- 03 4月, 2016 19 次提交
-
-
由 Viktor Dukhovni 提交于
A new X509_VERIFY_PARAM_set_auth_level() function sets the authentication security level. For verification of SSL peers, this is automatically set from the SSL security level. Otherwise, for now, the authentication security level remains at (effectively) 0 by default. The new "-auth_level" verify(1) option is available in all the command-line tools that support the standard verify(1) options. New verify(1) tests added to check enforcement of chain signature and public key security levels. Also added new tests of enforcement of the verify_depth limit. Updated documentation. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Richard Levitte 提交于
Two renamed functions were forgotten in util/libcrypto.num Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
Also fixed a style issue Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
Numerous fixups based on feedback of the DSA opacity changes. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
A number of getters/setters have been added for examining DSA objects, as well as a whole set of functions for creating and buildingup DSA_METHODs. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
Move the dsa_method structure out of the public header file, and provide getter and setter functions for creating and modifying custom DSA_METHODs. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
Move the dsa_st structure out of the public header file. Add some accessor functions to enable access to the internal fields, and update all internal usage to use the new functions. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Within OpenSSL::Test, all commands end up existing in two variants, one that has redirections that are needed internally to work well together with the test harness, and one without those redirections. Depending on what the result is going to be used for, the caller may want one for or the other, so we give them the possibility. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Kirill Marinushkin 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Kirill Marinushkin 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Kirill Marinushkin 提交于
Currently on every BIO mem read operation the remaining data is reallocated. This commit solves the issue. BIO mem structure includes additional pointer to the read position. On every read the pointer moves instead of reallocating the memory for the remaining data. Reallocation accures before write and some ioctl operations, if the read pointer doesn't point on the beginning of the buffer. Also the flag is added to rewind the read pointer without losing the data. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Mat 提交于
InitOnceExecuteOnce returns nonzero on success: MSDN: "If the function succeeds, the return value is nonzero." So return 1 if it is nonzero, 0 others. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
The logic to find out of there are any .d files newer than Makefile is sound. Checking the result was less so. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Don't decode a public key in X509_PUBKEY_get0(): that is handled when the key is parsed using x509_pubkey_decode() instead. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 02 4月, 2016 2 次提交
-
-
由 Coty Sutherland 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 01 4月, 2016 6 次提交
-
-
由 Richard Levitte 提交于
Reverts commit 087ca80a Instead of battling the odd format of argv given to main() in default P64 mode, tell the compiler to make it an array of 64-bit pointers when compiling in P64 mode. A note is added in NOTES.VMS regarding minimum DEC C version. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Richard Levitte 提交于
- In Configure, register the perl interpreter used to run Configure, so that's the one being used throughout instead of something else that Configure happens to find. This is helpful for using a perl version that's not necessarely first in $PATH: /opt/perl/5.22.1/bin/perl ./Configure - Make apps/tsget a generated file, just like apps/CA.pl, so the perl interpreter registered by Configure becomes the hashbang path instead of a hardcoded /usr/bin/perl Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Andy Polyakov 提交于
This minimizes inter-block overhead. Performance gain naturally varies from case to case, up to 10% was spotted so far. There is one thing to recognize, given same circumstances gain would be higher faster computational part is. Or in other words biggest improvement coefficient would have been observed with assembly. Reviewed-by: NEmilia Käsper <emilia@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
On the other hand, have run() display the display variant. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Because some operating systems have executable extensions, typically ".exe", we need to append it when looking for files in test() and app() (or rather, their subroutines). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 31 3月, 2016 13 次提交
-
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
CRYPTO_mem_leaks attempts to adjust the count of bytes leaks to not include the BIO that is being used to print the results out. However this does not work properly. In all internal cases we switch off recording the memory allocation during creation of the BIO so it makes no difference. In other cases if the BIO allocates any additional memory during construction then the adjustment will be wrong anyway. It also skips over the BIO memory during print_leak anyway, so the BIO memory is never added into the total. In other words this was broken in lots of ways and has been since it was first added. The simplest solution is just to make it the documented behaviour that you must turn off memory logging when creating the BIO, and remove all the adjustment stuff completely. The adjustment code was only ever in master and never made it to a release branch so there is no loss of functionality. This commit also fixes a compilation failure when using enable-crypto-mdebug. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Ben Laurie 提交于
Fix buffer overrun in asn1_get_length(). Reproducer: asn1parse-reproduce crash-6bfd417f47bc940f6984f5e639b637fd4e6074bc Fix length calculations. Reproducer: asn1parse-reproduce crash-1819d0e54cd2b0430626c59053e6077ef04c2ffb Reproducer: asn1parse-reproduce crash-9969db8603e644ddc0ba3459b51eac7a2c4b729b Make i long. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
The argument 'argv' in 'main' is a short pointer to a short pointer on VMS, regardless of initial pointer size. We must therefore make sure that 'copy_argv' gets a 32-bit pointer for argv, and that the copied argv is used for the rest of main(). This introduces the local type argv_t, which will have correct pointer size in all cases (and be harmless on all other platforms) as well as the macro Argv, which is defined as 'copied_argv' or 'argv', as the case may be. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Richard Levitte 提交于
setbuf() is only for 32-bit pointers. If compiled with /POINTER_SIZE=64, we get a nasty warning about possible loss of data. However, since the only pointer used in the call is a FILE *, and the C RTL shouldn't give us a pointer above the first 4GB, it's safe to turn off the warning for this call. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Richard Levitte 提交于
On VMS, the C compiler can work with 32-bit and 64-bit pointers, and the command line determines what the initial pointer size shall be. However, there is some functionality that only works with 32-bit pointers. In this case, it's gethostbyname(), getservbyname() and accompanying structures, so we need to make sure that we define our own pointers as 32-bit ones. Furthermore, there seems to be a bug in VMS C netdb.h, where struct addrinfo is always defined with 32-bit pointers no matter what, but the functions handling it are adapted to the initial pointer size. This leads to pointer size warnings when compiling with /POINTER_SIZE=64. The workaround is to force struct addrinfo to be the 64-bit variant if the initial pointer size is 64. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Richard Levitte 提交于
'proto' wasn't properly used as a fallback in all appropriate cases. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
It displays the command's exit code as well. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Richard Levitte 提交于
If the command file that app(), test(), perlapp(9 and perltest() are looking for doesn't exist in the build tree, look for it in the source tree as well. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Richard Levitte 提交于
Since OpenSSL::Test only redirects stderr to /dev/null when being run through non-verbose test harness, this change allows the stderr output to be displayed when verbosity is requested. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Richard Levitte 提交于
The intention with that option is to allow extra flags to the perl interpreter itself. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-