- 19 3月, 2018 3 次提交
-
-
由 Jack Lloyd 提交于
Without actually using EVP_PKEY_FLAG_AUTOARGLEN Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4793)
-
由 Jack Lloyd 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4793)
-
由 Richard Levitte 提交于
This is only useful when building shared libraries. This allows us to run our tests against newer libraries when the time comes. Simply do this: OPENSSL_REGRESSION=/other/OpenSSL/build/tree make test ($OPENSSL_REGRESSION *must* be an absolute path) Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5619)
-
- 17 3月, 2018 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
This commit adds a new api RAND_DRBG_set_defaults() which sets the default type and flags for new DRBG instances. See also #5576. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5632)
-
- 16 3月, 2018 5 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5631)
-
由 Richard Levitte 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5631)
-
由 Richard Levitte 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5631)
-
由 Richard Levitte 提交于
In the end, it's more efficient to only have one perl instance (that loads configdata.pm) dealing with dependency files than running one (that still loads configdata.pm) for each such file. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5631)
-
由 Dr. Matthias St. Pierre 提交于
Fixes #4403 This commit moves the internal header file "internal/rand.h" to <openssl/rand_drbg.h>, making the RAND_DRBG API public. The RAND_POOL API remains private, its function prototypes were moved to "internal/rand_int.h" and converted to lowercase. Documentation for the new API is work in progress on GitHub #5461. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5462)
-
- 15 3月, 2018 8 次提交
-
-
由 Richard Levitte 提交于
Instead of just working line by line, we collect all dependencies for every target and print everything out at the end, with each target getting a potentially long list of dependencies. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5591)
-
由 Richard Levitte 提交于
All dependencies that VC gives us are absolute paths, so we need to check if some of them are within our source or build tree. We do that by comparing the start of each dependency with the absolute versions of our source and build directories. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5591)
-
由 Richard Levitte 提交于
It seems that only gcc -MMD produces dependency files that are "sane" for our needs. For all other methods, some post processing is needed: - 'makedepend' (Unix) insists that object files are located in the same spot as the source file. - 'cl /Zs /showIncludes' (Visual C) has "Note: including file: " where we'd like to see the object. - 'CC/DECC' (VMS) insists that the object file is located in the current directory, i.e. it strips away all directory information. So far, we've managed this (except for the VMS case) with individual uncommented perl command lines directly in the build file template. We're now collecting these diverse hacks into one perl script that takes an argument to tell what kind of input to expect and that massages whatever it gets on STDIN and outputs the result on STDOUT. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5591)
-
由 Matt Caswell 提交于
Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per feedback. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
-
由 Matt Caswell 提交于
Also adds some documentation for related existing functions/macros Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
-
由 Matt Caswell 提交于
Not all algorithms will support this, since their keys are not a simple block of data. But many can. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
-
- 14 3月, 2018 6 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5617)
-
由 Matt Caswell 提交于
With the current mechanism, old cipher strings that used to work in 1.1.0, may inadvertently disable all TLSv1.3 ciphersuites causing connections to fail. This is confusing for users. In reality TLSv1.3 are quite different to older ciphers. They are much simpler and there are only a small number of them so, arguably, they don't need the same level of control that the older ciphers have. This change splits the configuration of TLSv1.3 ciphers from older ones. By default the TLSv1.3 ciphers are on, so you cannot inadvertently disable them through your existing config. Fixes #5359 Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5392)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5604)
-
由 Richard Levitte 提交于
... also, name it with "-$$" added instead of ".$$" Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5608)
-
由 Richard Levitte 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5608)
-
由 Richard Levitte 提交于
With the help of the perl script util/add-depends.pl, which takes all its information directly from configdata.pm, the dependency adding procedure can be streamlined for all support platforms. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5606)
-
- 13 3月, 2018 1 次提交
-
-
由 Benjamin Saunders 提交于
These functions are similar to SSL_CTX_set_cookie_{generate,verify}_cb, but used for the application-controlled portion of TLS1.3 stateless handshake cookies rather than entire DTLSv1 cookies. Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5463)
-
- 12 3月, 2018 1 次提交
-
-
由 Todd Short 提交于
Adds application data into the encrypted session ticket Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3802)
-
- 10 3月, 2018 2 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
