- 06 Dec, 2017 1 commit
-
-
Matt Caswell authored
Reviewed-by:Rich Salz <rsalz@openssl.org>
-
- 21 Nov, 2017 1 commit
-
-
Paul Yang authored
* Introduce RSA_generate_multi_prime_key to generate multi-prime RSA private key. As well as the following functions: RSA_get_multi_prime_extra_count RSA_get0_multi_prime_factors RSA_get0_multi_prime_crt_params RSA_set0_multi_prime_params RSA_get_version * Support EVP operations for multi-prime RSA * Support ASN.1 operations for multi-prime RSA * Support multi-prime check in RSA_check_key_ex * Support multi-prime RSA in apps/genrsa and apps/speed * Support multi-prime RSA manipulation functions * Test cases and documentation are added * CHANGES is updated Reviewed-by:Tim Hudson <tjh@openssl.org> Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4241)
-
- 12 Nov, 2017 1 commit
-
-
Josh Soref authored
Around 138 distinct errors found and fixed; thanks! Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
- 05 Nov, 2017 2 commits
-
-
Jack Lloyd authored
SM3 is a secure hash function which is part of the Chinese "Commercial Cryptography" suite of algorithms which use is required for certain commercial applications in China. Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4616)
-
FdaSilvaYY authored
Based on patch from Tomasz Moń: https://groups.google.com/forum/#!topic/mailing.openssl.dev/fQxXvCg1uQY Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
-
- 02 Nov, 2017 1 commit
-
-
Matt Caswell authored
Reviewed-by:Andy Polyakov <appro@openssl.org>
-
- 31 Oct, 2017 1 commit
-
-
Ronald Tse authored
Reviewed-by:
-
- 25 Oct, 2017 1 commit
-
-
Ronald Tse authored
Reviewed-by:
-
- 07 Oct, 2017 1 commit
-
-
Rich Salz authored
Rewrite the -req-nodes flag from CA.pl (idea from Andy) Rewrite ERR_string_error_n Reviewed-by:
-
- 30 Aug, 2017 1 commit
-
-
Jon Spillett authored
AEAD cipher mode implementation is based on that used for AES: https://tools.ietf.org/html/rfc5116 TLS GCM cipher suites as specified in: https://tools.ietf.org/html/rfc6209 Reviewed-by:
-
- 27 Aug, 2017 1 commit
-
-
Rich Salz authored
VisualStudio 6 and earlier aren't supported. Reviewed-by:
-
- 15 Aug, 2017 1 commit
-
-
Richard Levitte authored
This allows callers to set a mark, and then clear it without removing the errors. Useful in case an error is encountered that should be returned up the call stack. Reviewed-by:
-
- 07 Aug, 2017 1 commit
-
-
Rich Salz authored
Use atfork to count child forks, and reseed DRBG when the counts don't match. Reviewed-by:
-
- 25 Jul, 2017 1 commit
-
-
Andy Polyakov authored
Reviewed-by:
-
- 03 Jul, 2017 1 commit
-
-
Richard Levitte authored
Instead, make it possible to disable the console reader that's part of the UI module. This makes it possible to use the UI API and other UI methods in environments where the console reader isn't useful. To disable the console reader, configure with 'no-ui-console' / 'disable-ui-console'. 'no-ui' / 'disable-ui' is now an alias for 'no-ui-console' / 'disable-ui-console'. Fixes #3806 Reviewed-by:
-
- 29 Jun, 2017 1 commit
-
-
Richard Levitte authored
Reviewed-by:
-
- 28 Jun, 2017 1 commit
-
-
Richard Levitte authored
Reviewed-by:
-
- 27 Jun, 2017 1 commit
-
-
Richard Levitte authored
To make sure that our symbols don't clash with other libraries, we claim the namespaces OSSL and OPENSSL. Because C doesn't provide namespaces, the only solution is to have them as prefixes on symbols, thus we allow OSSL_ and OPENSSL_ as prefixes. These namespace prefixes are optional for the foreseeable future, and will only be used for new modules as needed on a case by case basis, until further notice. For extra safety, there's an added requirement that module names - apart from the namespace prefix - be at least 2 characters long. Reviewed-by:
-
- 19 Jun, 2017 1 commit
-
-
Rich Salz authored
Reviewed-by:
-
- 16 Jun, 2017 1 commit
-
-
Richard Levitte authored
