- 03 8月, 2017 10 次提交
-
-
由 Matt Caswell 提交于
Move the definition of ossl_assert() out of e_os.h which is intended for OS specific things. Instead it is moved into internal/cryptlib.h. This also changes the definition to remove the (int) cast. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4073)
-
由 Lingmo Zhu 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4014)
-
由 Lingmo Zhu 提交于
The comment "The following should not return 1, otherwise, things are very strange" is from the very first commit of OpenSSL. The really meaning of the comment is if the identical session can be found from internal cache after calling get_session_cb but not found before calling get_session_cb, it is just strange. The value 1 was originated from the old doc of SSLeay, reversed from the actual return value of SSL_CTX_add_session(). Anyway either return value of SSL_CTX_add_session() should not interrupt the session resumption process. So the checking of return value of SSL_CTX_add_session() is not necessary. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4014)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4079)
-
由 Johannes Bauer 提交于
Conform to coding guidelines. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NStephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
-
由 Johannes Bauer 提交于
This was previously mistakenly handled as a single error code. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NStephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
-
由 Johannes Bauer 提交于
Changed HKDF to use EVP_PKEY_CTX_md() (review comment of @snhenson) and introduced more specific error codes (not only indicating *that* some parameter is missing, but actually *which* one it is). Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NStephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
-
由 Johannes Bauer 提交于
HKDF now handles an invalid digest like TLS1-PRF does (i.e., returns KDF_R_INVALID_DIGEST if the passed digest is not known). Both KDFs now set the error code KDF_R_UNKNOWN_PARAMETER_TYPE if a type was passed that is not recognized. This will have the effect of improving debugging output in case a user uses "openssl pkeyutl -kdf ..." in a wrong way and result in an actual error code (instead of just "failure" and an empty error stack). Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NStephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
-
由 Johannes Bauer 提交于
Introduce KDF_F_PKEY_HKDF_DERIVE and return the KDF_R_MISSING_PARAMETER error code when required parameters have not been set. This will make "openssl pkeyutl -kdf HKDF" return a meaningful error message instead of simply "Public Key operation error". Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NStephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
-
由 Andy Polyakov 提交于
This is achieved mostly by ~10% reduction of amount of instructions per round thanks to a) switch to KECCAK_2X variant; b) merge of almost 1/2 rotations with logical instructions. Performance is improved on all observed processors except on Cortex-A15. This is because it's capable of exploiting more parallelism and can execute original code for same amount of time. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4057)
-
- 02 8月, 2017 8 次提交
-
-
由 Pauli 提交于
Removing the use of SETUP_TEST_FIXTURE reduces complxity in those tests that used it. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4066)
-
由 Martin Peylo 提交于
The OID for {1 3 6 1 5 5 8 1 2} HMAC-SHA1 (NID_hmac_sha1) is explicitly referenced by RFC 2510, RFC 3370, and RFC 4210. This is essential for the common implementations of CMP (Certificate Managing Protocol, RFC4210). HMAC-MD5's OID {1 3 6 1 5 5 8 1 1} (NID_hmac_md5) is in the same branch and it seems to generally exist (-> Internet search), but it is unclear where it is actually defined as it appears not to be referenced by RFCs and practically rather unused. Those OIDs are both duplicates to OIDs from an RSA OID branch, which are already included in builtin_pbe[]: HMAC-SHA1 also has another OID defined in PKCS#5/RFC2898 (NID_hmacWithSHA1). It is also unclear where the other OID for HMAC-MD5 (NID_hmacWithMD5) from the RSA branch is officially specified, as only HMAC-SHA1 from PKCS#5 was found to be defined. Anyway, HMAC-MD5 likely only plays a neglectable role in the future. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3811)
-
由 Pauli 提交于
Simplify the only test that uses this macro so it doesn't need it anymore. Clean up the formatting a little. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4034)
-
由 Andy Polyakov 提交于
"More" refers to the fact that we make active BIT_INTERLEAVE choice in some specific cases. Update commentary correspondingly. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Even though tm->length >= 15 && v[14] == '.' works in practice, [because "YYYYMMDDHHMMSS." would be rejected as invalid by asn1_time_to_tm,] formal correctness with respect to buffer overstep in few lines vicinity improves readability. [Also fold one if condition and improve expression readability.] Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4058)
