- Oct 13, 2015
-
-
Dr. Stephen Henson authored
RFC5753 requires that we omit parameters for AES key wrap and set them to NULL for 3DES wrap. OpenSSL decrypt uses the received algorithm parameters so can transparently handle either form. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Alessandro Ghedini authored
Follow-up to f386742c . Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Alessandro Ghedini authored
Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
(part by Alessandro Ghedini) Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Oct 12, 2015
-
-
Matt Caswell authored
Previous OpenSSL versions used -set_serial, but master was using -set-serial - so rename it back to the old version. RT#4059 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Loading the config file after processing command line options can cause problems, e.g. where an engine provides new ciphers/digests these are not then recoginised on the command line. Move the default config file loading to before the command line option processing. Whilst we're doing this we might as well centralise this instead of doing it individually for each application. Finally if we do it before the OpenSSL_add_ssl_algorithms() call then ciphersuites provided by an engine (e.g. GOST) can be available to the apps. RT#4085 RT#4086 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
There used to be options -macopt and -sigopt in <=1.0.2 for the dgst command line app. These were incorrectly spelled as -macop and -sigop in master. RT#4072 Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Andy Polyakov authored
The option is not available in older toolchains and would cause breakage. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Oct 11, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
PR#4035 Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Oct 10, 2015
-
-
Dr. Stephen Henson authored
PR#4079 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Oct 09, 2015
-
-
Emilia Kasper authored
Note that this commit constifies a user callback parameter and therefore will break compilation for applications using this callback. But unless they are abusing write access to the buffer, the fix is trivial. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
Add the new ct directory to mkfiles.pl and fix the ct Makefile Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Adam Eijdenberg authored
Original authors: Rob Stradling <rob@comodo.com> Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Emilia Kasper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Oct 08, 2015
-
-
Emilia Kasper authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
mkdef.pl was getting confused by: # ifdef OPENSSL_NO_RMD160 # error RIPEMD is disabled. # endif Changing RIPEMD to RMD160 solves it. Fix suggested by Steve Henson. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
The function int_rsa_verify is an internal function used for verifying an RSA signature. It takes an argument |dtype| which indicates the digest type that was used. Dependant on that digest type the processing of the signature data will vary. In particular if |dtype == NID_mdc2| and the signature data is a bare OCTETSTRING then it is treated differently to the default case where the signature data is treated as a DigestInfo (X509_SIG). Due to a missing "else" keyword the logic actually correctly processes the OCTETSTRING format signature first, and then attempts to continue and process it as DigestInfo. This will invariably fail because we already know that it is a bare OCTETSTRING. This failure doesn't actualy make a real difference because it ends up at the |err| label regardless and still returns a "success" result. This patch just cleans things up to make it look a bit more sane. RT#4076 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Oct 07, 2015
-
-
Pascal Cuoq authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> MR #1231
-
Pascal Cuoq authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> MR #1231
-
Pascal Cuoq authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> MR #1231
-
Pascal Cuoq authored
It returns -1 on error, not 0. Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> MR #1231
-
Pascal Cuoq authored
BN_with_flags() will read the dest->flags to keep the BN_FLG_MALLOCED but overwrites everything else. Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> MR #1231
-
Matt Caswell authored
The function ssl_check_for_safari fingerprints the incoming extensions to see whether it is one of the broken versions of safari. However it was failing to reset the PACKET back to the same position it started in, hence causing some extensions to be skipped incorrectly. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Oct 06, 2015
-
-
Alessandro Ghedini authored
-Allow mingw debug builds to fail on Travis CI -Fix Travis email notifications config -Rename a variable to avoid a bogus warning with old GCC error: declaration of ``dup'' shadows a global declaration [-Werror=shadow] -Disable pedantic ms-format warnings with mingw -Properly define const DH parameters -Restore --debug flag in Travis CI builds; -d would get incorrectly passed to ./Configure in mingw debug builds. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Oct 05, 2015
-
-
Dmitry Belyavskiy authored
This change introduces short names and NIDs for Russian GOST ciphers according to GOST R 34.13-2015 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Alessandro Ghedini authored
RT#4069 Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
The user callback takes a non-const pointer, so don't pass PACKET data to it directly; rather, grab a local copy. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
Fix alerts. Reviewed-by: Matt Caswell <matt@openssl.org>
-