- 29 5月, 2015 3 次提交
-
-
由 Richard Levitte 提交于
The module loading feature got broken a while ago, so restore it, but have it a bit more explicit this time around. Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Rich Salz 提交于
Create app_load_config(), a routine to load config file. Remove the "always load config" from the main app. Change the places that used to load config to call the new common routine. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 26 5月, 2015 5 次提交
-
-
由 Dr. Stephen Henson 提交于
Add support for PKCS#8 private key encryption using the scrypt algorithm in the pkcs8 utility. Update documentation. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
This adds a new function which will encrypt a private key using PKCS#8 based on an X509_ALGOR structure and reimplements PKCS8_encrypt to use it. Update pkcs8 utlity to use PKCS8_set0_pbe. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Hanno Böck 提交于
The "out" variable is used for both key and csr. Close it after writing the first one so it can be re-used when writing the other. Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Rich Salz 提交于
Thanks to Brian Carpenter <brian.carpenter@gmail.com> for finding this. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Rich Salz 提交于
The 'http proxy' commit broke s_client default host/port value. Thanks to Matt for the simplest fix. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 23 5月, 2015 4 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Given the pervasive nature of TLS extensions it is inadvisable to run OpenSSL without support for them. It also means that maintaining the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably not well tested). Therefore it is being removed. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Michael Trapp 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
We had updates of certain header files in both Makefile.org and the Makefile in the directory the header file lived in. This is error prone and also sometimes generates slightly different results (usually just a comment that differs) depending on which way the update was done. This removes the file update targets from the top level Makefile, adds an update: target in all Makefiles and has it depend on the depend: or local_depend: targets, whichever is appropriate, so we don't get a double run through the whole file tree. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 22 5月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
This fixes compilation with various OPENSSL_NO_* options that got broken during the big apps cleanup. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 21 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Typedef STRINT_PAIR to be the same as OPT_PAIR, and use that structure and a bunch of tables instead of switch statements to lookup various values out of the SSL/TLS message buffers. Shrinks a bunch of code. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 20 5月, 2015 1 次提交
-
-
由 Emilia Kasper 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 19 5月, 2015 1 次提交
-
-
由 Robert Swiecki 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 16 5月, 2015 3 次提交
-
-
由 Matt Caswell 提交于
Following the version negotiation rewrite all of the previous code that was dedicated to version negotiation can now be deleted - all six source files of it!! Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Matt Caswell 提交于
Continuing from the previous commit this changes the way we do client side version negotiation. Similarly all of the s23* "up front" state machine code has been avoided and again things now work much the same way as they already did for DTLS, i.e. we just do most of the work in the ssl3_get_server_hello() function. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Matt Caswell 提交于
This commit changes the way that we do server side protocol version negotiation. Previously we had a whole set of code that had an "up front" state machine dedicated to the negotiating the protocol version. This adds significant complexity to the state machine. Historically the justification for doing this was the support of SSLv2 which works quite differently to SSLv3+. However, we have now removed support for SSLv2 so there is little reason to maintain this complexity. The one slight difficulty is that, although we no longer support SSLv2, we do still support an SSLv3+ ClientHello in an SSLv2 backward compatible ClientHello format. This is generally only used by legacy clients. This commit adds support within the SSLv3 code for these legacy format ClientHellos. Server side version negotiation now works in much the same was as DTLS, i.e. we introduce the concept of TLS_ANY_VERSION. If s->version is set to that then when a ClientHello is received it will work out the most appropriate version to respond with. Also, SSLv23_method and SSLv23_server_method have been replaced with TLS_method and TLS_server_method respectively. The old SSLv23* names still exist as macros pointing at the new name, although they are deprecated. Subsequent commits will look at client side version negotiation, as well of removal of the old s23* code. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 15 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Follow the same convention the other OPENSSL_NO_xxx header files do, and use #error instead of making the header file be a no-op. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 14 5月, 2015 2 次提交
-
-
由 Rich Salz 提交于
Had old patch, forgot to push/patch this to master Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Various bugs found by Viktor, Emilia, Matt, etc. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 13 5月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
Remove RFC2712 Kerberos support from libssl. This code and the associated standard is no longer considered fit-for-purpose. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Remove Kerberos related options from the apps to prepare for the subsequent commits which will remove libcrypto and libssl support for Kerberos. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 11 5月, 2015 3 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Kurt Cancemi 提交于
This would cause memory corruption in opt_init() because it relies on the terminating NULL. RT#3842 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Bjoern D. Rasmussen 提交于
clang says: "s_cb.c:958:9: error: implicitly declaring library function 'memcpy'" Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 07 5月, 2015 2 次提交
-
-
由 Rich Salz 提交于
For the various string-compare routines (strcmp, strcasecmp, str.*cmp) use "strcmp()==0" instead of "!strcmp()" Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
The file name given to -CAserial might not exist yet. The -CAcreateserial option decides if this is ok or not. Previous to this change, -CAserial was a type '<' option, and in that case, the existence of the file given as argument is tested quite early, and is a failure if it doesn't. With the type 's' option, the argument is just a string that the application can do whatever it wants with. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 06 5月, 2015 4 次提交
-
-
由 Gunnar Kudrjavets 提交于
Compiling OpenSSL code with MSVC and /W4 results in a number of warnings. One category of warnings is particularly interesting - C4701 (potentially uninitialized local variable 'name' used). This warning pretty much means that there's a code path which results in uninitialized variables being used or returned. Depending on compiler, its options, OS, values in registers and/or stack, the results can be nondeterministic. Cases like this are very hard to debug so it's rational to fix these issues. This patch contains a set of trivial fixes for all the C4701 warnings (just initializing variables to 0 or NULL or appropriate error code) to make sure that deterministic values will be returned from all the execution paths. RT#3835 Signed-off-by: NMatt Caswell <matt@openssl.org> Matt's note: All of these appear to be bogus warnings, i.e. there isn't actually a code path where an unitialised variable could be used - its just that the compiler hasn't been able to figure that out from the logic. So this commit is just about silencing spurious warnings. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
A copy&paste error as a result of the big apps cleanup broke the version specific methods in s_server. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr) for memset and memcpy. Remove needless casts for those functions. For memset, replace alternative forms of zero with 0. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Fix error in WIN32_rename() introduced by commit b4faea50. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 05 5月, 2015 5 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
If CA.pl is reading from /dev/null, then "chop $FILE" gives a warning. Sigh. Have to add "if $FILE". This just silences a build warning. Thanks to GitHub user andrejs-igumenovs for help with this. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
For a local variable: TYPE *p; Allocations like this are "risky": p = OPENSSL_malloc(sizeof(TYPE)); if the type of p changes, and the malloc call isn't updated, you could get memory corruption. Instead do this: p = OPENSSL_malloc(sizeof(*p)); Also fixed a few memset() calls that I noticed while doing this. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
RT2943 only complains about the incorrect check of -K argument size, we might as well do the same thing with the -iv argument. Before this, we only checked that the given argument wouldn't give a bitstring larger than EVP_MAX_KEY_LENGTH. we can be more precise and check against the size of the actual cipher used. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 04 5月, 2015 2 次提交
-
-
由 Rich Salz 提交于
Don't do access check on destination directory; it breaks when euid/egid is different from real uid/gid. Reviewed-by: NRichard Levitte <levitte@openssl.org> Signed-off-by: NRich Salz <rsalz@akamai.com>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-