- 12 10月, 2017 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4485)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4503)
-
- 07 10月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Rewrite the -req-nodes flag from CA.pl (idea from Andy) Rewrite ERR_string_error_n Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4478)
-
- 04 10月, 2017 1 次提交
-
-
由 Todd Short 提交于
When an SSL's context is swtiched from a ticket-enabled context to a ticket-disabled context in the servername callback, no session-id is generated, so the session can't be resumed. If a servername callback changes the SSL_OP_NO_TICKET option, check to see if it's changed to disable, and whether a session ticket is expected (i.e. the client indicated ticket support and the SSL had tickets enabled at the time), and whether we already have a previous session (i.e. s->hit is set). In this case, clear the ticket-expected flag, remove any ticket data and generate a session-id in the session. If the SSL hit (resumed) and switched to a ticket-disabled context, assume that the resumption was via session-id, and don't bother to update the session. Before this fix, the updated unit-tests in 06-sni-ticket.conf would fail test #4 (server1 = SNI, server2 = no SNI). Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/1529)
-
- 29 9月, 2017 1 次提交
-
-
由 Pauli 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4431)
-
- 15 9月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4371)
-
- 14 9月, 2017 1 次提交
-
-
由 Paul Yang 提交于
A new method is added to EVP_PKEY_METH as: int (*check) (EVP_PKEY_CTX *ctx); and to EVP_PKEY_ASN1_METHOD as: int (*pkey_check) (EVP_PKEY_CTX *ctx); This is used to check the validity of a specific key. The order of calls is: EVP_PKEY_check -> pmeth.check -> ameth.pkey_check. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4337)
-
- 09 9月, 2017 1 次提交
-
-
由 Richard Levitte 提交于
This allows completely arbitrary passphrases to be entered, including NUL bytes. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3821)
-
- 01 9月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4294)
-
- 31 8月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
SNI and ALPN must be set to be consistent with the PSK. Otherwise this is an error. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
- 30 8月, 2017 1 次提交
-
-
由 Jon Spillett 提交于
AEAD cipher mode implementation is based on that used for AES: https://tools.ietf.org/html/rfc5116 TLS GCM cipher suites as specified in: https://tools.ietf.org/html/rfc6209Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4287)
-
- 22 8月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4217)
-
- 18 8月, 2017 2 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 15 8月, 2017 1 次提交
-
-
由 Richard Levitte 提交于
This allows callers to set a mark, and then clear it without removing the errors. Useful in case an error is encountered that should be returned up the call stack. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4094)
-
- 12 8月, 2017 1 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4137)
-
- 08 8月, 2017 1 次提交
-
-
由 Johannes Bauer 提交于
Add an interface that allows accessing the scrypt KDF as a PKEY_METHOD. This fixes #4021 (at least for the scrypt portion of the issue). Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NStephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4026)
-
- 03 8月, 2017 5 次提交
-
-
由 Rich Salz 提交于
Add a new global DRBG for private keys used by RAND_priv_bytes. Add BN_priv_rand() and BN_priv_rand_range() which use RAND_priv_bytes(). Change callers to use the appropriate BN_priv... function. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4076)
-
由 Johannes Bauer 提交于
This was previously mistakenly handled as a single error code. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NStephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
-
由 Johannes Bauer 提交于
Changed HKDF to use EVP_PKEY_CTX_md() (review comment of @snhenson) and introduced more specific error codes (not only indicating *that* some parameter is missing, but actually *which* one it is). Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NStephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
-
由 Johannes Bauer 提交于
HKDF now handles an invalid digest like TLS1-PRF does (i.e., returns KDF_R_INVALID_DIGEST if the passed digest is not known). Both KDFs now set the error code KDF_R_UNKNOWN_PARAMETER_TYPE if a type was passed that is not recognized. This will have the effect of improving debugging output in case a user uses "openssl pkeyutl -kdf ..." in a wrong way and result in an actual error code (instead of just "failure" and an empty error stack). Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NStephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
-
由 Johannes Bauer 提交于
Introduce KDF_F_PKEY_HKDF_DERIVE and return the KDF_R_MISSING_PARAMETER error code when required parameters have not been set. This will make "openssl pkeyutl -kdf HKDF" return a meaningful error message instead of simply "Public Key operation error". Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NStephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
-
- 27 7月, 2017 1 次提交
-
-
由 Benjamin Kaduk 提交于
This symbol was added in commit d33b215b but was only used in certain (presumed uncommon) preprocessor conditionals, as no build failures have been reported yet. Reported by Balaji Marisetti. Closes: #4029 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4030)
-
- 19 7月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Ported from the last FIPS release, with DUAL_EC and SHA1 and the self-tests removed. Since only AES-CTR is supported, other code simplifications were done. Removed the "entropy blocklen" concept. Moved internal functions to new include/internal/rand.h. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3789)
-
- 16 7月, 2017 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3907)
-
- 14 7月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Unsigned overflow. Thanks to Brian Carpenter for reporting this. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3887)
-
- 13 7月, 2017 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-
- 07 7月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Document an internal assumption that these are only for use with files, and return an error if not. That made the code much simpler. Leave it as writing 1024 bytes, even though we don't need more than 256 from a security perspective. But the amount isn't specified, now, so we can change it later if we want. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3864)
-
- 06 7月, 2017 2 次提交
-
-
由 Rich Salz 提交于
[extended tests] Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3700)
-
由 Rich Salz 提交于
Comment in the commit: /* Ignore NULLs, thanks to Bob Beck <beck@obtuse.com> */ Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3700)
-
- 03 7月, 2017 1 次提交
-
-
由 Richard Levitte 提交于
Instead, make it possible to disable the console reader that's part of the UI module. This makes it possible to use the UI API and other UI methods in environments where the console reader isn't useful. To disable the console reader, configure with 'no-ui-console' / 'disable-ui-console'. 'no-ui' / 'disable-ui' is now an alias for 'no-ui-console' / 'disable-ui-console'. Fixes #3806 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3820)
-
- 30 6月, 2017 3 次提交
-
-
由 Richard Levitte 提交于
Most of the loader function pointers are crucial, they must be defined unconditionally. Therefore, let's make sure OSSL_STORE_register_loader refuses to register incomplete loaders Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3805)
-
由 Richard Levitte 提交于
store_attach_pem_bio() creates a STORE_CTX with the 'file' scheme loader backend in PEM reading mode on an already opened BIO. store_detach_pem_bio() detaches the STORE_CTX from the BIO and destroys it (without destroying the BIO). These two functions can be used in place of STORE_open() and STORE_close(), and are present as internal support for other OpenSSL functions. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2745)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3483)
-
- 29 6月, 2017 6 次提交
-
-
由 Richard Levitte 提交于
This has it recognised when the given path is a directory. In that case, the file loader will give back a series of names, all as URI formatted as possible given the incoming URI. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3542)
-
由 Richard Levitte 提交于
Add a separate handler for encrypted PKCS#8 data. This uses the new restart functionality. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3542)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3542)
-
由 Richard Levitte 提交于
Some containers might very simply decode into something new that deserves to be considered as new (embedded) data. With the help of a special OSSL_STORE_INFO type, make that new data available to the loader functions so they can start over. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3542)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3542)
-
由 Richard Levitte 提交于
Containers are objects that are containers for a bunch of other objects with types we recognise but aren't readable in a stream. Such containers are read and parsed, and their content is cached, to be served one object at a time. This extends the FILE_HANDLER type to include a function to destroy the cache and a function to simulate the EOF check. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3542)
-