- 08 11月, 2016 3 次提交
-
-
由 Andrea Grandi 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1834
-
由 David Benjamin 提交于
PKCS #1 v2.0 is the name of a document which specifies an algorithm RSASSA-PKCS1-v1_5, often referred to as "PKCS #1 v1.5" after an earlier document which specified it. This gets further confusing because the document PKCS #1 v2.1 specifies two signature algorithms, RSASSA-PKCS1-v1_5 and RSASSA-PSS. RSA_sign implements RSASSA-PKCS1-v1_5. Refer to the document using the RFC number which is easier to find anyway, and refer to the algorithm by its name. Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1474
-
由 Matt Caswell 提交于
This partially reverts commit c636c1c4. It also tweaks the documentation and comments in this area. On the client side the documented interface for SSL_CTX_set_verify()/SSL_set_verify() is that setting the flag SSL_VERIFY_PEER causes verfication of the server certificate to take place. Previously what was implemented was that if *any* flag was set then verification would take place. The above commit improved the semantics to be as per the documented interface. However, we have had a report of at least one application where an application was incorrectly using the interface and used *only* SSL_VERIFY_FAIL_IF_NO_PEER_CERT on the client side. In OpenSSL prior to the above commit this still caused verification of the server certificate to take place. After this commit the application silently failed to verify the server certificate. Ideally SSL_CTX_set_verify()/SSL_set_verify() could be modified to indicate if invalid flags were being used. However these are void functions! The simplest short term solution is to revert to the previous behaviour which at least means we "fail closed" rather than "fail open". Thanks to Cory Benfield for reporting this issue. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 04 11月, 2016 7 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Give more detail on what constitutes success/failure. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Improvements to style, grammar etc. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Also document SSL_peek() which was missing from the docs. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1842)
-
- 02 11月, 2016 3 次提交
-
-
由 David Woodhouse 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
Includes addition of the various options to s_server/s_client. Also adds one of the new TLS1.3 ciphersuites. This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not a "real" TLS1.3 ciphersuite). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Todd Short 提交于
For convenience, combine getting a new ref for the new SSL_CTX with assigning the store and freeing the old one. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1755)
-
- 29 10月, 2016 1 次提交
-
-
由 Benjamin Kaduk 提交于
After the recent reworking, not everything matched up, and some comments didn't catch up to the outl-->dlen and inl-->dlen renames that happened during the development of the recent patches. Try to make parameter names consistent across header, implementation, and manual pages. Also remove some trailing whitespace that was inadvertently introduced. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1798)
-
- 28 10月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 27 10月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Move manpages to manX directories Add Windows/VMS install fix from Richard Levitte Update README Fix typo's Remove some duplicates Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 21 10月, 2016 1 次提交
-
-
由 Claus Assmann 提交于
CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1762)
-
- 19 10月, 2016 2 次提交
-
-
由 Andrea Grandi 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1745)
-
由 Andrea Grandi 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 18 10月, 2016 2 次提交
-
-
由 David Woodhouse 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Valentin Vidic 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 17 10月, 2016 1 次提交
-
-
由 choury 提交于
CLA: trivial Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 16 10月, 2016 1 次提交
-
-
由 Steven Fackler 提交于
These are implemented as macros delegating to `EVP_DigestUpdate`, which takes a `size_t` as its third argument, not an `unsigned int`. CLA: trivial Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 11 10月, 2016 1 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 29 9月, 2016 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 22 9月, 2016 2 次提交
-
-
由 Matt Caswell 提交于
Add a function for testing whether a given OCSP_RESPID matches with a certificate. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
OCSP_RESPID was made opaque in 1.1.0, but no accessors were provided for setting the name/key value for the OCSP_RESPID. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 21 9月, 2016 3 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
This reverts commit 81f9ce1e. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 18 9月, 2016 1 次提交
-
-
由 FdaSilvaYY 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1594)
-
- 15 9月, 2016 2 次提交
-
-
由 Rich Salz 提交于
Where -curves, etc., are defined: SSL_CONF_cmd Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 14 9月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Resolves GH1515 and GH1509. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 06 9月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Never output -0; make "negative zero" an impossibility. Do better checking on BN_rand top/bottom requirements and #bits. Update doc. Ignoring trailing garbage in BN_asc2bn. Port this commit from boringSSL: https://boringssl.googlesource.com/boringssl/+/899b9b19a4cd3fe526aaf5047ab9234cdca19f7d%5E!/ Ensure |BN_div| never gives negative zero in the no_branch code. Have |bn_correct_top| fix |bn->neg| if the input is zero so that we don't have negative zeros lying around. Thanks to Brian Smith for noticing. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 25 8月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
It should not have been removed. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 24 8月, 2016 3 次提交
-
-
由 Rob Percival 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rob Percival 提交于
Ownership semantics and function names have changed. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rob Percival 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-