and therefore has been removed. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 25 2月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory management semantics; the returned pointer was sometimes newly allocated, and sometimes owned by the callee. The calling code has no way of distinguishing these two cases. Specifically, SRP servers that configure a secret seed to hide valid login information are vulnerable to a memory leak: an attacker connecting with an invalid username can cause a memory leak of around 300 bytes per connection. Servers that do not configure SRP, or configure SRP but do not configure a seed are not vulnerable. In Apache, the seed directive is known as SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note that OpenSSL makes no strong guarantees about the indistinguishability of valid and invalid logins. In particular, computations are currently not carried out in constant time. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 22 2月, 2016 3 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
We were kinda sorta using a mix of $disabled{"static-engine" and $disabled{"dynamic-engine"} in Configure. Let's avoid confusion, choose one of them and stick to it. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 21 2月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 17 2月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 13 2月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
INSTALL_PREFIX is a confusing name, as there's also --prefix. Instead, tag along with the rest of the open source world and adopt the Makefile variable DESTDIR to designate the desired staging directory. The Configure option --install_prefix is removed, the only way to designate a staging directory is with the Makefile variable (this is also implemented for VMS' descrip.mms et al). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 12 2月, 2016 2 次提交
-
-
由 Rich Salz 提交于
To enable heartbeats for DTLS, configure with enable-heartbeats. Heartbeats for TLS have been completely removed. This addresses RT 3647 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT This is also RT 4181 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 11 2月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 10 2月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-