Skip to content
  1. Feb 03, 2016
    • Richard Levitte's avatar
      Refactoring BIO: add wrappers around sockaddr et al · 28a0841b
      Richard Levitte authored
      
      
      Because different platforms have different levels of support for IPv6,
      different kinds of sockaddr variants, and some have getaddrinfo et al
      while others don't, we could end up with a mess if ifdefs, duplicate
      code and other maintainance nightmares.
      
      Instead, we're introducing wrappers around the common form for socket
      communication:
      BIO_ADDR, closely related to struct sockaddr and some of its variants.
      BIO_ADDRINFO, closely related to struct addrinfo.
      
      With that comes support routines, both convenient creators and
      accessors, plus a few utility functions:
      
      BIO_parse_hostserv, takes a string of the form host:service and
      splits it into host and service.  It checks for * in both parts, and
      converts any [ipv6-address] syntax to ust the IPv6 address.
      
      BIO_lookup, looks up information on a host.
      
      All routines handle IPv4 (AF_INET) and IPv6 (AF_INET6) addresses, and
      there is support for local sockets (AF_UNIX) as well.
      
      Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
      28a0841b
    • Emilia Kasper's avatar
      RT4148 · ba2de73b
      Emilia Kasper authored
      
      
      Accept leading 0-byte in PKCS1 type 1 padding. Internally, the byte is
      stripped by BN_bn2bin but external callers may have other expectations.
      
      Reviewed-by: default avatarKurt <Roeckx&lt;kurt@openssl.org>
      ba2de73b
    • Michael Lee's avatar
    • Emilia Kasper's avatar
      RT3234: disable compression · dc5744cb
      Emilia Kasper authored
      
      
      CRIME protection: disable compression by default, even if OpenSSL is
      compiled with zlib enabled. Applications can still enable compression by
      calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using
      the SSL_CONF library to configure compression. SSL_CONF continues to
      work as before:
      
      SSL_CONF_cmd(ctx, "Options", "Compression") enables compression.
      
      SSL_CONF_cmd(ctx, "Options", "-Compression") disables compression (now
      no-op by default).
      
      The command-line switch has changed from -no_comp to -comp.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      dc5744cb
    • Viktor Dukhovni's avatar
      Fix pkeyutl/rsautl empty encrypt-input/decrypt-output handling · 0c20802c
      Viktor Dukhovni authored
      
      
      Also fix option processing in pkeyutl to allow use of (formerly)
      "out-of-order" switches that were needless implementation limitations.
      
      Handle documented "ENGINE" form with -keyform and -peerform.
      
      Better handling of OPENSSL_NO_ENGINE and OPENSSL_NO_RSA.
      
      RT2018
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      0c20802c
    • FdaSilvaYY's avatar
      fix code indentation issue · 43d6702d
      FdaSilvaYY authored
      
      
      ... related to engine_ref_debug macro.
      
      Signed-off-by: default avatarRich Salz <rsalz@akamai.com>
      Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
      43d6702d
  2. Feb 02, 2016
  3. Feb 01, 2016
  4. Jan 31, 2016
  5. Jan 30, 2016