- 14 9月, 2017 1 次提交
-
-
由 Paul Yang 提交于
A new method is added to EVP_PKEY_METH as: int (*check) (EVP_PKEY_CTX *ctx); and to EVP_PKEY_ASN1_METHOD as: int (*pkey_check) (EVP_PKEY_CTX *ctx); This is used to check the validity of a specific key. The order of calls is: EVP_PKEY_check -> pmeth.check -> ameth.pkey_check. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4337)
-
- 09 9月, 2017 3 次提交
-
-
由 David Benjamin 提交于
It is otherwise unclear what all the magic numbers mean. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4349)
-
由 David Benjamin 提交于
The instructions don't work. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4349)
-
由 David Benjamin 提交于
"Early callback" is a little ambiguous now that early data exists. Perhaps "ClientHello callback"? Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4349)
-
- 08 9月, 2017 1 次提交
-
-
由 Benjamin Kaduk 提交于
The extensions not sent when TLS 1.2 is not used caused the message length to be 109, which is less than the 127 threshold needed to activate the F5 workaround. Add another 20 bytes of dummy ALPN data do push it over the threshold. Also, fix the definition of the (unused) local macro indicating the threshold. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4346)
-
- 06 9月, 2017 1 次提交
-
-
由 Alfred E. Heggestad 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4011)
-
- 04 9月, 2017 3 次提交
-
-
由 Matt Caswell 提交于
clienthellotest tries to fill out the size of the ClientHello by adding extra ciphersuites in order to test the padding extension. This is unreliable because they are very dependent on configuration options. If we add too much data the test will fail! We were already also adding some dummy ALPN protocols to pad out the size, and it turns out that this is sufficient just in itself, so drop the extra ciphersuites. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4331)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4332)
-
由 Pauli 提交于
[extended tests] Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4327)
-
- 03 9月, 2017 2 次提交
-
-
由 Richard Levitte 提交于
Some URIs get "mistreated" (converted) by the MSYS run-time. Unfortunately, avoiding this conversion doesn't help either. http://www.mingw.org/wiki/Posix_path_conversion Fixes #4314 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4322)
-
由 Andy Polyakov 提交于
Ironically enough not all installations get Module::Load::Conditional installed by default... [It's a bit half-hearted, because such installations are likely to lack more stuffi that is needed, but nevertheless, it proved to be helpful.] Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4323)
-
- 02 9月, 2017 2 次提交
-
-
由 Benjamin Kaduk 提交于
If the server_name extension is long enough to require two bytes to hold the length of either field, the test suite would not decode the length properly. Using the PACKET_ APIs would have avoided this, but it was desired to avoid using private APIs in this part of the test suite, to keep ourselves honest. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4318)
-
由 Benjamin Kaduk 提交于
The include search path was not picking up files in the root of the tree. [extended tests] Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4316)
-
- 01 9月, 2017 1 次提交
-
-
由 Pauli 提交于
Move struct timeval includes into e_os.h (where the Windows ones were). Enaure that the include is guarded canonically. Refer #4271 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4312)
-
- 31 8月, 2017 5 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
由 Matt Caswell 提交于
If there is no SNI in the session then s_client no longer sends the SNI extension. Update the tests to take account of that Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
- 30 8月, 2017 4 次提交
-
-
由 Todd Short 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4264)
-
由 Jon Spillett 提交于
AEAD cipher mode implementation is based on that used for AES: https://tools.ietf.org/html/rfc5116 TLS GCM cipher suites as specified in: https://tools.ietf.org/html/rfc6209Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4287)
-
由 Pauli 提交于
cryptilib.h is the second. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4188)
-
由 Pauli 提交于
Removed e_os.h from all bar three headers (apps/apps.h crypto/bio/bio_lcl.h and ssl/ssl_locl.h). Added e_os.h into the files that need it now. Directly reference internal/nelem.h when required. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4188)
-
- 28 8月, 2017 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Unlike the NIST DRBG standard, entropy counts are in bits and buffer lengths are in bytes. This has lead to some confusion and errors in the past, see my comment on PR 3789. To clarify the destinction between entropy counts and buffer lengths, a 'len' suffix has been added to all member names of RAND_DRBG which represent buffer lengths: - {min,max}_{entropy,adin,nonce,pers} + {min,max}_{entropy,adin,nonce,pers}len This change makes naming also more consistent, as can be seen in the diffs, for example: - else if (adinlen > drbg->max_adin) { + else if (adinlen > drbg->max_adinlen) { Also replaced all 'ent's by 'entropy's, following a suggestion of Paul Dale. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4266)
-
- 27 8月, 2017 1 次提交
-
-
由 Rich Salz 提交于
VisualStudio 6 and earlier aren't supported. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4263)
-
- 25 8月, 2017 7 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4257)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4252)
-
由 Kazuki Yamaguchi 提交于
A condition was removed by commit 1053a6e2; presumably it was an unintended change. Restore the previous behavior so the get_session_cb won't be called with zero-length session ID. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4236)
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4251)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4245)
-
由 Pauli 提交于
range of ctype functions. Revert "Don't try to compare the ctype functions on values > 127" This reverts commit 6ac58908. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4225)
-
由 Pauli 提交于
The C standard defines EOF as: ... an integer constant expression, with type int and a negative value... This means a conforming implemenetation could define this as a one of the printable characters. This won't be a problem for ASCII. A specific test case has been added for EOF. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4240)
-
- 24 8月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Commit b99fe5f4 broke SCTP. This fixes it again. Reviewed-by: NStephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4244)
-
- 23 8月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Remove GETPID_IS_MEANINGLESS and osslargused. Move socket-related things to new file internal/sockets.h; this is now only needed by four(!!!) files. Compiles should be a bit faster. Remove USE_SOCKETS ifdef's Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4209)
-
- 22 8月, 2017 6 次提交
-
-
由 Richard Levitte 提交于
Our internal replacement functions return 0 for those values. However, depending on locale, the C RTL functions may return 1. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4219)
-
由 Richard Levitte 提交于
Values that aren't representable as unsigned give undefined results. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4219)
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4217)
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4216)
-
由 Rich Salz 提交于
Add -rand_serial to CA command and "serial_rand" config option. Up RAND_BITS to 159, and comment why: now confirms to CABForum guidelines (Ballot 164) as well as IETF RFC 5280 (PKIX). Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4185)
-
由 Pauli 提交于
return true for characters > 127. I.e. they are allowing extended ASCII characters through which then cause problems. E.g. marking superscript '2' as a number then causes the common (ch - '0') conversion to number to fail miserably. Likewise letters with diacritical marks can also cause problems. If a non-ASCII character set is being used (currently only EBCDIC), it is adjusted for. The implementation uses a single table with a bit for each of the defined classes. These functions accept an int argument and fail for values out of range or for characters outside of the ASCII set. They will work for both signed and unsigned character inputs. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4102)
-