- Nov 20, 2015
-
-
Dr. Stephen Henson authored
Use SHA256 for TSA and setted permitted digests to a sensible value. Based on PR#4141 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Based on PR#2145 Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 19, 2015
-
-
Dr. Stephen Henson authored
PR#4141 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- Nov 18, 2015
-
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Nov 17, 2015
-
-
Rich Salz authored
Final part of flushing out SSLEay API's. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
We use the sysconf function to provide details about the page size in the secure memory code. This function can return -1 on error so we should check for this before proceeding. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Matt Caswell authored
A call to X509_verify_cert() is used to build a chain of certs for the server to send back to the client. It isn't *actually* used for verifying the cert at all - just building the chain. Therefore the return value is ignored. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Matt Caswell authored
The |passwd| variable in the code can be NULL if it goes to the err label. Therefore we cannot call strlen on it without first checking that it is non NULL. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
- Nov 16, 2015
-
-
Andy Polyakov authored
The problem remained unnoticed so far, because it's never called by default. You have to craft OPENSSL_ppccap environment variable to trigger the problem. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Andy Polyakov authored
bn/asm/s390x.S: improve performance on z196 and z13 by up to 26%. [even z10 is couple percent faster]. Triggered by RT#4128, but solves the problem by real modulo-scheduling. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
It was also found that stich performs suboptimally on AMD Jaguar, hence execution is limited to XOP-capable and Intel processors. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
- Nov 15, 2015
-
-
Viktor Dukhovni authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Nov 14, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Print certificate details using accessor functions. Since X509_CERT_AUX_print is only used in one place and can't be used by applications (it uses an internal X509_CERT_AUX structure) this has been removed and replaced by a function X509_aux_print which takes an X509 pointer instead. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
This adds a TLSv1.0 cipher alias for ciphersuites requiring at least TLSv1.0: currently only PSK ciphersuites using SHA256 or SHA384 MAC (SSLv3 only supports SHA1 and MD5 MAC). Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
This disables some ciphersuites which aren't supported in SSL v3: specifically PSK ciphersuites which use SHA256 or SHA384 for the MAC. Thanks to the Open Crypto Audit Project for identifying this issue. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 13, 2015
-
-
Nathan Phillip Brink authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Graeme Perrow authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Signed-off-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 11, 2015
-
-
Andy Polyakov authored
Triggered by RT#3989. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 10, 2015
-
-
Matt Caswell authored
The new function SSL_use_certificate_chain_file was always crashing in the internal function use_certificate_chain_file because it would pass a NULL value for SSL_CTX *, but use_certificate_chain_file would unconditionally try to dereference it. Reviewed-by: Stephen Henson <steve@openssl.org>
-
- Nov 09, 2015
-
-
Matt Caswell authored
The function tls1_get_curvelist() has an explicit check to see if s->cert is NULL or not. However the check appears *after* calling the tls1_suiteb macro which derefs s->cert. In reality s->cert can never be NULL because it is created in SSL_new(). If the malloc fails then the SSL_new call fails and no SSL object is created. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
Continuing from previous work standardise use of malloc in the engine code. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Matt Caswell authored
continue on from previous commits but in the apps directory Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Matt Caswell authored
Continuing from previous commit ensure our style is consistent for malloc return checks. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Matt Caswell authored
if we have a malloc |x = OPENSSL_malloc(...)| sometimes we check |x| for NULL and sometimes we treat it as a boolean |if(!x) ...|. Standardise the approach in libssl. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Matt Caswell authored
The SSL object was being deref'd and then there was a later redundant check to see if it is NULL. We assume all SSL_foo functions pass a non NULL SSL object and do not check it. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
./Configure [target] --strict-warnings -Wno-pedantic-ms-format would not add '-pedantic' because it matches '-Wno-pedantic-ms-format', which was added first. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 08, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Nov 06, 2015
-
-
Matt Caswell authored
The SCTP code is not compiled by default. This fixes some compilation problems in that code. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
We were setting |s->renegotiate| and |s->new_session| to 0 twice in tls_finish_handshake. This is redundant so now we just do it once! Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-