- 08 1月, 2018 2 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5001)
-
由 Andy Polyakov 提交于
This is based on RT#3810, which added dedicated modular inversion. ECDSA verify results improves as well, but not as much. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5001)
-
- 07 1月, 2018 4 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5028)
-
由 Rich Salz 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4906)
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5002)
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5002)
-
- 06 1月, 2018 4 次提交
-
-
由 Konstantin Shemyak 提交于
Fixes #4996. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4997)
-
由 Bernd Edlinger 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5025)
-
由 Bernd Edlinger 提交于
Add comments to no longer usable ciphers. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5023)
-
由 Viktor Dukhovni 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu>
-
- 05 1月, 2018 2 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5016)
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5011)
-
- 04 1月, 2018 3 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
The changes are analogous to the ones made in commit 0bf340e1 to x509.pod, see PR #4924. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5012)
-
由 Dr. Matthias St. Pierre 提交于
The DRGB concept described in NIST SP 800-90A provides for having different algorithms to generate random output. In fact, the FIPS object module used to implement three of them, CTR DRBG, HASH DRBG and HMAC DRBG. When the FIPS code was ported to master in #4019, two of the three algorithms were dropped, and together with those the entire code that made RAND_DRBG generic was removed, since only one concrete implementation was left. This commit restores the original generic implementation of the DRBG, making it possible again to add additional implementations using different algorithms (like RAND_DRBG_CHACHA20) in the future. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4998)
-
由 Dr. Matthias St. Pierre 提交于
The generic part of the FIPS DRBG was implemented in fips_drbg_lib.c and the algorithm specific parts in fips_drbg_<alg>.c for <alg> in {ctr, hash, hmac}. Additionally, there was the module fips_drbg_rand.c which contained 'gluing' code between the RAND_METHOD api and the FIPS DRBG. When the FIPS code was ported to master in #4019, for some reason the ctr-drbg implementation from fips_drbg_ctr.c ended up in drbg_rand.c instead of drbg_ctr.c. This commit renames the module drbg_rand.c back to drbg_ctr.c, thereby restoring a simple relationship between the original fips modules and the drbg modules in master: fips_drbg_lib.c => drbg_lib.c /* generic part of implementation */ fips_drbg_<alg>.c => drbg_<alg>.c /* algorithm specific implementations */ Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4998)
-
- 03 1月, 2018 2 次提交
-
-
由 Benjamin Kaduk 提交于
Add a regression test for the functionality enabled in the previous commit. [extended tests] Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4463)
-
由 Benjamin Kaduk 提交于
Although this is forbidden by all three(!) relevant specifications, there seem to be multiple server implementations in the wild that send it. Since we didn't check for unexpected extensions in any given message type until TLS 1.3 support was added, our previous behavior was to silently accept these extensions and pass them over to the custom extension callback (if any). In order to avoid regression of functionality, relax the check for "extension in unexpected context" for this specific case, but leave the protocol enforcment mechanism unchanged for other extensions and in other extension contexts. Leave a detailed comment to indicate what is going on. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4463)
-
- 02 1月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
A TLSv1.3 Certificate Request message was issuing a "Message length parse error" using the -trace option to s_server/s_client. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5008)
-
由 Daniel Bevenius 提交于
Similar to commit 17b60280( "Remove extra `the` in SSL_SESSION_set1_id.pod"), this commit removes typos where additional 'the' have been added. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4999)
-
- 29 12月, 2017 5 次提交
-
-
由 Richard Levitte 提交于
Following the changes that removed Makefile.shared, we also changed the generation of .def / .map / .opt files from ordinals more explicit, removing the need to the "magic" ORDINALS declaration. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4993)
-
由 Andy Polyakov 提交于
"Double" is in quotes because improvement coefficient varies significantly depending on platform and compiler. You're likely to measure ~2x improvement on popular desktop and server processors, but not so much on mobile ones, even minor regression on ARM Cortex series. Latter is because they have rather "weak" umulh instruction. On low-end x86_64 problem is that contemporary gcc and clang tend to opt for double-precision shift for >>51, which can be devastatingly slow on some processors. Just in case for reference, trick is to use 2^51 radix [currently only for DH]. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Now that we attempt to send early data in the first TCP packet along with the ClientHello, the documentation for SSL_write_early_data() needed a tweak. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4802)
-
由 Matt Caswell 提交于
We don't keep track of the number of bytes written between in the SSL_write_ex() call and the subsequent flush. If the flush needs to be retried then we will have forgotten how many bytes actually got written. The simplest solution is to just disable it for this scenario. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4802)
-
由 Matt Caswell 提交于
We'd like the first bit of early_data and the ClientHello to go in the same TCP packet if at all possible to enable things like TCP Fast Open. Also, if you're only going to send one block of early data then you also don't need to worry about TCP_NODELAY. Fixes #4783 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4802)
-
- 28 12月, 2017 1 次提交
-
-
由 Richard Levitte 提交于
The idea is to be able to add extension value lines directly on the command line instead of through the config file, for example: openssl req -new -extension 'subjectAltName = DNS:dom.ain, DNS:oth.er' \ -extension 'certificatePolicies = 1.2.3.4' Fixes #3311 Thank you Jacob Hoffman-Andrews for the inspiration Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4986)
-
- 27 12月, 2017 3 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4981)
-
由 Andy Polyakov 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4974)
-
由 Richard Levitte 提交于
The simplifications that were made when Makefile.shared was removed didn't work quite right. Also, this is what we do on Unix and Windows anyway, so this makes us more consistent across all platforms. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4982)
-
- 26 12月, 2017 2 次提交
-
-
由 Paul Yang 提交于
Variables n, d, p are no longer there. [skip ci] Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4894)
-
由 Daniel Bevenius 提交于
This commit is a suggestion to hopefully improve x509.pod. I had to re-read it the first time through and with these changes it reads a little easier, and wondering if others agree. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4924)
-
- 25 12月, 2017 1 次提交
-
-
由 Kurt Roeckx 提交于
This comment was correct for the original commit introducing this function (5a3d21c0), but was fixed in commit d2fa1829 (and 67b8bcee) Reviewed-by: NBen Kaduk <kaduk@mit.edu> GH: #4975
-
- 23 12月, 2017 1 次提交
-
-
由 Andy Polyakov 提交于
Hardware used for benchmarking courtesy of Atos, experiments run by Romain Dolbeau <romain.dolbeau@atos.net>. Kudos! Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4855)
-
- 22 12月, 2017 2 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4948)
-
由 Daniel Bevenius 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4969)
-
- 18 12月, 2017 6 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4949)
-
由 Richard Levitte 提交于
This is because VMS perl will otherwise lowercase them Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4946)
-
由 Richard Levitte 提交于
It is a hack, but it existed in the recently removed Makefile.shared, and its use is documented in fuzz/README.md, so we cannot drop it now. Fixes https://github.com/google/oss-fuzz/issues/1037Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4947)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4950)
-
由 Dr. Matthias St. Pierre 提交于
Previously, the RAND_DRBG_uninstantiate() call was not exactly inverse to RAND_DRBG_instantiate(), because some important member values of the drbg->ctr member where cleared. Now these values are restored internally. Signed-off-by: NDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4402)
-
由 Dr. Matthias St. Pierre 提交于
Signed-off-by: NDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4402)
-