- Dec 07, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
and engage it in most modules. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Dec 06, 2015
-
-
Viktor Dukhovni authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
- Dec 05, 2015
-
-
Kurt Roeckx authored
Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #364
-
- Dec 04, 2015
-
-
Kurt Roeckx authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Kurt Roeckx authored
SSL_{CTX}_set_tmp_ecdh() allows to set 1 EC curve and then tries to use it. On the other hand SSL_{CTX_}set1_curves() allows you to set a list of curves, but only when SSL_{CTX_}set_ecdh_auto() was called to turn it on. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Kurt Roeckx authored
This only gets used to set a specific curve without actually checking that the peer supports it or not and can therefor result in handshake failures that can be avoided by selecting a different cipher. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
The new state machine code missed an allowed transition when resuming a session via EAP FAST. This commits adds the missing check for the transition. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Running 'make TEST=test_ordinals test' starts the whole build process, which wasn't desired for this target. Instead, we take a shortcut. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Dec 03, 2015
-
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
RT#4162 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Dec 02, 2015
-
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
'./Configure reconf' hasn't been working for a while, because a perl lable needs to be immediately followed by a block. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Dr. Stephen Henson authored
Remove RSA_FLAG_SIGN_VER: this was origininally used to retain binary compatibility after RSA_METHOD was extended to include rsa_sign and rsa_verify fields. It is no longer needed. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
The contents of this variable ($memleak_devteam_backtrace) is added to $cflags unless we build for a platform we know doesn't support gcc's -rdynamic och backtrace() and friends. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Remove sign/verify and required_pkey_type fields of EVP_MD: these are a legacy from when digests were linked to public key types. All signing is now handled by the corresponding EVP_PKEY_METHOD. Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms already block unsupported types. Remove now obsolete EVP_dss1() and EVP_ecdsa(). Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Catch a common 'make update' failure: conflicting ordinals. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
The feature_test_macros(7) manual tells us that _BSD_SOURCE is deprecated since glibc 2.20 and that the compiler will warn about it being used, unless _DEFAULT_SOURCE is defined as well. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
This is an option for builds with gcc and --strict-warnings. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Main goal was to improve performance on RISC platforms, e.g. 10% was measured on MIPS, POWER8... Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
and CRYPTO_ocb128_encrypt to handle in==out. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Dec 01, 2015
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Add CRYPTO_free_ex_index (for shared libraries) Unify and complete the documentation for all "ex_data" API's and objects. Replace xxx_get_ex_new_index functions with a macro. Added an exdata test. Renamed the ex_data internal datatypes. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 30, 2015
-
-
Rich Salz authored
Rename it to be an internal function bn_init. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
Don't hard code EVP_sha* etc for signature algorithms: use table indices instead. Add SHA224 and SHA512 to tables. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- Nov 28, 2015
-
-
Viktor Dukhovni authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Nov 27, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Change handshake hash array into a single digest context simplifying the handhake hash code. Use EVP_md5_sha1() if needed for handshake hashes in TLS 1.1 and earlier. Simplify PRF code to also use a single digest and treat EVP_md5_sha1() as a special case. Modify algorithm2 field of ciphers to use a single index value for handshake hash and PRF instead of a bitmap. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Various updates following feedback from the recent commit of the new GOST2012 code. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Nov 26, 2015
-
-
Dr. Stephen Henson authored
Now that X509_VERIFY_PARAM is opaque X509_VERIFY_PARAM_ID is no longer needed. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
The SRP_create_verifier_BN function goes to the |err| label if the |salt| value passed to it is NULL. It is then deref'd. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Following on from the previous commit this adds some documentation for the BN_with_flags function which is easy to misuse. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
The function rsa_ossl_mod_exp uses the function BN_with_flags to create a temporary copy (local_r1) of a BIGNUM (r1) with modified flags. This temporary copy shares some state with the original r1. If the state of r1 gets updated then local_r1's state will be stale. This was occurring in the function so that when local_r1 was freed a call to bn_check_top was made which failed an assert due to the stale state. To resolve this we must free local_r1 immediately after we have finished using it and not wait until the end of the function. This problem prompted a review of all BN_with_flag usage within the codebase. All other usage appears to be correct, although often not obviously so. This commit refactors things to make it much clearer for these other uses. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-