- Sep 21, 2017
-
-
Andy Polyakov authored
Detect clang even if it's disguised, e.g. cross-compiler or invoked by explicit path name, and add the option based on that. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4383)
-
Benjamin Kaduk authored
This option was lost when converting to a table-driven option parser in commit 7e1b7485 . Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4398)
-
- Sep 20, 2017
-
-
Dr. Stephen Henson authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)
-
Dr. Stephen Henson authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)
-
Dr. Stephen Henson authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)
-
Dr. Stephen Henson authored
Allo RSA certificate to be used for RSA-PSS signatures: this needs to be explicit because RSA and RSA-PSS certificates are now distinct types. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)
-
Dr. Stephen Henson authored
Recognise RSA-PSS certificate algorithm and add a new certificate type. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)
-
- Sep 19, 2017
-
-
David Benjamin authored
c2i_ASN1_BIT_STRING takes length as a long but uses it as an int. Check bounds before doing so. Previously, excessively large inputs to the function could write a single byte outside the target buffer. (This is unreachable as asn1_ex_c2i already uses int for the length.) Thanks to NCC for finding this issue. Fix written by Martin Kreichgauer. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4385)
-
- Sep 18, 2017
-
-
Pauli authored
Use the defined typechecking stack method to sort the compression methods stack rather than using the generic function and apply type casts. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4382)
-
- Sep 17, 2017
-
-
Pauli authored
Address coverity report of null pointer being dereferenced. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4381)
-
- Sep 15, 2017
-
-
Christian Heimes authored
OpenSSL 1.1.0 made SSL_CTX and SSL structs opaque and introduced a new API to set the minimum and maximum protocol version for SSL_CTX with TLS_method(). Add getters to introspect the configured versions: int SSL_CTX_get_min_proto_version(SSL_CTX *ctx); int SSL_CTX_get_max_proto_version(SSL_CTX *ctx); int SSL_get_min_proto_version(SSL *ssl); int SSL_get_max_proto_version(SSL *ssl); NOTE: The getters do not resolv the version in case when the minimum or maxium version are configured as '0' (meaning auto-select lowest and highst version number). Signed-off-by: Christian Heimes <christian@python.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4364)
-
- Sep 14, 2017
-
-
Pauli authored
Introduced by #4372 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4374)
-
Pauli authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4373)
-
Pauli authored
Also use strndup instead of a malloc/memcpy pair. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4372)
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4371)
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4371)
-
Benjamin Kaduk authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4369)
-
Paul Yang authored
[to be squashed] [skip ci] Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4356)
-
Paul Yang authored
1. make app pkey methods cleanup internal 2. add EVP_PKEY_meth_remove Fixes travis-ci failure in #4337 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4356)
-
Pauli authored
size_t variable. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4357)
-
Pauli authored
This reverts commit cc9c5689 for the file pbe_scrypt.c instead of scrypt.c Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4357)
-
Pauli authored
This reverts commit 1caaea13 . Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4357)
-
Pauli authored
This reverts commit a89c9a0d . Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4357)
-
- Sep 13, 2017
-
-
Benjamin Kaduk authored
The peek result is now called 'err', not just 'e'. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4362)
-
Paul Yang authored
A new method is added to EVP_PKEY_METH as: int (*check) (EVP_PKEY_CTX *ctx); and to EVP_PKEY_ASN1_METHOD as: int (*pkey_check) (EVP_PKEY_CTX *ctx); This is used to check the validity of a specific key. The order of calls is: EVP_PKEY_check -> pmeth.check -> ameth.pkey_check. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4337)
-
- Sep 12, 2017
-
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4359)
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4336)
-
Richard Levitte authored
Simply put, any NAME type OSS_STORE_INTO is a new object that can be looked into, and potentially lead to a whole tree of data to dive into. The recursive option allows someone to view the whole tree and its data in one go. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4336)
-
Richard Levitte authored
crypto/rand/rand_egd.c makes extensive use of stdio functions. When they are disabled, it makes sense to disable egd as well. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4358)
-
- Sep 11, 2017
-
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
multics authored
Fixes the typo CLA: trivial Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4354)
-
FdaSilvaYY authored
A fix formatting fixes. SSL Trace: internal constification - static trace tables - trace methods arguments SSL Trace: enhance error message when tracing an invalid extension packet ... instead of just "Message length parse error!". SSL trace: add Maximum-Fragment-Length TLS extension log support Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4353)
-
- Sep 09, 2017
-
-
Andy Polyakov authored
... script data load. On related note an attempt was made to merge rotations with logical operations. I mean as we know, ARM ISA has merged rotate-n-logical instructions which can be used here. And they were used to improve keccak1600-armv4 performance. But not here. Even though this approach resulted in improvement on Cortex-A53 proportional to reduction of amount of instructions, ~8%, it didn't exactly worked out on non-Cortex cores. Presumably because they break merged instructions to separate μ-ops, which results in higher *operations* count. X-Gene and Denver went ~20% slower and Apple A7 - 40%. The optimization was therefore dismissed. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Sep 08, 2017
-
-
David Benjamin authored
It is otherwise unclear what all the magic numbers mean. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4349)
-
David Benjamin authored
The instructions don't work. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4349)
-
David Benjamin authored
"Early callback" is a little ambiguous now that early data exists. Perhaps "ClientHello callback"? Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4349)
-
Richard Levitte authored
This allows completely arbitrary passphrases to be entered, including NUL bytes. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3821)
-