The introduction of thread local public and private DRBG instances (#5547) makes it very cumbersome to change the reseeding (time) intervals for those instances. This commit provides a function to set the default values for all subsequently created DRBG instances. int RAND_DRBG_set_reseed_defaults( unsigned int master_reseed_interval, unsigned int slave_reseed_interval, time_t master_reseed_time_interval, time_t slave_reseed_time_interval ); The function is intended only to be used during application initialization, before any threads are created and before any random bytes are generated. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5576)
-
由 Todd Short 提交于
Add functions that will do the work of assigning certificate, privatekey and chain certs to an SSL or SSL_CTX. If no privatekey is given, use the publickey. This will permit the keys to pass validation for both ECDSA and RSA. If a private key has already been set for the certificate, it is discarded. A real private key can be set later. This is an all-or-nothing setting of these parameters. Unlike the SSL/SSL_CTX_use_certificate() and SSL/SSL_CTX_use_PrivateKey() functions, the existing cert or privatekey is not modified (i.e. parameters copied). This permits the existing cert/privatekey to be replaced. It replaces the sequence of: * SSL_use_certificate() * SSL_use_privatekey() * SSL_set1_chain() And may actually be faster, as multiple checks are consolidated. The private key can be NULL, if so an ENGINE module needs to contain the actual private key that is to be used. Note that ECDH (using the certificate's ECDSA key) ciphers do not work without the private key being present, based on how the private key is used in ECDH. ECDH does not offer PFS; ECDHE ciphers should be used instead. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/1130)
-
- 07 3月, 2018 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5533)
-
- 26 2月, 2018 1 次提交
-
-
由 Tatsuhiro Tsujikawa 提交于
This commit adds SSL_export_keying_material_early() which exports keying material using early exporter master secret. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5252)
-
- 23 2月, 2018 4 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2688)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2688)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2688)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2688)
-
- 21 2月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
When the proxy re-encrypted a TLSv1.3 record it was adding a spurious byte onto the end. This commit removes that. The "extra" byte was intended to be the inner content type of the record. However, TLSProxy was actually adding the original encrypted data into the record (which already has the inner content type in it) and then adding the spurious additional content type byte on the end (and adjusting the record length accordingly). It is interesting to look at why this didn't cause a failure: The receiving peer first attempts to decrypt the data. Because this is TLSProxy we always use a GCM based ciphersuite with a 16 byte tag. When we decrypt this it actually gets diverted to the ossltest engine. All this does is go through the motions of encrypting/decrypting but just passes back the original data. Crucially it will never fail because of a bad tag! The receiving party thinks the spurious additional byte is part of the tag and the ossltest engine ignores it. This means the data that gets passed back to the record layer still has an additional spurious byte on it - but because the 16 byte tag has been removed, this is actually the first byte of the original tag. Again because we are using ossltest engine we aren't actually creating "real" tags - we only ever emit 16, 0 bytes for the tag. So the spurious additional byte always has the value 0. The TLSv1.3 spec says that records can have additional 0 bytes on the end of them - this is "padding". So the record layer interprets this 0 byte as padding and strips it off to end up with the originally transmitted record data - which it can now process successfully. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5370)
-
- 20 2月, 2018 2 次提交
-
-
由 John Hughes 提交于
Add -bind option to s_client application to allow specification of local address for connection. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5272)
-
由 Massimiliano Pala 提交于
This function makes it easier to retrieve a reference to the authority key identifier (akid->keyid) inside a certificate. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5271)
-
- 19 2月, 2018 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5396)
-
- 15 2月, 2018 2 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
In PR #5295 it was decided that the locking api should remain private and used only inside libcrypto. However, the locking functions were added back to `libcrypto.num` by `mkdef.pl`, because the function prototypes were still listed in `internal/rand.h`. (This header contains functions which are internal, but shared between libcrypto and libssl.) This commit moves the prototypes to `rand_lcl.h` and changes the names to lowercase, following the convention therein. It also corrects an outdated documenting comment. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5375)
-
由 Richard Levitte 提交于
It's a convenient complement to OSSL_STORE_ctrl() Suggested by Norm Green Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5363)
-
- 14 2月, 2018 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
The functions drbg_setup() and drbg_cleanup() used to duplicate a lot of code from RAND_DRBG_new() and RAND_DRBG_free(). This duplication has been removed, which simplifies drbg_setup() and makes drbg_cleanup() obsolete. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5294)
-