- 19 2月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Add -DBIO_DEBUG to --strict-warnings. Remove comments about outdated debugging ifdef guards. Remove md_rand ifdef guarding an assert; it doesn't seem used. Remove the conf guards in conf_api since we use OPENSSL_assert, not assert. For pkcs12 stuff put OPENSSL_ in front of the macro name. Merge TLS_DEBUG into SSL_DEBUG. Various things just turned on/off asserts, mainly for checking non-NULL arguments, which is now removed: camellia, bn_ctx, crypto/modes. Remove some old debug code, that basically just printed things to stderr: DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG, RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG. Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 12 2月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT This is also RT 4181 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 06 2月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 04 2月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
CRIME protection: disable compression by default, even if OpenSSL is compiled with zlib enabled. Applications can still enable compression by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using the SSL_CONF library to configure compression. SSL_CONF continues to work as before: SSL_CONF_cmd(ctx, "Options", "Compression") enables compression. SSL_CONF_cmd(ctx, "Options", "-Compression") disables compression (now no-op by default). The command-line switch has changed from -no_comp to -comp. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 10 1月, 2016 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NViktor Dukhovni <openssl-users@dukhovni.org>
-
- 02 1月, 2016 2 次提交
-
-
由 Viktor Dukhovni 提交于
The protocol selection code is now consolidated in a few consecutive short functions in a single file and is table driven. Protocol-specific constraints that influence negotiation are moved into the flags field of the method structure. The same protocol version constraints are now applied in all code paths. It is now much easier to add new protocol versions without reworking the protocol selection logic. In the presence of "holes" in the list of enabled client protocols we no longer select client protocols below the hole based on a subset of the constraints and then fail shortly after when it is found that these don't meet the remaining constraints (suiteb, FIPS, security level, ...). Ideally, with the new min/max controls users will be less likely to create "holes" in the first place. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Kurt Roeckx 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 17 12月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} Add #define's for the old names. Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 05 12月, 2015 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 10 11月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
if we have a malloc |x = OPENSSL_malloc(...)| sometimes we check |x| for NULL and sometimes we treat it as a boolean |if(!x) ...|. Standardise the approach in libssl. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 03 10月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 04 9月, 2015 1 次提交
-
-
由 Rich Salz 提交于
After openssl_zalloc, cleanup more "set to 0/NULL" assignments. Many are from github feedback. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 21 7月, 2015 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Add support for loading verify and chain stores in SSL_CONF. Commands to set verify mode and client CA names. Add documentation. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 18 7月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 23 5月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Given the pervasive nature of TLS extensions it is inadvisable to run OpenSSL without support for them. It also means that maintaining the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably not well tested). Therefore it is being removed. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 09 5月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add SSL_use_certiicate_chain file functions: this is works the same way as SSL_CTX_use_certificate_chain_file but for an SSL structure. Update SSL_CONF code to use the new function. Update docs. Update ordinals. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 07 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
For the various string-compare routines (strcmp, strcasecmp, str.*cmp) use "strcmp()==0" instead of "!strcmp()" Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 06 5月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add command line switch entries to table and return SSL_CONF_TYPE_NONE for them in SSL_CONF_cmd_value_type. Update docs. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 05 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
For a local variable: TYPE *p; Allocations like this are "risky": p = OPENSSL_malloc(sizeof(TYPE)); if the type of p changes, and the malloc call isn't updated, you could get memory corruption. Instead do this: p = OPENSSL_malloc(sizeof(*p)); Also fixed a few memset() calls that I noticed while doing this. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 03 5月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add OSSL_NELEM macro to e_os.h to determine the number of elements in an array. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 01 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Don't check for NULL before calling OPENSSL_free Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 25 4月, 2015 1 次提交
-
-
由 Rich Salz 提交于
This is merges the old "rsalz-monolith" branch over to master. The biggest change is that option parsing switch from cascasding 'else if strcmp("-foo")' to a utility routine and somethin akin to getopt. Also, an error in the command line no longer prints the full summary; use -help (or --help :) for that. There have been many other changes and code-cleanup, see bullet list below. Special thanks to Matt for the long and detailed code review. TEMPORARY: For now, comment out CRYPTO_mem_leaks() at end of main Tickets closed: RT3515: Use 3DES in pkcs12 if built with no-rc2 RT1766: s_client -reconnect and -starttls broke RT2932: Catch write errors RT2604: port should be 'unsigned short' RT2983: total_bytes undeclared #ifdef RENEG RT1523: Add -nocert to fix output in x509 app RT3508: Remove unused variable introduced by b09eb246 RT3511: doc fix; req default serial is random RT1325,2973: Add more extensions to c_rehash RT2119,3407: Updated to dgst.pod RT2379: Additional typo fix RT2693: Extra include of string.h RT2880: HFS is case-insensitive filenames RT3246: req command prints version number wrong Other changes; incompatibilities marked with *: Add SCSV support Add -misalign to speed command Make dhparam, dsaparam, ecparam, x509 output C in proper style Make some internal ocsp.c functions void Only display cert usages with -help in verify Use global bio_err, remove "BIO*err" parameter from functions For filenames, - always means stdin (or stdout as appropriate) Add aliases for -des/aes "wrap" ciphers. *Remove support for IISSGC (server gated crypto) *The undocumented OCSP -header flag is now "-header name=value" *Documented the OCSP -header flag Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 25 3月, 2015 3 次提交
-
-
由 Rich Salz 提交于
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free BIO_free BIO_free_all BIO_vfree Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Support loading of key and certificate from the same file if SSL_CONF_FLAG_REQUIRE_PRIVATE is set. This is done by remembering the filename used for each certificate type and attempting to load a private key from the file when SSL_CONF_CTX_finish is called. Update docs. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Start ensuring all OpenSSL "free" routines allow NULL, and remove any if check before calling them. This gets DH_free, DSA_free, RSA_free Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 11 3月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Suggested by John Foley <foleyj@cisco.com>. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 24 1月, 2015 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 22 1月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 16 12月, 2014 1 次提交
-
-
由 Kurt Roeckx 提交于
RT#3625 Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 04 12月, 2014 1 次提交
-
-
由 Kurt Roeckx 提交于
The only support for SSLv2 left is receiving a SSLv2 compatible client hello. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 28 3月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit 1f44dac24d1cb752b1a06be9091bb03a88a8598e)
-
- 04 1月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 14 11月, 2013 1 次提交
-
-
由 Krzysztof Kwiatkowski 提交于
PR#3172
-
- 02 11月, 2013 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Add -ecdh_single option to set SSL_OP_SINGLE_ECDH_USE on the command line. (cherry picked from commit f14a4a861d2d221ed565a75441a218f85b8db530)
-
由 Dr. Stephen Henson 提交于
-
- 22 10月, 2013 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
- 21 10月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-