- 28 6月, 2017 3 次提交
-
-
由 Richard Levitte 提交于
Based on cryptodev-linux Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3744)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3744)
-
由 Rich Salz 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3773)
-
- 27 6月, 2017 4 次提交
-
-
由 Benjamin Kaduk 提交于
Commit db17e43d added the function but would improperly report success if the underlying dup operation failed. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3775)
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3781)
-
由 Richard Levitte 提交于
To make sure that our symbols don't clash with other libraries, we claim the namespaces OSSL and OPENSSL. Because C doesn't provide namespaces, the only solution is to have them as prefixes on symbols, thus we allow OSSL_ and OPENSSL_ as prefixes. These namespace prefixes are optional for the foreseeable future, and will only be used for new modules as needed on a case by case basis, until further notice. For extra safety, there's an added requirement that module names - apart from the namespace prefix - be at least 2 characters long. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3781)
-
由 Rich Salz 提交于
Breaks djgpp, masks a common kernel function name. Thanks to Gisle Vanem for pointing this out. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3776)
-
- 26 6月, 2017 4 次提交
-
-
由 Paul Yang 提交于
To make it consistent in the code base Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3749)
-
由 Paul Yang 提交于
BIO_sock_init returns '-1' on error, not '0', so it's needed to check explicitly istead of using '!'. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3766)
-
由 Paul Yang 提交于
As well as a coding style nit is fixed. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3763)
-
由 Richard Levitte 提交于
This function is undocumented, but similarly named functions (such as 'curl_global_cleanup') are documented as internals that should not be called by scripts. Fixes #3765 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3768)
-
- 25 6月, 2017 5 次提交
-
-
由 Benjamin Kaduk 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3762)
-
由 Benjamin Kaduk 提交于
Test for each of DSA, SHA1, and SHA224. Use the symbolic names for SignatureScheme comparisons just added. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3326)
-
由 Benjamin Kaduk 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3326)
-
由 Benjamin Kaduk 提交于
Put them into the TLSProxy::Message namespace along with the extension type constants. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3326)
-
由 Benjamin Kaduk 提交于
In draft-ietf-tls-tls13-20 Appendix B we find that: This section describes protocol types and constants. Values listed as _RESERVED were used in previous versions of TLS and are listed here for completeness. TLS 1.3 implementations MUST NOT send them but might receive them from older TLS implementations. Similarly, in section 4.2.3 we see: Legacy algorithms Indicates algorithms which are being deprecated because they use algorithms with known weaknesses, specifically SHA-1 which is used in this context with either with RSA using RSASSA-PKCS1-v1_5 or ECDSA. These values refer solely to signatures which appear in certificates (see Section 4.4.2.2) and are not defined for use in signed TLS handshake messages. Endpoints SHOULD NOT negotiate these algorithms but are permitted to do so solely for backward compatibility. Clients offering these values MUST list them as the lowest priority (listed after all other algorithms in SignatureSchemeList). TLS 1.3 servers MUST NOT offer a SHA-1 signed certificate unless no valid certificate chain can be produced without it (see Section 4.4.2.2). However, we are currently sending the SHA2-based DSA signature schemes and many SHA1-based schemes, which is in contradiction with the specification. Because TLS 1.3 support will appear in OpenSSL 1.1, we are bound by stability requirements to continue to offer the DSA signature schemes and the deprecated hash algorithms. at least until OpenSSL 1.2. However, for pure TLS 1.3 clients that do not offer lower TLS versions, we can be compliant. Do so, and leave a note to revisit the issue when we are permitted to break with sacred historical tradition. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3326)
-
- 24 6月, 2017 7 次提交
-
-
由 Andy Polyakov 提交于
Curiously enough out-of-order Silvermont benefited most from optimization, 33%. [Originally mentioned "anomaly" turned to be misreported frequency scaling problem. Correct results were collected under older kernel.] Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3739)
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3739)
-
由 Matt Caswell 提交于
[extended tests] Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3760)
-
由 Matt Caswell 提交于
Something environmental changed in travis so that it started preferring the ubuntu clang-3.9 version instead of the llvm.org one. This breaks the sanitiser based builds. This change forces travis to de-prioritise the ubuntu clang packages. [extended tests] Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3759)
-
由 Matt Caswell 提交于
Following on from the previous commit this fixes another instance where we need to treat a -ve return from EVP_DigestVerify() as a bad signature. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3756)
-
由 Matt Caswell 提交于
Prior to 72ceb6a6 we treated all failures from the call to EVP_DigestVerifyFinal() as if it were a bad signature, and failures in EVP_DigestUpdate() as an internal error. After that commit we replaced this with the one-shot function EVP_DigestVerify() and treated a 0 return as a bad signature and a negative return as an internal error. However, some signature errors can be negative (e.g. according to the docs if the form of the signature is wrong). Therefore we should treat all <=0 returns as a bad signature. This fixes a boringssl test failure. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3756)
-
由 Matt Caswell 提交于
We were adding more tests than we had data for due to use of sizeof instead of OSSL_NELEM. I also changed the 8 bit tests for consistency, although they were already working. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3755)
-
- 23 6月, 2017 2 次提交
-
-
由 Pauli 提交于
This macro aborts the test which prevents later tests from executing. It also bypasses the test framework output functionality. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3750)
-
由 Matt Caswell 提交于
In 1.0.2 and before OBJ_create() allowed the sn or ln parameter to be NULL. Commit 52832e47 changed that so that it crashed if they were NULL. This was causing problems with the built-in config oid module. If a long name was provided OBJ_create() is initially called with a NULL ln and therefore causes a crash. Fixes #3733 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3753)
-
- 22 6月, 2017 7 次提交
-
-
由 Alexey Komnin 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3751)
-
由 David Benjamin 提交于
Per RFC 7905, the cipher suite names end in "_SHA256". The original implementation targeted the -03 draft, but there was a -04 draft right before the RFC was published to make the names consistent. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3748)
-
由 Pauli 提交于
This is an implementation of a BIO filter that produce TAP compatible output for the test framework. The current test indentation level is honoured. The test output functions have been modified to not attempt to indent their output and to not include the leading '#' character. The filter is applied to bio_err only. bio_out is left unchanged, although tests using bio_out have been modified to use bio_err instead. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3732)
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3745)
-
由 Pauli 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3731)
-
由 Sascha Steinbiss 提交于
Adding a get1 style accessor as brought up in mailing list post https://mta.openssl.org/pipermail/openssl-users/2016-November/004796.htmlReviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1876)
-
由 Paul Yang 提交于
initialize some local variables Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3741)
-
- 21 6月, 2017 8 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3735)
-
由 Andy Polyakov 提交于
[skip ci] Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3705)
-
由 Andy Polyakov 提交于
[skip ci] Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3705)
-
由 Matt Caswell 提交于
The value of BIO_CTRL_DGRAM_SET_PEEK_MODE was clashing with the value for BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. In an SCTP enabled build BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE was used unconditionally with the reasoning that it would be ignored if SCTP wasn't in use. Unfortunately due to this clash, this wasn't the case. The BIO ended up going into peek mode and was continually reading the same data over and over - throwing it away as a replay. Fixes #3723 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3724)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-
由 Matt Caswell 提交于
Found while developing the PSK tests Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-