- 03 5月, 2018 9 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6113)
-
由 Matt Caswell 提交于
The max protocol version was only being set on the server side. It should have been done on both the client and the server. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6113)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6113)
-
由 Matt Caswell 提交于
The ciphers field in a session contains the stack of ciphers offered by the client. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6113)
-
由 Matt Caswell 提交于
The function SSL_get_shared_ciphers() is supposed to return ciphers shared by the client and the server. However it only ever returned the client ciphers. Fixes #5317 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6113)
-
由 FdaSilvaYY 提交于
No need to buildtest on opensslconf.h Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6149)
-
由 Andy Polyakov 提交于
Montgomery multiplication post-conditions in some of code paths were formally non-constant time. Cache access pattern was result-neutral, but a little bit asymmetric, which might have produced a signal [if processor reordered load and stores at run-time]. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6141)
-
由 FdaSilvaYY 提交于
... and unify 'bits' declarations and printing format. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6132)
-
由 Dr. Matthias St. Pierre 提交于
which is used for ASN1_STRING_print_ex*() and X509_NAME_print_ex*(). Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6105)
-
- 02 5月, 2018 4 次提交
-
-
由 Richard Levitte 提交于
rand_pool_bytes_needed() was constructed in such a way that the smallest acceptable entropy factor was 1 entropy bits per 8 bits of data. At the same time, we have a DRBG_MINMAX_FACTOR that allows weaker source, as small as 1 bit of entropy per 128 bits of data. The conclusion is that rand_pool_bytes_needed() needs to change to support weaker entropy sources. We therefore change the input of entropy per byte to be an entropy factor instead. This entropy factor expresses how many bits of data it takes (on average) to get 1 bit of entropy. Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6150)
-
由 Matt Caswell 提交于
Fixes #4237 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/6143)
-
由 Pavel Kopyl 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4700)
-
由 Benjamin Kaduk 提交于
Commit d316cdcf introduced some extra checks into the session-cache update procedure, intended to prevent the caching of sessions whose resumption would lead to a handshake failure, since if the server is authenticating the client, there needs to be an application-set "session id context" to match up to the authentication context. While that change is effective for its stated purpose, there was also some collatoral damage introduced along with the fix -- clients that set SSL_VERIFY_PEER are not expected to set an sid_ctx, and so their usage of session caching was erroneously denied. Fix the scope of the original commit by limiting it to only acting when the SSL is a server SSL. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5967)
-
- 01 5月, 2018 7 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6124)
-
由 Matt Caswell 提交于
Fixes #5061 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6139)
-
由 Matt Caswell 提交于
Specifically this is not supported with an even modulus and BN_FLG_CONSTTIME. Fixes #5082 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6137)
-
由 Matt Caswell 提交于
Fixes #5063 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6134)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6145)
-
- 30 4月, 2018 3 次提交
-
-
由 Kurt Roeckx 提交于
Fixes: #6046 Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #6125
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6106)
-
由 Andy Polyakov 提交于
Rationale for enforcing no-engine is because of disconnect between compile-time config and run-time, which is a per-application sandbox directory which one can't predict in advance. Besides, none of the bundled engines actually give an edge on iOS... Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6106)
-
- 29 4月, 2018 1 次提交
-
-
由 Bernd Edlinger 提交于
Fixes: #6120 Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6123)
-
- 27 4月, 2018 10 次提交
-
-
由 Bernd Edlinger 提交于
Fixes: #6081 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6089)
-
由 Matt Caswell 提交于
Make it clear that you should not attempt to get the version before the first handshake is complete. Fixes #2893 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6013)
-
由 Richard Levitte 提交于
Fixes #6098 Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6104)
-
由 Billy Brumley 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6099)
-
由 Dr. Matthias St. Pierre 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6094)
-
由 Richard Levitte 提交于
To my surprise, it turns out that on OpenVMS, opening './' (which is translated to '[]') for writing actually creates a file, '[].'. On OpenVMS, this is a perfectly valid file with no name or extension, just the delimiter between the two. Because of the mess the exception would generate in the test recipe, it gets refactored again, to clearly separate each test inside it, and use skips to avoid some of them (that makes it clear that they are skipped and why, when running the recipe). Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6100)
-
由 Rich Salz 提交于
Add a script to find them in the future Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/6103)
-
由 Bernd Edlinger 提交于
Fixes: #5950 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6038)
-
由 Bernd Edlinger 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5964)
-
由 FdaSilvaYY 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6085)
-
- 26 4月, 2018 6 次提交
-
-
由 Matt Caswell 提交于
Note that calling the *use_certificate* functions will replace any existing certificate of the same type. The same thing applies for private keys. Fixes #2147 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6092)
-
由 Matt Caswell 提交于
SSL_kANY, and SSL_aANY were placed in the wrong fields. It makes no functional difference since these macros evaluate to 0 anyway, which is the correct value for these fields. Fixes #6048 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6095)
-
由 Richard Levitte 提交于
get_last_sys_error() already exists, so there's no need for yet another macro that fulfills the same purpose. Fixes #4120 Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6088)
-
由 Richard Levitte 提交于
Add a bit more commentary to explain what's going on. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6080)
-
由 Richard Levitte 提交于
That error is already caught by EVP_read_pw_string_min, and causes this function to return -1, so the code detecting too short passwords in this function is practically dead. Fixes #5465 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6080)
-
由 Richard Levitte 提交于
Fixes #6083 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6084)
-