- Feb 14, 2014
-
-
Kurt Roeckx authored
If you use "-newkey rsa" it's supposed to read the default number of bits from the config file. However the value isn't used to generate the key, but it does print it's generating such a key. The set_keygen_ctx() doesn't call EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in pkey_rsa_init() (1024). Afterwards the number of bits gets read from the config file, but nothing is done with that anymore. We now read the config first and use the value from the config file when no size is given. PR: 2592 (cherry picked from commit 33432203)
-
Kurt Roeckx authored
(cherry picked from commit e547c45f)
-
Scott Schaefer authored
(cherry picked from commit 2b4ffc65)
-
Scott Schaefer authored
apps/pkcs12.c accepts -password as an argument. The document author almost certainly meant to write "-password, -passin". However, that is not correct, either. Actually the code treats -password as equivalent to -passin, EXCEPT when -export is also specified, in which case -password as equivalent to -passout. (cherry picked from commit 856c6dfb)
-
Dr. Stephen Henson authored
-
Andy Polyakov authored
(cherry picked from commit 70113432)
-
Andy Polyakov authored
(cherry picked from commit f4d45640)
-
Andy Polyakov authored
Improve CBC decrypt and CTR by ~13/16%, which adds up to ~25/33% improvement over "pre-Silvermont" version. [Add performance table to aesni-x86.pl]. (cherry picked from commit 5599c733)
-
Dr. Stephen Henson authored
as issuer and subject names. Although this is an incompatible change it should have little impact in pratice because self-issued certificates that are not self-signed are rarely encountered. (cherry picked from commit b1efb716)
-
Dr. Stephen Henson authored
When a chain is complete and ends in a trusted root checks are also performed on the TA and the callback notified with ok==1. For consistency do the same for chains where the TA is not self signed. (cherry picked from commit 385b3486)
-
Dr. Stephen Henson authored
(from master)
-
Dr. Stephen Henson authored
-
- Feb 13, 2014
-
-
Andy Polyakov authored
-
Andy Polyakov authored
(and remove duplicates).
-
Andy Polyakov authored
(cherry picked from commit 9587429f)
-
Andy Polyakov authored
(other processors unaffected). (cherry picked from commit 98e143f1)
-
- Feb 09, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Revert libssl ordinals to OpenSSL 1.0.1 values first to tidy up and avoid entries for deleted functions.
-
Dr. Stephen Henson authored
-
Ben Laurie authored
-
Ben Laurie authored
Merge branch '102_stable_tlsext_suppdata_changes' of git://github.com/scottdeboy/openssl into scottdeboy-102_stable_tlsext_suppdata_changes
-
Scott Deboy authored
-
Ben Laurie authored
-
Ben Laurie authored
(cherry picked from commit 5eda213e) Conflicts: apps/s_client.c apps/s_server.c
-
Ben Laurie authored
(cherry picked from commit a6a48e87) Conflicts: ssl/s3_clnt.c ssl/t1_lib.c
-
Scott Deboy authored
Reverting 1.0.2-only changes supporting the prior authz RFC5878-based tests from commit 835d104f
-
Ben Laurie authored
-
Scott Deboy authored
The contract for custom extension callbacks has changed - all custom extension callbacks are triggered
-
Ben Laurie authored
-
Scott Deboy authored
Whitespace fixes (cherry picked from commit e9add063) Conflicts: ssl/s3_clnt.c
-
Scott Deboy authored
-
Scott Deboy authored
If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake. Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate. (cherry picked from commit ac20719d) Conflicts: ssl/t1_lib.c
-
Trevor Perrin authored
-
Scott Deboy authored
Free generated supp data after handshake completion, add comment regarding use of num_renegotiations in TLS and supp data generation callbacks (cherry picked from commit 67c408ce) Conflicts: apps/s_client.c apps/s_server.c
-
Scott Deboy authored
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation. (cherry picked from commit 36086186) Conflicts: Configure apps/s_client.c apps/s_server.c ssl/ssl.h ssl/ssl3.h ssl/ssltest.c
-
- Feb 06, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Andy Polyakov authored
(cherry picked from commit 2d752737)
-
Dr. Stephen Henson authored
(cherry picked from commit b45e874d)
-
- Feb 05, 2014
-
-
Andy Polyakov authored
-