- 09 4月, 2016 7 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
A number of new functions have been added following the DH and DH_METHOD opacity commits. This commit provides documentation for those functions. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Move the dh_method structure into an internal header file and provide relevant accessors for the internal fields. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Move the dh_st structure into an internal header file and provide relevant accessors for the internal fields. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 08 4月, 2016 12 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
As it turns out branch hints grew as kind of a misconception. In addition their interpretation by GNU assembler is affected by assembler flags and can end up with opposite meaning on different processors. As we have to loose quite a lot on misinterprerations, especially on newer processors, we just omit them altogether. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Andy Polyakov 提交于
Since NDEBUG is defined unconditionally on command line for release builds, we can omit *_DEBUG options in favour of effective "all-on" in debug builds exercised though CI. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Andy Polyakov 提交于
... and refine /MT vs. /MD flag handling. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Without proper cleanup after DLL link failure second attempt to run nmake would actually proceed and failure will be "shifted" to run time. This is because libcrypto.lib import library is generated even if DLL link fails. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
pointers, except for minimal std[in|out|err]. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
Signed-off-by: NRob Percival <robpercival@google.com> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Viktor Dukhovni 提交于
Suppress CT callbacks with aNULL or PSK ciphersuites that involve no certificates. Ditto when the certificate chain is validated via DANE-TA(2) or DANE-EE(3) TLSA records. Also skip SCT processing when the chain is fails verification. Move and consolidate CT callbacks from libcrypto to libssl. We also simplify the interface to SSL_{,CTX_}_enable_ct() which can specify either a permissive mode that just collects information or a strict mode that requires at least one valid SCT or else asks to abort the connection. Simplified SCT processing and options in s_client(1) which now has just a simple pair of "-noct" vs. "-ct" options, the latter enables the permissive callback so that we can complete the handshake and report all relevant information. When printing SCTs, print the validation status if set and not valid. Signed-off-by: NRob Percival <robpercival@google.com> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Viktor Dukhovni 提交于
The original check for != SSL_VERIFY_NONE can give surprising results when flags SSL_VERIFY_PEER is not set, but other flags are. Note that SSL_VERIFY_NONE (0) is not a flag bit, it is rather the absense of all other flag bits. Signed-off-by: NRob Percival <robpercival@google.com> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 David Benjamin 提交于
Free up parsed X509_NAME structure if the CertificateRequest message contains excess data. The security impact is considered insignificant. This is a client side only leak and a large number of connections to malicious servers would be needed to have a significant impact. This was found by libFuzzer. Reviewed-by: NEmilia Käsper <emilia@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 07 4月, 2016 6 次提交
-
-
由 Richard Levitte 提交于
The environment variables TOP, SRCTOP, BLDTOP, ... are used to affect the testing framework. However, subprocesses may want to use them as well, and therefore need their values corrected when we move to a different directory. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Emilia Kasper 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Emilia Kasper 提交于
We used to symlink generate_ssl_tests.pl to the build directory. Now that the build scripts look for sources in both directories, this is no longer necessary (see commit fbd361ea). Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 06 4月, 2016 15 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Move rsa_meth_st away from public headers. Add RSA_METHOD creator/destructor functions. Add RSA_METHOD accessor/writer functions. Adapt all other source to use the creator, destructor, accessors and writers. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Move rsa_st away from public headers. Add accessor/writer functions for the public RSA data. Adapt all other source to use the accessors and writers. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
Misc fixes for no-ocsp Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
When config'd with "no-async" the ASYNC_NULL implementation is used, so async symbols still exist. We should still init the NULL implementation so that when we get the async ctx it is NULL rather than undefined. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
[.test]ssltest.c was renamed to [.test]ssltest_old.c, reflect that in descrip.mms.tmpl. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andrea Grandi 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-