- May 12, 2014
-
-
Serguei E. Leontiev authored
Replace manual ASN.1 decoder with ASN1_get object. This will decode the tag and length properly and check against it does not exceed the supplied buffer length. PR#3335
-
Dr. Stephen Henson authored
-
Andy Polyakov authored
"Teaser" means that it's not integrated yet and purpose of this commit is primarily informational, to exhibit design choices, such as how to handle alignment and endianness. In other words it's proof-of-concept code that EVP module will build upon.
-
- May 11, 2014
-
-
Matt Caswell authored
-
Kurt Roeckx authored
-
Martin Brejcha authored
PR: 3327
-
Günther Noack authored
PR: 3317
-
Viktor Dukhovni authored
-
Matt Caswell authored
-
Tim Hudson authored
-
- May 10, 2014
-
-
Matt Caswell authored
-
- May 09, 2014
-
-
Dr. Stephen Henson authored
If the key type does not match any CMS recipient type return an error instead of using a random key (MMA mitigation). This does not leak any useful information to an attacker. PR#3348
-
Geoff Thorpe authored
The "-unix <path>" argument allows s_server and s_client to use a unix domain socket in the filesystem instead of IPv4 ("-connect", "-port", "-accept", etc). If s_server exits gracefully, such as when "-naccept" is used and the requested number of SSL/TLS connections have occurred, then the domain socket file is removed. On ctrl-C, it is likely that the stale socket file will be left over, such that s_server would normally fail to restart with the same arguments. For this reason, s_server also supports an "-unlink" option, which will clean up any stale socket file before starting. If you have any reason to want encrypted IPC within an O/S instance, this concept might come in handy. Otherwise it just demonstrates that there is nothing about SSL/TLS that limits it to TCP/IP in any way. (There might also be benchmarking and profiling use in this path, as unix domain sockets are much lower overhead than connecting over local IP addresses). Signed-off-by: Geoff...
-
- May 08, 2014
-
-
Tim Hudson authored
-
Tim Hudson authored
-
- May 07, 2014
-
-
Tim Hudson authored
-
Matt Caswell authored
-
- May 06, 2014
-
-
Geoff Thorpe authored
This patch resolves RT ticket #2608. Thanks to Robert Dugal for originally spotting this, and to David Ramos for noticing that the ball had been dropped. Signed-off-by: Geoff Thorpe <geoff@openssl.org>
-
Geoff Thorpe authored
The lazy-initialisation of BN_MONT_CTX was serialising all threads, as noted by Daniel Sands and co at Sandia. This was to handle the case that 2 or more threads race to lazy-init the same context, but stunted all scalability in the case where 2 or more threads are doing unrelated things! We favour the latter case by punishing the former. The init work gets done by each thread that finds the context to be uninitialised, and we then lock the "set" logic after that work is done - the winning thread's work gets used, the losing threads throw away what they've done. Signed-off-by: Geoff Thorpe <geoff@openssl.org>
-
Dr. Stephen Henson authored
PR#3289 PR#3345
-
Dr. Stephen Henson authored
-
- May 05, 2014
-
-
Tim Hudson authored
-
Geoff Thorpe authored
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
-
- May 04, 2014
-
-
Andy Polyakov authored
[MD5 is hardly relevant, just cleaning up repository]
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
sha/asm/sha256-armv4.pl: add ARMv8 code path.
-
Andy Polyakov authored
-
- May 03, 2014
-
-
David Ramos authored
PR: 3338
-
- May 02, 2014
-
-
Geoff Thorpe authored
Even though the meat of dso_vms.c is compiled out on non-VMS builds, the (pre-)compiler still traverses some of the macro handling. This trips up at least one non-VMS build configuration, so this commit makes the skip-VMS case more robust. Signed-off-by: Geoff Thorpe <geoff@openssl.org>
-
- May 01, 2014
-
-
Jeff Trawick authored
RT: 3304
-
- Apr 30, 2014
-
-
Matt Caswell authored
-
Geoff Thorpe authored
It's not clear whether this inconsistency could lead to an actual computation error, but it involved a BIGNUM being passed around the montgomery logic in an inconsistent state. This was found using flags -DBN_DEBUG -DBN_DEBUG_RAND, and working backwards from this assertion in 'ectest'; ectest: bn_mul.c:960: BN_mul: Assertion `(_bnum2->top == 0) || (_bnum2->d[_bnum2->top - 1] != 0)' failed Signed-off-by: Geoff Thorpe <geoff@openssl.org>
-
- Apr 29, 2014
-
-
Ben Laurie authored
-
- Apr 27, 2014
-
-
Matt Caswell authored
-
- Apr 26, 2014
-
-
Matt Caswell authored
-
Matt Caswell authored
-
Chris Rorvick authored
Signed-off-by: Chris Rorvick <chris@rorvick.com>
-
mancha authored
Specify -f is for compilation flags. Add -d to synopsis section. Closes #77.
-
mancha authored
Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey.
-