- May 20, 2016
-
-
Rich Salz authored
Rename sk_xxx to OPENSSL_sk_xxx and _STACK to OPENSSL_STACK Rename lh_xxx API to OPENSSL_LH_xxx and LHASH_NODE to OPENSSL_LH_NODE Make lhash stuff opaque. Use typedefs for function pointers; makes the code simpler. Remove CHECKED_xxx macros. Add documentation; remove old X509-oriented doc. Add API-compat names for entire old API Reviewed-by:Dr. Stephen Henson <steve@openssl.org>
-
- May 16, 2016
-
-
FdaSilvaYY authored
Add a status return value instead of void. Add some sanity checks on reference counter value. Update the docs. Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
Matt Caswell <matt@openssl.org>
-
- May 12, 2016
-
-
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
While it seemed like a good idea to have this file once upon a time, this kind of file belongs with the package maintainer rather than in our source. Reviewed-by: -
Richard Levitte authored
This makes it possible to just run ./config on a x86_64 machine with no extra fuss. RT#4356 Reviewed-by:Tim Hudson <tjh@openssl.org>
-
- May 11, 2016
-
-
Dr. Stephen Henson authored
Update pkcs8 utility to use 256 bit AES using SHA256 by default. Update documentation. Reviewed-by:Viktor Dukhovni <viktor@openssl.org>
-
- May 10, 2016
-
-
Andy Polyakov authored
Reviewed-by:Richard Levitte <levitte@openssl.org>
-
- May 09, 2016
-
-
Rich Salz authored
Reviewed-by:
-
- May 05, 2016
-
-
Rich Salz authored
Reviewed-by: -
FdaSilvaYY authored
Signed-off-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
- May 03, 2016
-
-
Matt Caswell authored
Reviewed-by:
-
- May 02, 2016
-
-
Richard Levitte authored
Reviewed-by:
-
- Apr 15, 2016
-
-
Rich Salz authored
Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP, and X509_LOOKUP_METHOD opaque. Remove unused X509_CERT_FILE_CTX Reviewed-by:
-
- Apr 14, 2016
-
-
Matt Caswell authored
In most cases we expect that people will be using shared libraries not static ones, therefore we make that the default. Reviewed-by:
-
- Apr 13, 2016
-
-
Matt Caswell authored
Document removal of no-aes, no-hmac, no-rsa, no-sha and no-md5. Reviewed-by: -
Matt Caswell authored
Reviewed-by:
-
- Apr 09, 2016
-
-
Emilia Kasper authored
In Travis, do --strict-warnings on BUILDONLY configurations. This ensures that the tests run even if --strict-warnings fail, and avoids hiding unrelated test failures. Reviewed-by: -
Matt Caswell authored
Reviewed-by:
-
- Apr 06, 2016
-
-
Richard Levitte authored
Reviewed-by:
-
- Apr 02, 2016
-
-
Matt Caswell authored
Reviewed-by:
-
- Mar 29, 2016
-
-
Matt Caswell authored
Reviewed-by:
-
- Mar 21, 2016
-
-
Matt Caswell authored
Rijndael is an old name for AES. Reviewed-by:
-
Richard Levitte authored
This removes all scripts that deal with MINFO as well, since that's only used by mk1mf. Reviewed-by:Andy Polyakov <appro@openssl.org>
-
- Mar 20, 2016
-
-
Rich Salz authored
Don't have #error statements in header files, but instead wrap the contents of that file in #ifndef OPENSSL_NO_xxx This means it is now always safe to include the header file. Reviewed-by:
-
- Mar 17, 2016
-
-
Rich Salz authored
Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Richard Levitte authored
Borland C++ 4.5 is very old and our "support" for it is already non-existent, we might as well remove it. Reviewed-by:
-
- Mar 16, 2016
-
-
Emilia Kasper authored
- Remove duplicate entry - Add author for SSL_CIPHER query functions - Note HKDF support in CHANGES and NEWS [ci skip] Reviewed-by:
-
- Mar 11, 2016
-
-
Kurt Roeckx authored
Reviewed-by:
-
- Mar 09, 2016
-
-
Matt Caswell authored
Update the CHANGES and NEWS files with information about the recently added AFALG engine and pipelining. Reviewed-by: -
Matt Caswell authored
Reviewed-by:
-
- Mar 08, 2016
-
-
Todd Short authored
* Perform ALPN after the SNI callback; the SSL_CTX may change due to that processing * Add flags to indicate that we actually sent ALPN, to properly error out if unexpectedly received. * clean up ssl3_free() no need to explicitly clear when doing memset * document ALPN functions Signed-off-by:
Emilia Käsper <emilia@openssl.org> Reviewed-by:
-
Todd Short authored
Add functions to determine authentication, key-exchange, FIPS and AEAD. Reviewed-by:
-
Todd Short authored
* Perform ALPN after the SNI callback; the SSL_CTX may change due to that processing * Add flags to indicate that we actually sent ALPN, to properly error out if unexpectedly received. * clean up ssl3_free() no need to explicitly clear when doing memset * document ALPN functions Signed-off-by:
-
- Mar 07, 2016
-
-
Emilia Kasper authored
- Always prefer forward-secure handshakes. - Consistently order ECDSA above RSA. - Next, always prefer AEADs to non-AEADs, irrespective of strength. - Within AEADs, prefer GCM > CHACHA > CCM for a given strength. - Prefer TLS v1.2 ciphers to legacy ciphers. - Remove rarely used DSS, IDEA, SEED, CAMELLIA, CCM from the default list to reduce ClientHello bloat. Reviewed-by:
-
- Mar 04, 2016
-
-
Rob Percival authored
Reviewed-by:
Ben Laurie <ben@openssl.org> Reviewed-by:
-
Rich Salz authored
Change the ECC default curve list to be this, in order: x25519, secp256r1, secp521r1, secp384r1, brainpoolP256r1, brainpoolP384r1, and brainpool512r1. Reviewed-by: -
Matt Caswell authored
RC4 based ciphersuites in libssl have been disabled by default. They can be added back by building OpenSSL with the "enable-weak-ssl-ciphers" Configure option at compile time. Reviewed-by:
-
- Mar 03, 2016
-
-
Emilia Kasper authored
1) Simplify code with better PACKET methods. 2) Make broken SNI parsing explicit. SNI was intended to be extensible to new name types but RFC 4366 defined the syntax inextensibly, and OpenSSL has never parsed SNI in a way that would allow adding a new name type. RFC 6066 fixed the definition but due to broken implementations being widespread, it appears impossible to ever extend SNI. 3) Annotate resumption behaviour. OpenSSL doesn't currently handle all extensions correctly upon resumption. Annotate for further clean-up. 4) Send an alert on ALPN protocol mismatch. Reviewed-by:Kurt Roeckx <kurt@openssl.org>
-
- Mar 01, 2016
-
-
Matt Caswell authored
Reviewed-by:
-
