- 04 2月, 2016 5 次提交
-
-
由 Richard Levitte 提交于
Added functions: BIO_socket BIO_connect BIO_listen BIO_accept_ex BIO_closesocket BIO_sock_info These get deprecated: BIO_gethostbyname BIO_get_port BIO_get_host_ip BIO_get_accept_socket BIO_accept Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Because of the way bio_lcl.h is organised, we must not include internal/cryptlib.h before it. As a matter of fact, bio_lcl.h includes internal/cryptlib.h on its own. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Because different platforms have different levels of support for IPv6, different kinds of sockaddr variants, and some have getaddrinfo et al while others don't, we could end up with a mess if ifdefs, duplicate code and other maintainance nightmares. Instead, we're introducing wrappers around the common form for socket communication: BIO_ADDR, closely related to struct sockaddr and some of its variants. BIO_ADDRINFO, closely related to struct addrinfo. With that comes support routines, both convenient creators and accessors, plus a few utility functions: BIO_parse_hostserv, takes a string of the form host:service and splits it into host and service. It checks for * in both parts, and converts any [ipv6-address] syntax to ust the IPv6 address. BIO_lookup, looks up information on a host. All routines handle IPv4 (AF_INET) and IPv6 (AF_INET6) addresses, and there is support for local sockets (AF_UNIX) as well. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Emilia Kasper 提交于
Accept leading 0-byte in PKCS1 type 1 padding. Internally, the byte is stripped by BN_bn2bin but external callers may have other expectations. Reviewed-by: Kurt Roeckx<kurt@openssl.org>
-
- 03 2月, 2016 5 次提交
-
-
由 FdaSilvaYY 提交于
... related to engine_ref_debug macro. Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Dr. Stephen Henson 提交于
Add new function BN_bn2binpad() which checks the length of the output buffer and pads the result with zeroes if necessary. New functions BN_bn2lebinpad() and BN_lebin2bn() which use little endian format. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dmitry-Me 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Emilia Kasper 提交于
Remove ancient unused configuration file in crypto/conf. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 01 2月, 2016 12 次提交
-
-
由 Emilia Kasper 提交于
PACKET contents should be read-only. To achieve this, also - constify two user callbacks - constify BUF_reverse. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dmitry-Me 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
Now that we have the foundation for the "unified" build scheme in place, we add build.info files. They have been generated from the Makefiles in the same directories. Things that are platform specific will appear in later commits. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Richard Levitte 提交于
The "unified" build scheme revolves around small information files, build.info, which each describe their own bit of everything that needs to be built, using a mini-language described in Configurations/README. The information in build.info file contain references to source files and final result. Object files are not mentioned at all, they are simply from source files. Because of this, all the *_obj items in Configurations/*.conf are renamed to *_asm_src and the files listed in the values are change from object files to their corresponding source files. For the sake of the other build schemes, Configure generates corresponding *_obj entries in %target. Furthermore, the "unified" build scheme supports having a build directory tree separate from the source directry tree. All paths in a build.info file is assumed to be relative to its location, either within the source tree or within the build tree. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Viktor Dukhovni 提交于
When auxiliary data contains only reject entries, continue to trust self-signed objects just as when no auxiliary data is present. This makes it possible to reject specific uses without changing what's accepted (and thus overring the underlying EKU). Added new supported certs and doubled test count from 38 to 76. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Viktor Dukhovni 提交于
This includes basic constraints, key usages, issuer EKUs and auxiliary trust OIDs (given a trust suitably related to the intended purpose). Added tests and updated documentation. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
d2i_ECPrivateKey always caculates the public key so there is no need to caculate it again in eckey_priv_decode(). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
New functions to return internal pointer for order and cofactor. This avoids the need to allocate a new BIGNUM which to copy the value to. Simplify code to use new functions. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Daniel Kahn Gillmor 提交于
Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 31 1月, 2016 4 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Rich Salz 提交于
There was an unused macro in ssl_locl.h that used an internal type, so I removed it. Move bio_st from bio.h to ossl_type.h Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Rich Salz 提交于
Can't hurt and seems to prevent problems from some over-aggressive (LTO?) compilers. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
PR#4280 Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 30 1月, 2016 3 次提交
-
-
由 Viktor Dukhovni 提交于
As a side-effect of opaque x509, ex_flags were looked up too early, before additional policy cache updates. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
The lflags configuration had a weird syntax with a % as separator. If it was present, whatever came before ended up as PEX_LIBS in Makefile (usually, this is LDFLAGS), while whatever came after ended up as EX_LIBS. This change splits that item into lflags and ex_libs, making their use more explicit. Also, PEX_LIBS in all the Makefiles are renamed to LDFLAGS. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 29 1月, 2016 7 次提交
-
-
由 Viktor Dukhovni 提交于
By default X509_check_trust() trusts self-signed certificates from the trust store that have no explicit local trust/reject oids encapsulated as a "TRUSTED CERTIFICATE" object. (See the -addtrust and -trustout options of x509(1)). This commit adds a flag that makes it possible to distinguish between that implicit trust, and explicit auxiliary settings. With flags |= X509_TRUST_NO_SS_COMPAT, a certificate is only trusted via explicit trust settings. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Emilia Kasper 提交于
The use of the uninitialized buffer in the RNG has no real security benefits and is only a nuisance when using memory sanitizers. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Matt Caswell 提交于
During precomputation if the group given is well known then we memcpy a well known precomputation. However we go the wrong label in the code and don't store the data properly. Consequently if we call have_precompute_mult the data isn't there and we return 0. RT#3600 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The function DH_check_pub_key() was missing some return value checks in some calls to BN functions. RT#4278 Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
PR#4277 Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Rich Salz 提交于
These tests are not built, and only usable as hand-tests so not worth moving into our test framework. This closes https://github.com/openssl/openssl/pull/561 and RT 4252 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 28 1月, 2016 4 次提交
-
-
由 Matt Caswell 提交于
Historically OpenSSL only ever generated DH parameters based on "safe" primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Where an application is using DH configured with parameters based on primes that are not "safe" then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same DH exponent. A simple mitigation is to ensure that y^q (mod p) == 1 CVE-2016-0701 Issue reported by Antonio Sanso. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Viktor Dukhovni 提交于
This fixes clang compilation problem with size_t NUMPRIMES and int loop counters. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Also turn B<foo> into foo() in the pod page. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-