- 10 12月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
Misc updates to the CHANGES and NEWS files ready for the alpha release. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Todo: update documentation. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 08 12月, 2015 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 07 12月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 06 12月, 2015 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> MR: #364
-
- 05 12月, 2015 3 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Kurt Roeckx 提交于
SSL_{CTX}_set_tmp_ecdh() allows to set 1 EC curve and then tries to use it. On the other hand SSL_{CTX_}set1_curves() allows you to set a list of curves, but only when SSL_{CTX_}set_ecdh_auto() was called to turn it on. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Kurt Roeckx 提交于
This only gets used to set a specific curve without actually checking that the peer supports it or not and can therefor result in handshake failures that can be avoided by selecting a different cipher. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 02 12月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Add CRYPTO_free_ex_index (for shared libraries) Unify and complete the documentation for all "ex_data" API's and objects. Replace xxx_get_ex_new_index functions with a macro. Added an exdata test. Renamed the ex_data internal datatypes. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 21 11月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
Add some clarifications to the async documentation. Also changed ASYNC_pause_job() so that it returns success if you are not within the context of a job. This is so that engines can be used either asynchronously or synchronously and can treat an error from ASYNC_pause_job() as a real error. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Add a CHANGES entry for the new async code. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 18 11月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Final part of flushing out SSLEay API's. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 31 10月, 2015 1 次提交
-
-
由 Rich Salz 提交于
All instances of SSLeay (any combination of case) were replaced with the case-equivalent OpenSSL. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 30 10月, 2015 4 次提交
-
-
由 Matt Caswell 提交于
Remove all the defines for the old state machines states. Mapping old to new is probably going to cause more problems than it solves so it is probably better to just remove them. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
SSL_state has been replaced by SSL_get_state and SSL_set_state is no longer supported. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Rename the enum HANDSHAKE_STATE to OSSL_HANDSHAKE_STATE to ensure there are no namespace clashes, and convert it into a typedef. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Update the CHANGES file for the state machine rewrite Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 27 10月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 16 10月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
There are a number of engines in the OpenSSL source code which are now obsolete. The following engines have been removed: 4758cca, aep, atalla, cswift, nuron, sureware. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 15 10月, 2015 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Emilia Kasper 提交于
Thanks to the OpenBSD community for bringing this to our attention. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 01 10月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
This patch updates the "DEFAULT" cipherstring to be "ALL:!COMPLEMENTOFDEFAULT:!eNULL". COMPLEMENTOFDEFAULT is now defined internally by a flag on each ciphersuite indicating whether it should be excluded from DEFAULT or not. This gives us control at an individual ciphersuite level as to exactly what is in DEFAULT and what is not. Finally all DES, RC4 and RC2 ciphersuites are added to COMPLEMENTOFDEFAULT and hence removed from DEFAULT. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 30 9月, 2015 1 次提交
-
-
由 David Woodhouse 提交于
Much related/similar work also done by Ivan Nestlerode <ivan.nestlerode@sonos.com> +Replace FILE BIO's with dummy ops that fail. +Include <stdio.h> for sscanf() even with no-stdio (since the declaration is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment variable, since it can be larger than a 'long'. And we don't rely on the availability of strtoull(). +Remove OPENSSL_stderr(); not used. +Make OPENSSL_showfatal() do nothing (currently without stdio there's nothing we can do). +Remove file-based functionality from ssl/. The function prototypes were already gone, but not the functions themselves. +Remove unviable conf functionality via SYS_UEFI +Add fallback definition of BUFSIZ. +Remove functions taking FILE * from header files. +Add missing DECLARE_PEM_write_fp_const +Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out, so remove its prototype. +Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid(). +Eliminate SRP_VBASE_init() and supporting functions. Users will need to build the verifier manually instead. +Eliminate compiler warning for unused do_pk8pkey_fp(). +Disable TEST_ENG_OPENSSL_PKEY. +Disable GOST engine as is uses [f]printf all over the place. +Eliminate compiler warning for unused send_fp_chars(). Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 18 9月, 2015 1 次提交
