- Feb 19, 2015
-
-
Dr. Stephen Henson authored
Many applications require named curve parameter encoding instead of explicit parameter encoding (including the TLS library in OpenSSL itself). Set this encoding by default instead of requiring an explicit call to set it. Add OPENSSL_EC_EXPLICT_CURVE define. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Feb 14, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Feb 13, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Change BUF_MEM_grow and BUF_MEM_grow_clean to return size_t. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Add some EVP_PKEY test data for sign and verify tests including failure cases. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Add two new keywords "PublicKey" and "PrivateKey". These will load a key in PEM format from the lines immediately following the keyword and assign it a name according to the value. These will be used later for public and private key testing operations. Add tests for Sign, Verify, VerifyRecover and Decrypt. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
manually picked from e7b85bc40200961984925604ca444517359a6067 Reviewed-by: Stephen Henson <steve@openssl.org>
-
- Feb 12, 2015
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Graeme Perrow authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Clang via Jeffrey Walton authored
And remove backup definition of offsetof. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Eric Dequin authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Feb 11, 2015
-
-
Andy Polyakov authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Feb 10, 2015
-
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
When writing out the hint, if the hint > 0, then we write it out otherwise we skip it. Previously when reading the hint back in, if were expecting to see one (because the ticket length > 0), but it wasn't present then we set the hint to -1, otherwise we set it to 0. This fails to set the hint to the same as when it was written out. The hint should never be negative because the RFC states the hint is unsigned. It is valid for a server to set the hint to 0 (this means the lifetime is unspecified according to the RFC). If the server set it to 0, it should still be 0 when we read it back in. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
SSL_SESSION_get_ticket_lifetime_hint. The latter has been reported as required to fix Qt for OpenSSL 1.1.0. I have also added the former in order to determine whether a ticket is present or not - otherwise it is difficult to know whether a zero lifetime hint is because the server set it to 0, or because there is no ticket. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
From RFC4507: "The ticket_lifetime_hint field contains a hint from the server about how long the ticket should be stored. The value indicates the lifetime in seconds as a 32-bit unsigned integer in network byte order." Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Print usage message. Print expected and got values if mismatch. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Emilia Kasper authored
Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion and result in a negative return value, which the "x509 -checkhost" command-line option incorrectly interpreted as success. Also update X509_check_host docs to reflect reality. Thanks to Sean Burford (Google) for reporting this issue. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
./config --strict-warnings enable-deprecated Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
Mark them as such with OPENSSL_USE_DEPRECATED Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
In master OPENSSL_NO_DEPRECATED is the default anyway. By including it in --strict-warnings as well this means you cannot combine enable-deprecated with --strict-warnings. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Feb 09, 2015
-
-
Andy Polyakov authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Dr. Stephen Henson authored
Don't hard code NID_id_pbkdf2 in PBES2: look it up in PBE table. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-