- 16 12月, 2015 5 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Remove incomplete non-functional ECDH client authentication code. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Since auto ecdh is now always used SSL_OP_SINGLE_ECDH_USE is redundant. Simplify associated code. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 15 12月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 14 12月, 2015 1 次提交
-
-
由 Ben Laurie 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 13 12月, 2015 4 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NBen Laurie <ben@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 tjmao 提交于
GCM and CCM are modes of operation for block ciphers only. ChaCha20-Poly1305 operates in neither of them but it is AEAD. This change also enables future AEAD ciphers to be available for use with DTLS. Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
This reverts commit 777f482d. Author credit missing. Reverting this and re-committing with an Author line. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 12 12月, 2015 3 次提交
-
-
由 Matt Caswell 提交于
Fix compile failure introduced by commit 94d61512 due to a typo. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
GCM and CCM are modes of operation for block ciphers only. ChaCha20-Poly1305 operates in neither of them but it is AEAD. This change also enables future AEAD ciphers to be available for use with DTLS. Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Ben Laurie 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 10 12月, 2015 7 次提交
-
-
由 Matt Caswell 提交于
A BIO_flush call in the DTLS code was not correctly setting the |rwstate| variable to SSL_WRITING. This means that SSL_get_error() will not return SSL_ERROR_WANT_WRITE in the event of an IO retry. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
If using DTLS and NBIO then if a second or subsequent handshake message fragment hits a retry, then the retry attempt uses the wrong fragment offset value. This commit restores the fragment offset from the last attempt. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
If the call to OBJ_find_sigid_by_algs fails to find the relevant NID then we should set the NID to NID_undef. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 09 12月, 2015 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Add new flag TLS1_FLAGS_RECEIVED_EXTMS which is set when the peer sends the extended master secret extension. Server now sends extms if and only if the client sent extms. Check consistency of extms extension when resuming sessions following (where practical) RFC7627. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 08 12月, 2015 6 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
This change required some special treatment, as HMAC is intertwined with EVP_MD. For now, all local HMAC_CTX variables MUST be initialised with HMAC_CTX_EMPTY, or whatever happens to be on the stack will be mistaken for actual pointers to EVP_MD_CTX. This will change as soon as HMAC_CTX becomes opaque. Also, since HMAC_CTX_init() can fail now, its return type changes from void to int, and it will return 0 on failure, 1 on success. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 07 12月, 2015 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 06 12月, 2015 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> MR: #364
-
- 05 12月, 2015 5 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Kurt Roeckx 提交于
SSL_{CTX}_set_tmp_ecdh() allows to set 1 EC curve and then tries to use it. On the other hand SSL_{CTX_}set1_curves() allows you to set a list of curves, but only when SSL_{CTX_}set_ecdh_auto() was called to turn it on. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Kurt Roeckx 提交于
This only gets used to set a specific curve without actually checking that the peer supports it or not and can therefor result in handshake failures that can be avoided by selecting a different cipher. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
The new state machine code missed an allowed transition when resuming a session via EAP FAST. This commits adds the missing check for the transition. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 03 12月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Remove sign/verify and required_pkey_type fields of EVP_MD: these are a legacy from when digests were linked to public key types. All signing is now handled by the corresponding EVP_PKEY_METHOD. Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms already block unsupported types. Remove now obsolete EVP_dss1() and EVP_ecdsa(). Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 02 12月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Add CRYPTO_free_ex_index (for shared libraries) Unify and complete the documentation for all "ex_data" API's and objects. Replace xxx_get_ex_new_index functions with a macro. Added an exdata test. Renamed the ex_data internal datatypes. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 30 11月, 2015 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dr. Stephen Henson 提交于
Don't hard code EVP_sha* etc for signature algorithms: use table indices instead. Add SHA224 and SHA512 to tables. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-