- 19 Jun, 2017 1 commit
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3699)
-
- 16 Jun, 2017 1 commit
-
-
Richard Levitte authored
This new target is used to build all generated files and only that. This can be used to prepare everything that requires things like perl for a system that lacks perl and then move everything to that system and do the rest of the build there. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3695)
-
- 08 Jun, 2017 1 commit
-
-
Tomas Mraz authored
Fixes #3490 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3518)
-
- 02 Jun, 2017 1 commit
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3606)
-
- 31 May, 2017 1 commit
-
-
Richard Levitte authored
This can be used by engines that need to retain the data for a longer time than just the call where this user data is passed. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3575)
-
- 25 May, 2017 1 commit
-
-
Matt Caswell authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3546)
-
- 17 May, 2017 1 commit
-
-
Matt Caswell authored
An alert message is 2 bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such alerts across multiple records (some of which could be empty). In practice it make no sense to send an empty alert record, or to fragment one. TLSv1.3 prohibts this altogether and other libraries (BoringSSL, NSS) do not support this at all. Supporting it adds significant complexity to the record layer, and its removal is unlikely to cause inter-operability issues. The DTLS code for this never worked anyway and it is not supported at a protocol level for DTLS. Similarly fragmented DTLS handshake records only work at a protocol level where at least the handshake message header exists within the record. DTLS code existed for trying to handle fragmented handshake records smaller than this size. This code didn't work either so has also been removed. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3476)
-
- 27 Apr, 2017 1 commit
-
-
Matt Caswell authored
Enforcement of an SNI extension in the initial ClientHello is becoming increasingly common (e.g. see GitHub issue #2580). This commit changes s_client so that it adds SNI be default, unless explicitly told not to via the new "-noservername" option. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2614)
-
- 20 Apr, 2017 1 commit
-
-
Rich Salz authored
X509_STORE_add_cert and X509_STORE_add_crl are changed to return success if the object to be added was already found in the store, rather than returning an error. Raise errors if empty or malformed files are read when loading certificates and CRLs. Remove NULL checks and allow a segv to occur. Add error handing for all calls to X509_STORE_add_c{ert|tl} Refactor these two routines into one. Bring the unit test for duplicate certificates up to date using the test framework. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2830)
-
- 10 Apr, 2017 1 commit
-
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
-
- 07 Apr, 2017 1 commit
-
-
Rich Salz authored
Document thread-safety issues Have RSA_null return NULL (always fails) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2244)
-
- 30 Mar, 2017 1 commit
-
-
Andy Polyakov authored
'j' is specified as modifier for "greatest-width integer type", which in practice means 64 bits on both 32- and 64-bit platforms. Since we rely on __attribute__((__format__(__printf__,...))) to sanitize BIO_print format, we can use it to denote [u]int64_t-s in platform-neutral manner. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3083)
-
- 29 Mar, 2017 2 commits
-
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3064)
-
FdaSilvaYY authored
Fix some comments too [skip ci] Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3069)
-
- 28 Mar, 2017 1 commit
-
-
FdaSilvaYY authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3066)
-
- 15 Mar, 2017 1 commit
-
-
Richard Levitte authored
Just as for DH, DSA and RSA, this gives the engine associated with the key. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2960)
-
- 14 Mar, 2017 1 commit
-
-
Pauli authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2926)
-
- 13 Mar, 2017 1 commit
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2917)
-
- 02 Mar, 2017 1 commit
-
-
Andy Polyakov authored
[skip ci] Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- 28 Feb, 2017 2 commits
-
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2785)
-
Richard Levitte authored
This reimplementation was necessary before VMS C V7.1. Since that's the minimum version we support in this OpenSSL version, the reimplementation is no longer needed. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2762)
-
- 24 Feb, 2017 1 commit
-
-
Emilia Kasper authored
- Reject fractional seconds - Reject offsets - Check that the date/time digits are in valid range. - Add documentation for X509_cmp_time GH issue 2620 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- 16 Feb, 2017 1 commit
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- 01 Feb, 2017 1 commit
-
-
Todd Short authored
The core SipHash supports either 8 or 16-byte output and a configurable number of rounds. The default behavior, as added to EVP, is to use 16-byte output and 2,4 rounds, which matches the behavior of most implementations. There is an EVP_PKEY_CTRL that can control the output size. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2216)
-
- 26 Jan, 2017 1 commit
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- 28 Nov, 2016 1 commit
-
-
Emilia Kasper authored
Verify that the encrypt-then-mac negotiation is handled correctly. Additionally, when compiled with no-asm, this test ensures coverage for the constant-time MAC copying code in ssl3_cbc_copy_mac. The proxy-based CBC padding test covers that as well but it's nevertheless better to have an explicit handshake test for mac-then-encrypt. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- 13 Nov, 2016 1 commit
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1669)
-
- 10 Nov, 2016 1 commit
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- 02 Nov, 2016 1 commit
-
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- 01 Nov, 2016 1 commit
-
-
Rich Salz authored
This reverts commit ca1574ce . Not suitabled for a minor release as it breaks the ABI. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- 31 Oct, 2016 1 commit
-
-
Rich Salz authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
- 25 Oct, 2016 1 commit
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1767)
-
- 13 Oct, 2016 1 commit
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- 26 Sep, 2016 1 commit
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- 22 Sep, 2016 1 commit
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- 14 Sep, 2016 1 commit
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- 25 Aug, 2016 3 commits
-
-
Matt Caswell authored
EC DRBG support was added in 7fdcb457 in 2011 and then later removed. However the CHANGES entry for its original addition was left behind. This just removes the spurious CHANGES entry. Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- 24 Aug, 2016 1 commit
-
-
Rich Salz authored
Add CVE to CHANGES Reviewed-by: Emilia Käsper <emilia@openssl.org>
-