-
由 Paul Yang 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4061)
-
由 Paul Yang 提交于
Seems this documentation is not dead, so add this missing part Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4037)
-
由 Ken Goldman 提交于
Document that the RSA_get0_ functions permit a NULL BIGNUM **. Those output parameters are ignored. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4064)
-
- 01 8月, 2017 6 次提交
-
-
由 Matt Caswell 提交于
In TLSv1.3 we can resume, but still get a new session. This adds a test to make sure that is happening. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4068)
-
由 Matt Caswell 提交于
If a new_session_cb is set then it was only ever getting invoked if !s->hit is true. This is sensible for <=TLSv1.2 but does not work for TLSv1.3. Fixes #4045 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4068)
-
由 Paul Yang 提交于
This is to address issue #3932. Support comma-separated string to specify what extensions to be displayed. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4016) Remove redundant variable [to be squashed]
-
由 Xiaoyin Liu 提交于
I scanned all files in the doc folder with a spell checker (https://github.com/EWSoftware/VSSpellChecker). This patch (hopefully) corrected all spell errors that it found. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4065)
-
由 Bernd Edlinger 提交于
The memory blocks contain secret data and must be cleared before returning to the system heap. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4062)
-
由 Todd Short 提交于
Some extensions were being displayed twice, before they were parsed, and again after they were parsed. The supported_versions extension was not being fully displayed, as it was processed differently than other extensions. Move the debug callback to where the extensions are first collected, to catch all the extensions as they come in, so they are ordered correctly. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3911)
-
- 31 7月, 2017 14 次提交
-
-
由 David Benjamin 提交于
The names of these ciphers have an "SSL_" prefix, but the RFC names use "TLS_": https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4 This dates back to these ciphers being originally defined in SSLv3. As SSLv3 is on its way out anyway and this is a new set of APIs, consistently use the TLS names. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4007)
-
由 Xiaoyin Liu 提交于
TLS_ST_SR_NEXT_PROTO means "SSLv3/TLS read next proto" Fix typo in the message for TLS_ST_SW_CERT_STATUS Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4054)
-
由 Xiaoyin Liu 提交于
I think it's better to use `GetFileAttributes` to obtain the attributes of a file than `FindFirstFile`. If the input name contains `*`, this function should return failure rather than check whether the first match happens to be a file or a directory. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3991)
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
[And move misplaced macros.] Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Xiaoyin Liu 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4056)
-
由 Paul Yang 提交于
Check time string format before parsing Reduce more duplicated code By involving asn1_time_to_tm, we can now get information we mostly need to print a time string. This follows what was discussed at https://github.com/openssl/openssl/pull/4001#discussion_r129092251Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4039)
-
由 Xiaoyin Liu 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4053)
-
由 Xiaoyin Liu 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4052)
-
由 Paul Yang 提交于
To state the fractional seconds part will be lost in the conversion. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4041)
-
由 Xiaoyin Liu 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4049)
-
由 Xiaoyin Liu 提交于
Remove the function prototypes for ssl_cert_get0_next_certificate, ssl_set_default_md, tls1_shared_list, dtls1_send_newsession_ticket, tls1_ctrl, and tls1_callback_ctrl, all of which are not defined. It also changed the signature of the function pqueue_next to `pitem *pqueue_next(piterator *item)` in pqueue.c, making it match the prototype in ssl_locl.h. (`piterator *` is equivalent to `pitem **`.) Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4049)
-
由 Xiaoyin Liu 提交于
This patch removes the prototype of function RECORD_LAYER_set_write_sequence from record_locl.h, since this function is not defined. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4051)
-
- 30 7月, 2017 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4015)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4015)
-