- Jul 07, 2015
-
-
Richard Levitte authored
There's no reason why we should default to a output format that is old, and confusing in some cases. This affects the commands "ca", "crl", "req" and "x509". Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jul 06, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
In CCM mode don't require a tag before initialising decrypt: this allows the tag length to be set without requiring the tag. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jun 30, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Jun 29, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Jun 28, 2015
-
-
Kurt Roeckx authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Kurt Roeckx authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jun 25, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
PR#3923 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Jun 24, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Jun 23, 2015
-
-
Rich Salz authored
Move #include's inside the #ifdef. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
The PSK identity hint should be stored in the SSL_SESSION structure and not in the parent context (which will overwrite values used by other SSL structures with the same SSL_CTX). Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
We always free the handshake buffer when digests are freed so move it into ssl_free_digest_list() Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Rewrite ssl3_digest_cached_records handling. Only digest cached records if digest array is NULL: this means it is safe to call ssl3_digest_cached_records multiple times (subsequent calls are no op). Remove flag TLS1_FLAGS_KEEP_HANDSHAKE instead only update handshake buffer if digest array is NULL. Add additional "keep" parameter to ssl3_digest_cached_records to indicate if the handshake buffer should be retained after digesting cached records (needed for TLS 1.2 client authentication). Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rich Salz authored
Add secure heap for storage of private keys (when possible). Add BIO_s_secmem(), CBIGNUM, etc. Add BIO_CTX_secure_new so all BIGNUM's in the context are secure. Contributed by Akamai Technologies under the Corporate CLA. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Vitezslav Cizek authored
Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rich Salz authored
Found by Kurt Cancemi. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Russell Webb authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
A small rearrangement so the inclusion of rsaz_exp.h would be unconditional, but what that header defines becomes conditional. This solves the weirdness where rsaz_exp.h gets in and out of the dependency list for bn_exp.c, depending on the present architecture. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Typo in local variable name; introduced by previous fix. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jun 22, 2015
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
If RSA or DSA is disabled we will never use a ciphersuite with RSA/DSA authentication as it is already filtered out by the cipher list logic. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
As numerous comments indicate the certificate and key array is not an appopriate structure to store the peers certificate: so remove it and just the s->session->peer instead. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jun 21, 2015
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Since [sc]_ssl->[rw]bio aren't available, do not try to fiddle with them. Surely, a BIO_free on the "main" BIOs should be enough Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Construct bio_err and bio_stdout from file handles instead of FILE pointers, since the latter might not be implemented (when OPENSSL_NO_STDIO is defined). Convert all output to use BIO_printf. Change lh_foo to lh_SSL_SESSION_foo. Reviewed-by: Rich Salz <rsalz@openssl.org>
-