This new target is used to build all generated files and only that. This can be used to prepare everything that requires things like perl for a system that lacks perl and then move everything to that system and do the rest of the build there. Reviewed-by:
-
- 08 Jun, 2017 1 commit
-
-
Tomas Mraz authored
Fixes #3490 Reviewed-by:
-
- 02 Jun, 2017 1 commit
-
-
Rich Salz authored
Reviewed-by:
-
- 31 May, 2017 1 commit
-
-
Richard Levitte authored
This can be used by engines that need to retain the data for a longer time than just the call where this user data is passed. Reviewed-by:
-
- 25 May, 2017 1 commit
-
-
Matt Caswell authored
Reviewed-by:
Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3546)
-
- 17 May, 2017 1 commit
-
-
Matt Caswell authored
An alert message is 2 bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such alerts across multiple records (some of which could be empty). In practice it make no sense to send an empty alert record, or to fragment one. TLSv1.3 prohibts this altogether and other libraries (BoringSSL, NSS) do not support this at all. Supporting it adds significant complexity to the record layer, and its removal is unlikely to cause inter-operability issues. The DTLS code for this never worked anyway and it is not supported at a protocol level for DTLS. Similarly fragmented DTLS handshake records only work at a protocol level where at least the handshake message header exists within the record. DTLS code existed for trying to handle fragmented handshake records smaller than this size. This code didn't work either so has also been removed. Reviewed-by:
-
- 27 Apr, 2017 1 commit
-
-
Matt Caswell authored
Enforcement of an SNI extension in the initial ClientHello is becoming increasingly common (e.g. see GitHub issue #2580). This commit changes s_client so that it adds SNI be default, unless explicitly told not to via the new "-noservername" option. Reviewed-by:
-
- 20 Apr, 2017 1 commit
-
-
Rich Salz authored
X509_STORE_add_cert and X509_STORE_add_crl are changed to return success if the object to be added was already found in the store, rather than returning an error. Raise errors if empty or malformed files are read when loading certificates and CRLs. Remove NULL checks and allow a segv to occur. Add error handing for all calls to X509_STORE_add_c{ert|tl} Refactor these two routines into one. Bring the unit test for duplicate certificates up to date using the test framework. Reviewed-by:
-
- 10 Apr, 2017 1 commit
-
-
Richard Levitte authored
Reviewed-by:
-
- 07 Apr, 2017 1 commit
-
-
Rich Salz authored
Document thread-safety issues Have RSA_null return NULL (always fails) Reviewed-by:
-
- 30 Mar, 2017 1 commit
-
-
Andy Polyakov authored
'j' is specified as modifier for "greatest-width integer type", which in practice means 64 bits on both 32- and 64-bit platforms. Since we rely on __attribute__((__format__(__printf__,...))) to sanitize BIO_print format, we can use it to denote [u]int64_t-s in platform-neutral manner. Reviewed-by:
-
- 29 Mar, 2017 2 commits
-
-
Richard Levitte authored
Reviewed-by:
-
FdaSilvaYY authored
Fix some comments too [skip ci] Reviewed-by:
-
- 28 Mar, 2017 1 commit
-
-
FdaSilvaYY authored
Reviewed-by:
-
- 15 Mar, 2017 1 commit
-
-
Richard Levitte authored
Just as for DH, DSA and RSA, this gives the engine associated with the key. Reviewed-by:
-
- 14 Mar, 2017 1 commit
-
-
Pauli authored
Reviewed-by:
-
- 13 Mar, 2017 1 commit
-
-
Richard Levitte authored
Reviewed-by:
-
- 02 Mar, 2017 1 commit
-
-
Andy Polyakov authored
[skip ci] Reviewed-by:
-
- 28 Feb, 2017 2 commits
-
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
This reimplementation was necessary before VMS C V7.1. Since that's the minimum version we support in this OpenSSL version, the reimplementation is no longer needed. Reviewed-by:
-
- 24 Feb, 2017 1 commit
-
-
Emilia Kasper authored
- Reject fractional seconds - Reject offsets - Check that the date/time digits are in valid range. - Add documentation for X509_cmp_time GH issue 2620 Reviewed-by:
-
