- 03 3月, 2016 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Handle KDF in ECDH_compute_key instead of requiring each implementation support it. This modifies the compute_key method: now it allocates and populates a buffer containing the shared secret. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Christian Heimes 提交于
This patch provides getters for default_passwd_cb and userdata for SSL and SSL_CTX. The getter functions are required to port Python's ssl module to OpenSSL 1.1.0. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 02 3月, 2016 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rob Percival 提交于
Specifies a callback that will, in the future, be used by the SSL code to decide whether to abort a connection on Certificate Transparency grounds. Reviewed-by: NBen Laurie <ben@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rob Percival 提交于
Tests included in future commit, which adds CT policy validation. Reviewed-by: NBen Laurie <ben@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 29 2月, 2016 5 次提交
-
-
由 Matt Caswell 提交于
Implementation experience has shown that the original plan for async wait fds was too simplistic. Originally the async logic created a pipe internally and user/engine code could then get access to it via API calls. It is more flexible if the engine is able to create its own fd and provide it to the async code. Another issue is that there can be a lot of churn in the fd value within the context of (say) a single SSL connection leading to continually adding and removing fds from (say) epoll. It is better if we can provide some stability of the fd value across a whole SSL connection. This is problematic because an engine has no concept of an SSL connection. This commit refactors things to introduce an ASYNC_WAIT_CTX which acts as a proxy for an SSL connection down at the engine layer. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
VisualStudio 2015 has a bug where an internal compiler error was occurring. By reordering the DEFINE_STACK_OF declarations for SSL_CIPHER and SSL_COMP until after the ssl3.h include everything seems ok again. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dr. Stephen Henson 提交于
Add X25519 to TLS supported curve list. Reject attempts to configure keys which cannot be used for signing. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Dr. Stephen Henson 提交于
Add a flag to EC_METHOD for curves which do not support signing. New function EC_KEY_can_sign() returns 1 is key can be used for signing. Return an explicit error is an attempt is made to sign with no signing curves. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Dr. Stephen Henson 提交于
Use standard X25519 and X448 names for OIDs. Delete EdDSA OIDs: for now they wont be used and EdDSA may use a different format. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 27 2月, 2016 3 次提交
-
-
由 FdaSilvaYY 提交于
Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Rob Percival 提交于
Reviewed-by: NBen Laurie <ben@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rob Percival 提交于
Reviewed-by: NBen Laurie <ben@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 26 2月, 2016 2 次提交
-
-
由 Alessandro Ghedini 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 25 2月, 2016 2 次提交
-
-
由 Emilia Kasper 提交于
The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory management semantics; the returned pointer was sometimes newly allocated, and sometimes owned by the callee. The calling code has no way of distinguishing these two cases. Specifically, SRP servers that configure a secret seed to hide valid login information are vulnerable to a memory leak: an attacker connecting with an invalid username can cause a memory leak of around 300 bytes per connection. Servers that do not configure SRP, or configure SRP but do not configure a seed are not vulnerable. In Apache, the seed directive is known as SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note that OpenSSL makes no strong guarantees about the indistinguishability of valid and invalid logins. In particular, computations are currently not carried out in constant time. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 23 2月, 2016 5 次提交
-
-
由 Rich Salz 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 David Woodhouse 提交于
Adding -nostdinc to the EDK2 showed that we were including <inttypes.h> for some UEFI builds, because the check for __STDC_VERSION__ happens before the check for OPENSSL_SYS_UEFI. Fix that. Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
The commit 1288f26f says that it fixes no-async, but instead seems to break it. Therefore revert that change and fix no-async. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 David Woodhouse 提交于
Provide an appropriate definition of PRIu64 for the EDK2 build, since we don't have <inttypes.h> there. Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 22 2月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 20 2月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
Adapted from BoringSSL. Added a test. The extension parsing code is already attempting to already handle this for some individual extensions, but it is doing so inconsistently. Duplicate efforts in individual extension parsing will be cleaned up in a follow-up. Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 19 2月, 2016 2 次提交
-
-
由 Viktor Szakats 提交于
crypto.h: honor no-filenames config setting in missing cases Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
All those flags existed because we had all the dependencies versioned in the repository, and wanted to have it be consistent, no matter what the local configuration was. Now that the dependencies are gone from the versioned Makefile.ins, it makes much more sense to use the exact same flags as when compiling the object files. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 18 2月, 2016 2 次提交
-
-
由 David Woodhouse 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Rich Salz 提交于
When OPENSSL_NO_ASYNC is set, make ASYNC_{un,}block_pause() do nothing. This prevents md_rand.c from failing to build. Probably better to do it this way than to wrap every instance in an explicit #ifdef. A bunch of new socket code got added to a new file crypto/bio/b_addr.c. Make it all go away if OPENSSL_NO_SOCK is defined. Allow configuration with no-ripemd, no-ts, no-ui We use these for the UEFI build. Also remove the 'Really???' comment from no-err and no-locking. We use those too. We need to drop the crypto/engine directory from the build too, and also set OPENSSL_NO_ENGINE Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 17 2月, 2016 3 次提交
-
-
由 David Woodhouse 提交于
Commit e634b448 ("Defines OSSL_SSIZE_MAX") introduced a definition of OSSL_SSIZE_MAX which broke the UEFI build. Fix that by making UEFI take the same definition as Ultrix (ssize_t == int). Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Richard Levitte 提交于
- Make use of the functions given through CRYPTO_set_mem_functions(). - CRYPTO_free(), CRYPTO_clear_free() and CRYPTO_secure_free() now receive __FILE__ and __LINE__. - The API for CRYPTO_set_mem_functions() and CRYPTO_get_mem_functions() is slightly changed, the implementation for free() now takes a couple of extra arguments, taking __FILE__ and __LINE__. - The CRYPTO_ memory functions will *always* receive __FILE__ and __LINE__ from the corresponding OPENSSL_ macros, regardless of if crypto-mdebug has been enabled or not. The reason is that if someone swaps out the malloc(), realloc() and free() implementations, we can't know if they will use them or not. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 16 2月, 2016 2 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 15 2月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
Reported in GH#684 Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 13 2月, 2016 3 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rob Percival 提交于
Removes SSIZE_MAX definition from bss_bio.c and changes that file to use OSSL_SSIZE_MAX. No need to account for OPENSSL_SYS_VXWORKS, since that never actually gets defined anywhere. It must be a historical artifact. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NBen Laurie <ben@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 12 2月, 2016 2 次提交
-
-
由 Rich Salz 提交于
To enable heartbeats for DTLS, configure with enable-heartbeats. Heartbeats for TLS have been completely removed. This addresses RT 3647 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT This is also RT 4181 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-