- Jun 17, 2016
-
-
Matt Caswell authored
Previously we would try %RANDFILE%, then %HOME% and finally "C:". Unfortunately this often ends up being "C:" which the user may not have write permission for. Now we try %RANDFILE% first, and then the same set of environment vars as GetTempFile() uses, i.e. %TMP%, then %TEMP%, %USERPROFILE% and %SYSTEMROOT%. If all else fails we fall back to %HOME% and only then "C:". Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jun 16, 2016
-
-
Matt Caswell authored
Previously EVP_EncodeUpdate returned a void. However there are a couple of error conditions that can occur. Therefore the return type has been changed to an int, with 0 indicating error and 1 indicating success. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jun 06, 2016
-
-
Matt Caswell authored
The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch off the constant time implementation for RSA, DSA and DH have been made no-ops and deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jun 01, 2016
-
-
Rich Salz authored
RT2630 -- segfault for int overlow RT2877 -- check return values in apps/rand Update CHANGES file for previous "windows rand" changes. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- May 20, 2016
-
-
Rich Salz authored
Rename sk_xxx to OPENSSL_sk_xxx and _STACK to OPENSSL_STACK Rename lh_xxx API to OPENSSL_LH_xxx and LHASH_NODE to OPENSSL_LH_NODE Make lhash stuff opaque. Use typedefs for function pointers; makes the code simpler. Remove CHECKED_xxx macros. Add documentation; remove old X509-oriented doc. Add API-compat names for entire old API Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- May 16, 2016
-
-
FdaSilvaYY authored
Add a status return value instead of void. Add some sanity checks on reference counter value. Update the docs. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
- May 12, 2016
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
While it seemed like a good idea to have this file once upon a time, this kind of file belongs with the package maintainer rather than in our source. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
This makes it possible to just run ./config on a x86_64 machine with no extra fuss. RT#4356 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- May 11, 2016
-
-
Dr. Stephen Henson authored
Update pkcs8 utility to use 256 bit AES using SHA256 by default. Update documentation. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- May 10, 2016
-
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- May 09, 2016
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- May 05, 2016
-
-
Rich Salz authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
FdaSilvaYY authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> GH: #1021
-
- May 03, 2016
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- May 02, 2016
-
-
Richard Levitte authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
- Apr 15, 2016
-
-
Rich Salz authored
Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP, and X509_LOOKUP_METHOD opaque. Remove unused X509_CERT_FILE_CTX Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Apr 14, 2016
-
-
Matt Caswell authored
In most cases we expect that people will be using shared libraries not static ones, therefore we make that the default. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Apr 13, 2016
-
-
Matt Caswell authored
Document removal of no-aes, no-hmac, no-rsa, no-sha and no-md5. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Apr 09, 2016
-
-
Emilia Kasper authored
In Travis, do --strict-warnings on BUILDONLY configurations. This ensures that the tests run even if --strict-warnings fail, and avoids hiding unrelated test failures. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Apr 06, 2016
-
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Apr 02, 2016
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
-
- Mar 29, 2016
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Mar 21, 2016
-
-
Matt Caswell authored
Rijndael is an old name for AES. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Richard Levitte authored
This removes all scripts that deal with MINFO as well, since that's only used by mk1mf. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Mar 20, 2016
-
-
Rich Salz authored
Don't have #error statements in header files, but instead wrap the contents of that file in #ifndef OPENSSL_NO_xxx This means it is now always safe to include the header file. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Mar 17, 2016
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Borland C++ 4.5 is very old and our "support" for it is already non-existent, we might as well remove it. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Mar 16, 2016
-
-
Emilia Kasper authored
- Remove duplicate entry - Add author for SSL_CIPHER query functions - Note HKDF support in CHANGES and NEWS [ci skip] Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Mar 11, 2016
-
-
Kurt Roeckx authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Mar 09, 2016
-
-
Matt Caswell authored
Update the CHANGES and NEWS files with information about the recently added AFALG engine and pipelining. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Mar 08, 2016
-
-
Todd Short authored
* Perform ALPN after the SNI callback; the SSL_CTX may change due to that processing * Add flags to indicate that we actually sent ALPN, to properly error out if unexpectedly received. * clean up ssl3_free() no need to explicitly clear when doing memset * document ALPN functions Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Todd Short authored
Add functions to determine authentication, key-exchange, FIPS and AEAD. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Todd Short authored
* Perform ALPN after the SNI callback; the SSL_CTX may change due to that processing * Add flags to indicate that we actually sent ALPN, to properly error out if unexpectedly received. * clean up ssl3_free() no need to explicitly clear when doing memset * document ALPN functions Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Mar 07, 2016
-
-
Emilia Kasper authored
- Always prefer forward-secure handshakes. - Consistently order ECDSA above RSA. - Next, always prefer AEADs to non-AEADs, irrespective of strength. - Within AEADs, prefer GCM > CHACHA > CCM for a given strength. - Prefer TLS v1.2 ciphers to legacy ciphers. - Remove rarely used DSS, IDEA, SEED, CAMELLIA, CCM from the default list to reduce ClientHello bloat. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Mar 04, 2016
-
-
Rob Percival authored
Reviewed-by: Ben Laurie <ben@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-