- Feb 14, 2014
-
-
Kurt Roeckx authored
-
Scott Schaefer authored
-
Scott Schaefer authored
apps/pkcs12.c accepts -password as an argument. The document author almost certainly meant to write "-password, -passin". However, that is not correct, either. Actually the code treats -password as equivalent to -passin, EXCEPT when -export is also specified, in which case -password as equivalent to -passout.
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
Improve CBC decrypt and CTR by ~13/16%, which adds up to ~25/33% improvement over "pre-Silvermont" version. [Add performance table to aesni-x86.pl].
-
Dr. Stephen Henson authored
When a chain is complete and ends in a trusted root checks are also performed on the TA and the callback notified with ok==1. For consistency do the same for chains where the TA is not self signed.
-
Dr. Stephen Henson authored
-
- Feb 13, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
(cherry picked from commit a2317c3f)
-
Andy Polyakov authored
-
Andy Polyakov authored
(other processors unaffected).
-
Ben Laurie authored
-
- Feb 09, 2014
-
-
Ben Laurie authored
-
- Feb 06, 2014
-
-
Dr. Stephen Henson authored
-
- Feb 05, 2014
-
-
Dr. Stephen Henson authored
-
Ben Laurie authored
-
Scott Deboy authored
The contract for custom extension callbacks has changed - all custom extension callbacks are triggered
-
Ben Laurie authored
-
Scott Deboy authored
Whitespace fixes
-
Scott Deboy authored
-
Scott Deboy authored
If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake. Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate.
-
Dr. Stephen Henson authored
If an application calls the macro SSL_CTX_get_extra_chain_certs return either the old "shared" extra certificates or those associated with the current certificate. This means applications which call SSL_CTX_use_certificate_chain_file and retrieve the additional chain using SSL_CTX_get_extra_chain_certs will still work. An application which only wants to check the shared extra certificates can call the new macro SSL_CTX_get_extra_chain_certs_only
-
Andy Polyakov authored
-
Andy Polyakov authored
This allows to process multiple fragmets of maximum fragment size, as opposite to chopping maximum-sized fragments to multiple smaller ones. This approach relies on dynamic allocation of larger buffers, which we trade for performance improvement, for several *times* in some situations.
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
If application has more data than maximum fragment, hold to buffer for whole write, as opposite to per-fragment strategy.
-
- Feb 03, 2014
-
-
Dr. Stephen Henson authored
PR#3253
-
- Feb 02, 2014
-
-
Dr. Stephen Henson authored
New ctrl sets current certificate based on certain criteria. Currently two options: set the first valid certificate as current and set the next valid certificate as current. Using these an application can iterate over all certificates in an SSL_CTX or SSL structure.
-
Dr. Stephen Henson authored
-
- Feb 01, 2014
-
-
Andy Polyakov authored
-
Andy Polyakov authored
Atom Silvermont. On other CPUs one can observe 1% loss on some algorithms.
-
Andy Polyakov authored
+5% on Atom Silvermont, up to +8% improvement of legacy code. Harmonize sha1-586.pl and aesni-sha1-x86_86.p with sha1-x86_64.pl.
-
- Jan 29, 2014
-
-
Dr. Stephen Henson authored
Remove reference to ERR_TXT_MALLOCED in the error library as that is only used internally. Indicate that returned error data must not be freed. (cherry picked from commit f2d678e6)
-
- Jan 28, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
PR#3244 (cherry picked from commit 9614d2c6)
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Always add a dynamically loaded ENGINE to list. Otherwise it can cause problems when multiply loaded, especially if it adds new public key methods. For all current engines we only want a single implementation anyway.
-
- Jan 27, 2014
-
-
Dr. Stephen Henson authored
-