- 04 2月, 2016 36 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Daniel Black 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Billy Brumley 提交于
Those even order that do not play nicely with Montgomery arithmetic Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Emilia Kasper 提交于
In HMAC_Init_ex, NULL key signals reuse, but in single-shot HMAC, we can allow it to signal an empty key for convenience. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Viktor Szakats 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Kurt Roeckx 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> MR: #1841
-
由 Richard Levitte 提交于
Reviewed-by: NBen Laurie <ben@openssl.org>
-
由 Richard Levitte 提交于
The test program clienthello checks TLS extensions, so there's no point running it when no TLS protocol is available. Reviewed-by: NBen Laurie <ben@openssl.org>
-
由 Richard Levitte 提交于
Otherwise, it could typically always return an empty list, since it's often called first if at all. Reviewed-by: NBen Laurie <ben@openssl.org>
-
由 Rich Salz 提交于
And some others found in the Internet. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Viktor Dukhovni 提交于
When connecting to "localhost" the Proxy's choice of client address family may not match the server's choice address family. Without MultiHomed => 1, the proxy may try the wrong address family first, and give up without trying the other. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Some platforms do not have the latter. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dmitry-Me 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
This makes use of TLSProxy, which was expanded to use IO::Socket::IP (which is a core perl module) or IO::Socket::INET6 (which is said to be more popular) instead IO::Socket::INET if one of them is installed. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Richard Levitte 提交于
s_socket.c gets brutally cleaned out and now consists of only two functions, one for client and the other for server. They both handle AF_INET, AF_INET6 and additionally AF_UNIX where supported. The rest is just easy adaptation. Both s_client and s_server get the new flags -4 and -6 to force the use of IPv4 or IPv6 only. Also, the default host "localhost" in s_client is removed. It's not certain that this host is set up for both IPv4 and IPv6. For example, Debian has "ip6-localhost" as the default hostname for [::1]. The better way is to default |host| to NULL and rely on BIO_lookup() to return a BIO_ADDRINFO with the appropriate loopback address for IPv4 or IPv6 as indicated by the |family| parameter. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
The control commands that previously took a struct sockaddr * have been changed to take a BIO_ADDR * instead. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
This adds a couple of simple tests to see that SSL traffic using the reimplemented BIO_s_accept() and BIO_s_connect() works as expected, both on IPv4 and on IPv6. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Future commits will change our use to newer functions and the pragmas will go away at that time. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Added functions: BIO_socket BIO_connect BIO_listen BIO_accept_ex BIO_closesocket BIO_sock_info These get deprecated: BIO_gethostbyname BIO_get_port BIO_get_host_ip BIO_get_accept_socket BIO_accept Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Because of the way bio_lcl.h is organised, we must not include internal/cryptlib.h before it. As a matter of fact, bio_lcl.h includes internal/cryptlib.h on its own. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Because different platforms have different levels of support for IPv6, different kinds of sockaddr variants, and some have getaddrinfo et al while others don't, we could end up with a mess if ifdefs, duplicate code and other maintainance nightmares. Instead, we're introducing wrappers around the common form for socket communication: BIO_ADDR, closely related to struct sockaddr and some of its variants. BIO_ADDRINFO, closely related to struct addrinfo. With that comes support routines, both convenient creators and accessors, plus a few utility functions: BIO_parse_hostserv, takes a string of the form host:service and splits it into host and service. It checks for * in both parts, and converts any [ipv6-address] syntax to ust the IPv6 address. BIO_lookup, looks up information on a host. All routines handle IPv4 (AF_INET) and IPv6 (AF_INET6) addresses, and there is support for local sockets (AF_UNIX) as well. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Emilia Kasper 提交于
Accept leading 0-byte in PKCS1 type 1 padding. Internally, the byte is stripped by BN_bn2bin but external callers may have other expectations. Reviewed-by: Kurt Roeckx<kurt@openssl.org>
-
由 Michael Lee 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Emilia Kasper 提交于
CRIME protection: disable compression by default, even if OpenSSL is compiled with zlib enabled. Applications can still enable compression by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using the SSL_CONF library to configure compression. SSL_CONF continues to work as before: SSL_CONF_cmd(ctx, "Options", "Compression") enables compression. SSL_CONF_cmd(ctx, "Options", "-Compression") disables compression (now no-op by default). The command-line switch has changed from -no_comp to -comp. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 03 2月, 2016 4 次提交
-
-
由 Viktor Dukhovni 提交于
Also fix option processing in pkeyutl to allow use of (formerly) "out-of-order" switches that were needless implementation limitations. Handle documented "ENGINE" form with -keyform and -peerform. Better handling of OPENSSL_NO_ENGINE and OPENSSL_NO_RSA. RT2018 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 FdaSilvaYY 提交于
... related to engine_ref_debug macro. Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Richard Levitte 提交于
It turns out that the combination splitpath() could return an empty string for the directory part. This doesn't play well with catdir(). Reviewed-by: NRich Salz <rsalz@openssl.org>
-