- 11 4月, 2017 1 次提交
-
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3154)
-
- 10 4月, 2017 10 次提交
-
-
由 Benjamin Kaduk 提交于
RFC 7301 mandates that the server SHALL respond with a fatal "no_application_protocol" alert when there is no overlap between the client's supplied list and the server's list of supported protocols. In commit 06217867 we changed from ignoring non-success returns from the supplied alpn_select_cb() to treating such non-success returns as indicative of non-overlap and sending the fatal alert. In effect, this is using the presence of an alpn_select_cb() as a proxy to attempt to determine whether the application has configured a list of supported protocols. However, there may be cases in which an application's architecture leads it to supply an alpn_select_cb() but have that callback be configured to take no action on connections that do not have ALPN configured; returning SSL_TLSEXT_ERR_NOACK from the callback would be the natural way to do so. Unfortunately, the aforementioned behavior change also treated SSL_TLSEXT_ERR_NOACK as indicative of no overlap and terminated the connection; this change supplies special handling for SSL_TLSEXT_ERR_NOACK returns from the callback. In effect, it provides a way for a callback to obtain the behavior that would have occurred if no callback was registered at all, which was not possible prior to this change. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2570)
-
由 Richard Levitte 提交于
The deprecation checking code here didn't work the same way as in Configure, and used $config{options} to find an --api= option that was never there. This is replaced with checking $config{api}, which is the controlling variable for deprecation. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
-
由 Richard Levitte 提交于
Teach util/mkdef.pl to recognise these lines: #if OPENSSL_API_COMPAT < 0xXXXXXXXXL #if OPENSSL_API_COMPAT >= 0xXXXXXXXXL and add corresponding markers in util/*.num A final 'make update' sets those markers right for LONG and ZLONG. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
-
由 Richard Levitte 提交于
Replace all remaining uses of LONG and ZLONG with INT32 / ZINT32. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
-
由 Richard Levitte 提交于
Don't compile code that still uses LONG when it's deprecated Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3152)
-
- 08 4月, 2017 7 次提交
-
-
由 Andy Polyakov 提交于
Last modification effectively masked test failures, so that builds were reported successful even if they failed. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3117)
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3117)
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3117)
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3117)
-
由 Rich Salz 提交于
Forgot to include this commit as requested by review. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2244)
-
由 Rich Salz 提交于
Document thread-safety issues Have RSA_null return NULL (always fails) Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2244)
-
- 07 4月, 2017 13 次提交
-
-
由 Richard Levitte 提交于
When configured no-engine, we still refered to rand_engine_lock. Rework the lock init code to avoid that. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3145)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
-
由 Matt Caswell 提交于
We need it for the custom extensions API Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
-
由 Matt Caswell 提交于
Style updates for the new custom extensions API Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
-
由 Matt Caswell 提交于
The old custom extensions API was not TLSv1.3 aware. Extensions are used extensively in TLSv1.3 and they can appear in many different types of messages. Therefore we need a new API to be able to cope with that. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
-
由 Matt Caswell 提交于
This move prepares for the later addition of the new custom extensions API. The context codes have an additional "SSL_" added to their name to ensure we don't have name clashes with other applications. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
-
由 Matt Caswell 提交于
Brings all the extensions code together. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
-
由 Richard Levitte 提交于
This is especially harmful since OPENSSL_cleanup() has already called the RAND cleanup function Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3137)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3137)
-
- 06 4月, 2017 3 次提交
-
-
由 Qin Long 提交于
Under UEFI build environment, we may encounter the OSSL_SSIZE macro re-definition error in e_os2.h if any module call OpenSSL API directly by including "openssl/xxxx.h" (caused by the predefined _WIN32/_WIN64 macro, which should have been un-defined under OPENSSL_SYS_UEFI). Though it's not one recommended usage, this patch could still eliminate the possible build issue by refining the OSSL_SSIZE definition under OPENSSL_SYS_UEFI. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3121)
-
由 Todd Short 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3115)
-
由 Richard Levitte 提交于
If no default method was yet given, RAND_get_rand_method() will set it up. Doing so just to clean it away seems pretty silly, so instead, use the default_RAND_meth variable directly. This also clears a possible race condition where this will try to init things, such as ERR or ENGINE when in the middle of a OPENSSL_cleanup. Fixes #3128 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3136)
-
- 05 4月, 2017 3 次提交
-
-
由 Richard Levitte 提交于
It's sheer luck that this was used for the first field only which also has the same type in all data structures, so the offsets were never wrong Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3127)
-
由 Andy Polyakov 提交于
Fixes GH#3116. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
This is handy for internal iOS tests, when you have to make it work in sandbox. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 04 4月, 2017 3 次提交
-
-
由 Gergely Nagy 提交于
This commit contains some optimizations in PKCS5_PBKDF2_HMAC() and HMAC_CTX_copy() functions which together makes PBKDF2 computations faster by 15-40% according to my measurements made on x64 Linux with both asm optimized and no-asm versions of SHA1, SHA256 and SHA512. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1708)
-
由 Richard Levitte 提交于
Bug uncovered by test [extended tests] Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3088)
-
由 Matt Caswell 提交于
Credit to OSS-Fuzz for finding this. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3088)
-