- 31 1月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
PR#4280 Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 30 1月, 2016 14 次提交
-
-
由 Richard Levitte 提交于
Not all architectures have a time_t defined the same way. To make sure we get the same result, we need to cast &checkoffset to (intmax_t *) and make sure that intmax_t is defined somehow. To make really sure we don't pass a variable with the wrong size down to opt_imax(), we use a temporary intmax_t. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Also remove $Makefile variable :) Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Viktor Dukhovni 提交于
As a side-effect of opaque x509, ex_flags were looked up too early, before additional policy cache updates. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
This is a time_t and can be zero or negative. So use 'M' (maximal signed int) not 'p' (positive int). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Some last lflags to convert to ex_libs or a combo of lflags and ex_libs Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
The lflags configuration had a weird syntax with a % as separator. If it was present, whatever came before ended up as PEX_LIBS in Makefile (usually, this is LDFLAGS), while whatever came after ended up as EX_LIBS. This change splits that item into lflags and ex_libs, making their use more explicit. Also, PEX_LIBS in all the Makefiles are renamed to LDFLAGS. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
A few more sub-joins could be replaced with calls to add() and add_before() Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
This reverts commit a450326e. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Remove depend hacks from demos/engines. Remove clean-depend; just call makedepend (or $CC -M) and use that. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 29 1月, 2016 15 次提交
-
-
由 Viktor Dukhovni 提交于
By default X509_check_trust() trusts self-signed certificates from the trust store that have no explicit local trust/reject oids encapsulated as a "TRUSTED CERTIFICATE" object. (See the -addtrust and -trustout options of x509(1)). This commit adds a flag that makes it possible to distinguish between that implicit trust, and explicit auxiliary settings. With flags |= X509_TRUST_NO_SS_COMPAT, a certificate is only trusted via explicit trust settings. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Emilia Kasper 提交于
The use of the uninitialized buffer in the RNG has no real security benefits and is only a nuisance when using memory sanitizers. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Rich Salz 提交于
This is a followin from !1738, we no longer need those variables. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Add tests for have_precompute_mult for the optimised curves (nistp224, nistp256 and nistp521) if present Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
During precomputation if the group given is well known then we memcpy a well known precomputation. However we go the wrong label in the code and don't store the data properly. Consequently if we call have_precompute_mult the data isn't there and we return 0. RT#3600 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The function DH_check_pub_key() was missing some return value checks in some calls to BN functions. RT#4278 Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Matt Caswell 提交于
A new return value for DH_check_pub_key was recently added: DH_CHECK_PUBKEY_INVALID. As this is a flag which can be ORed with other return values it should have been set to the value 4 not 3. RT#4278 Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Matt Caswell 提交于
This extends the existing async functionality to SSL_shutdown(), i.e. SSL_shutdown() can now casuse an SSL_ERROR_WANT_ASYNC error to be returned from SSL_get_error() if async mode has been enabled. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
PR#4277 Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
These tests are not built, and only usable as hand-tests so not worth moving into our test framework. This closes https://github.com/openssl/openssl/pull/561 and RT 4252 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Add enable-crypto-mdebug enable-rc5 enable-md2 to any target that was --strict-warnings. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 28 1月, 2016 10 次提交
-
-
由 Matt Caswell 提交于
Add details about the latest issues fixed in the forthcoming release. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Following on from the previous commit, add a test to ensure that DH_compute_key correctly fails if passed a bad y such that: y^q (mod p) != 1 Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Matt Caswell 提交于
Historically OpenSSL only ever generated DH parameters based on "safe" primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Where an application is using DH configured with parameters based on primes that are not "safe" then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same DH exponent. A simple mitigation is to ensure that y^q (mod p) == 1 CVE-2016-0701 Issue reported by Antonio Sanso. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Viktor Dukhovni 提交于
This fixes clang compilation problem with size_t NUMPRIMES and int loop counters. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Also turn B<foo> into foo() in the pod page. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Also cleaned up bn_prime.pl to current coding style. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Rich Salz 提交于
Many options for supporting optimizations for legacy crypto on legacy platforms have been removed. This simplifies the source code and does not really penalize anyone. DES_PTR (always on) DES_RISC1, DES_RISC2 (always off) DES_INT (always 'unsigned int') DES_UNROLL (always on) BF_PTR (always on) BF_PTR2 (removed) MD2_CHAR, MD2_LONG (always 'unsigned char') IDEA_SHORT, IDEA_LONG (always 'unsigned int') RC2_SHORT, RC2_LONG (always 'unsigned int') RC4_LONG (only int and char (for assembler) are supported) RC4_CHUNK (always long), RC_CHUNK_LL (removed) RC4_INDEX (always on) And also make D_ENCRYPT macro more clear (@appro) This is done in consultation with Andy. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Richard Levitte 提交于
A mistake was made and the setting of this config variable got reverted to an older behavior. This restores the latest. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-