1. 28 9月, 2019 2 次提交
  2. 10 9月, 2019 2 次提交
  3. 01 8月, 2019 1 次提交
  4. 18 7月, 2019 1 次提交
  5. 17 7月, 2019 1 次提交
  6. 02 7月, 2019 1 次提交
  7. 28 5月, 2019 1 次提交
  8. 10 4月, 2019 1 次提交
  9. 29 3月, 2019 1 次提交
  10. 26 2月, 2019 1 次提交
  11. 05 2月, 2019 1 次提交
  12. 25 1月, 2019 1 次提交
  13. 21 1月, 2019 1 次提交
  14. 08 1月, 2019 1 次提交
    • V
      More configurable crypto and ssl library initialization · 25eb9299
      Viktor Dukhovni 提交于
      1.  In addition to overriding the default application name,
          one can now also override the configuration file name
          and flags passed to CONF_modules_load_file().
      
      2.  By default we still keep going when configuration file
          processing fails.  But, applications that want to be
          strict about initialization errors can now make explicit
          flag choices via non-null OPENSSL_INIT_SETTINGS that omit
          the CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far
          been both undocumented and unused).
      
      3.  In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG
          if the options already include OPENSSL_INIT_NO_LOAD_CONFIG.
      
      4.  Don't set up atexit() handlers when called with opts equal to
          OPENSSL_INIT_BASE_ONLY (this flag should only be used alone).
      Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/7969)
      25eb9299
  15. 05 1月, 2019 1 次提交
  16. 30 11月, 2018 1 次提交
  17. 04 11月, 2018 1 次提交
  18. 24 9月, 2018 1 次提交
  19. 11 9月, 2018 1 次提交
  20. 26 8月, 2018 1 次提交
  21. 16 8月, 2018 1 次提交
  22. 07 8月, 2018 1 次提交
  23. 25 7月, 2018 1 次提交
  24. 16 7月, 2018 1 次提交
  25. 22 6月, 2018 1 次提交
  26. 05 4月, 2018 1 次提交
    • M
      Move the loading of the ssl_conf module to libcrypto · d8f031e8
      Matt Caswell 提交于
      The GOST engine needs to be loaded before we initialise libssl. Otherwise
      the GOST ciphersuites are not enabled. However the SSL conf module must
      be loaded before we initialise libcrypto. Otherwise we will fail to read
      the SSL config from a config file properly.
      
      Another problem is that an application may make use of both libcrypto and
      libssl. If it performs libcrypto stuff first and OPENSSL_init_crypto()
      is called and loads a config file it will fail if that config file has
      any libssl stuff in it.
      
      This commit separates out the loading of the SSL conf module from the
      interpretation of its contents. The loading piece doesn't know anything
      about SSL so this can be moved to libcrypto. The interpretation of what it
      means remains in libssl. This means we can load the SSL conf data before
      libssl is there and interpret it when it later becomes available.
      
      Fixes #5809
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5818)
      d8f031e8
  27. 27 3月, 2018 1 次提交
  28. 16 3月, 2018 1 次提交
  29. 10 3月, 2018 1 次提交
    • D
      RAND_DRBG: add a function for setting the reseeding defaults · 4917e911
      Dr. Matthias St. Pierre 提交于
      The introduction of thread local public and private DRBG instances (#5547)
      makes it very cumbersome to change the reseeding (time) intervals for
      those instances. This commit provides a function to set the default
      values for all subsequently created DRBG instances.
      
       int RAND_DRBG_set_reseed_defaults(
                                         unsigned int master_reseed_interval,
                                         unsigned int slave_reseed_interval,
                                         time_t master_reseed_time_interval,
                                         time_t slave_reseed_time_interval
                                         );
      
      The function is intended only to be used during application initialization,
      before any threads are created and before any random bytes are generated.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5576)
      4917e911
  30. 27 2月, 2018 1 次提交
  31. 22 2月, 2018 1 次提交
  32. 20 2月, 2018 1 次提交
  33. 15 2月, 2018 1 次提交
    • D
      DRBG: make locking api truly private · 812b1537
      Dr. Matthias St. Pierre 提交于
      In PR #5295 it was decided that the locking api should remain private
      and used only inside libcrypto. However, the locking functions were added
      back to `libcrypto.num` by `mkdef.pl`, because the function prototypes
      were still listed in `internal/rand.h`. (This header contains functions
      which are internal, but shared between libcrypto and libssl.)
      
      This commit moves the prototypes to `rand_lcl.h` and changes the names
      to lowercase, following the convention therein. It also corrects an
      outdated documenting comment.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5375)
      812b1537
  34. 14 2月, 2018 3 次提交
    • D
      DRBG: make the derivation function the default for ctr_drbg · 8164d91d
      Dr. Matthias St. Pierre 提交于
      The NIST standard presents two alternative ways for seeding the
      CTR DRBG, depending on whether a derivation function is used or not.
      In Section 10.2.1 of NIST SP800-90Ar1 the following is assessed:
      
        The use of the derivation function is optional if either an
        approved RBG or an entropy source provides full entropy output
        when entropy input is requested by the DRBG mechanism.
        Otherwise, the derivation function shall be used.
      
      Since the OpenSSL DRBG supports being reseeded from low entropy random
      sources (using RAND_POOL), the use of a derivation function is mandatory.
      For that reason we change the default and replace the opt-in flag
      RAND_DRBG_FLAG_CTR_USE_DF with an opt-out flag RAND_DRBG_FLAG_CTR_NO_DF.
      This change simplifies the RAND_DRBG_new() calls.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5294)
      8164d91d
    • D
      DRBG: unify initialization and cleanup code · 4f9dabbf
      Dr. Matthias St. Pierre 提交于
      The functions drbg_setup() and drbg_cleanup() used to duplicate a lot of
      code from RAND_DRBG_new() and RAND_DRBG_free(). This duplication has been
      removed, which simplifies drbg_setup() and makes drbg_cleanup() obsolete.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5294)
      4f9dabbf
    • D
      DRBG: add locking api · 3ce1c27b
      Dr. Matthias St. Pierre 提交于
      This commit adds three new accessors to the internal DRBG lock
      
         int RAND_DRBG_lock(RAND_DRBG *drbg)
         int RAND_DRBG_unlock(RAND_DRBG *drbg)
         int RAND_DRBG_enable_locking(RAND_DRBG *drbg)
      
      The three shared DRBGs are intended to be used concurrently, so they
      have locking enabled by default. It is the callers responsibility to
      guard access to the shared DRBGs by calls to RAND_DRBG_lock() and
      RAND_DRBG_unlock().
      
      All other DRBG instances don't have locking enabled by default, because
      they are intendended to be used by a single thread. If it is desired,
      locking can be enabled by using RAND_DRBG_enable_locking().
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5294)
      3ce1c27b
  35. 13 2月, 2018 1 次提交
  36. 11 2月, 2018 1 次提交