-
-
由 Emilia Kasper 提交于
Rewrite EVP_DecodeUpdate. In particular: reject extra trailing padding, and padding in the middle of the content. Don't limit line length. Add tests. Previously, the behaviour was ill-defined, and depended on the position of the padding within the input. In addition, this appears to fix a possible two-byte oob read. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NDr Stephen Henson <steve@openssl.org>
-
- 07 9月, 2015 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 28 8月, 2015 1 次提交
-
-
由 Ismo Puustinen 提交于
If the seed value for dsa key generation is too short (< qsize), return an error. Also update the documentation. Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 25 8月, 2015 1 次提交
-
-
由 janpopan 提交于
Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 01 8月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Thanks folks: 348 Benjamin Kaduk 317 Christian Brueffer 254 Erik Tews 253 Erik Tews 219 Carl Mehner 155 (ghost) 95 mancha 51 DominikNeubauer Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 30 7月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 27 7月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
This flag was not set anywhere within the codebase (only read). It could only be set by an app reaching directly into s->s3->flags and setting it directly. However that method became impossible when libssl was opaquified. Even in 1.0.2/1.0.1 if an app set the flag directly it is only relevant to ssl3_connect(), which calls SSL_clear() during initialisation that clears any flag settings. Therefore it could take effect if the app set the flag after the handshake has started but before it completed. It seems quite unlikely that any apps really do this (especially as it is completely undocumented). The purpose of the flag is suppress flushing of the write bio on the client side at the end of the handshake after the client has written the Finished message whilst resuming a session. This enables the client to send application data as part of the same flight as the Finished message. This flag also controls the setting of a second flag SSL3_FLAGS_POP_BUFFER. There is an interesting comment in the code about this second flag in the implementation of ssl3_write: /* This is an experimental flag that sends the * last handshake message in the same packet as the first * use data - used to see if it helps the TCP protocol during * session-id reuse */ It seems the experiment did not work because as far as I can tell nothing is using this code. The above comment has been in the code since SSLeay. This commit removes support for SSL3_FLAGS_DELAY_CLIENT_FINISHED, as well as the associated SSL3_FLAGS_POP_BUFFER. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 14 7月, 2015 1 次提交
-
-
由 Richard Levitte 提交于
This leaves behind files with names ending with '.iso-8859-1'. These should be safe to remove. If something went wrong when re-encoding, there will be some files with names ending with '.utf8' left behind. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 09 7月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 07 7月, 2015 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 24 6月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Add secure heap for storage of private keys (when possible). Add BIO_s_secmem(), CBIGNUM, etc. Add BIO_CTX_secure_new so all BIGNUM's in the context are secure. Contributed by Akamai Technologies under the Corporate CLA. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 16 6月, 2015 1 次提交
-
-
由 Rich Salz 提交于
When generating a private key, try to make the output file be readable only by the owner. Put it in CHANGES file since it might be noticeable. Add "int private" flag to apps that write private keys, and check that it's set whenever we do write a private key. Checked via assert so that this bug (security-related) gets fixed. Thanks to Viktor for help in tracing the code-paths where private keys are written. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 11 6月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Updates to CHANGES and NEWS to take account of the latest security fixes. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 10 6月, 2015 2 次提交
-
-
由 Emilia Kasper 提交于
This is a workaround so old that nobody remembers what buggy clients it was for. It's also been broken in stable branches for two years and nobody noticed (see https://boringssl-review.googlesource.com/#/c/1694/). Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
The return type of BIO_number_read() and BIO_number_written() as well as the corresponding num_read and num_write members in the BIO structure has been changed from unsigned long to uint64_t. On platforms where an unsigned long is 32 bits (e.g. Windows) these counters could overflow if >4Gb is transferred. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 05 6月, 2015 1 次提交
-
-
由 Github User 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 23 5月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Remove support for the two export grade static DH ciphersuites. These two ciphersuites were newly added (along with a number of other static DH ciphersuites) to 1.0.2. However the two export ones have *never* worked since they were introduced. It seems strange in any case to be adding new export ciphersuites, and given "logjam" it also does not seem correct to fix them. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-