- 29 Feb, 2016 3 commits
-
-
Matt Caswell authored
Implementation experience has shown that the original plan for async wait fds was too simplistic. Originally the async logic created a pipe internally and user/engine code could then get access to it via API calls. It is more flexible if the engine is able to create its own fd and provide it to the async code. Another issue is that there can be a lot of churn in the fd value within the context of (say) a single SSL connection leading to continually adding and removing fds from (say) epoll. It is better if we can provide some stability of the fd value across a whole SSL connection. This is problematic because an engine has no concept of an SSL connection. This commit refactors things to introduce an ASYNC_WAIT_CTX which acts as a proxy for an SSL connection down at the engine layer. Reviewed-by:Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
VisualStudio 2015 has a bug where an internal compiler error was occurring. By reordering the DEFINE_STACK_OF declarations for SSL_CIPHER and SSL_COMP until after the ssl3.h include everything seems ok again. Reviewed-by:Viktor Dukhovni <viktor@openssl.org>
-
Richard Levitte authored
Reviewed-by:Rich Salz <rsalz@openssl.org>
-
- 28 Feb, 2016 26 commits
-
-
Dr. Stephen Henson authored
Reviewed-by: -
Dr. Stephen Henson authored
Reviewed-by:
Emilia Käsper <emilia@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Fix "mixed declarations and code" warnings. Use OpenSSL headers. Reviewed-by:
-
Emilia Kasper authored
Reviewed-by:
Stephen Henson <steve@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Add X25519 to TLS supported curve list. Reject attempts to configure keys which cannot be used for signing. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Check sign/verify blocked with X25519 Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Add a flag to EC_METHOD for curves which do not support signing. New function EC_KEY_can_sign() returns 1 is key can be used for signing. Return an explicit error is an attempt is made to sign with no signing curves. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
In some cases the EC_POINT and EC_KEY BIGNUM components are suboptimal or inappropriate. Add an "custom_data" field which curves can populate with a custom structure to suit their needs. Reviewed-by:
-
Dr. Stephen Henson authored
Extract compression form in EC_KEY_oct2key() instead of manually in the ASN.1 code. For custom curves do not assume the initial octet is the compression form: it isn't for X25519 et al. Reviewed-by:
-
Dr. Stephen Henson authored
Add support for optional overrides of various private key operations in EC_METHOD. Reviewed-by:
-
Dr. Stephen Henson authored
Extend EC_METHOD to permit additional customisation of private key and ECDH operations. Reviewed-by:
-
Dr. Stephen Henson authored
Use standard X25519 and X448 names for OIDs. Delete EdDSA OIDs: for now they wont be used and EdDSA may use a different format. Reviewed-by:
-
FdaSilvaYY authored
Signed-off-by:
-
Rich Salz authored
Removing certs broke the mk1mf build. Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Jeffrey Walton authored
Reviewed-by: -
Richard Levitte authored
Exiting out of a recipe more than necessary leaves an ugly message. Reviewed-by: -
Richard Levitte authored
When building with GNU C, clang or VMS C, it's more efficient to generate dependency file and object file in one call rather than two. Have the dependency output in a temporary file and compare it with the previous one if available to see if replacement is waranted, thereby avoiding unnecessary reconstruction of Makefile / descrip.mms. Github issue #750 Reviewed-by:
-
- 27 Feb, 2016 11 commits
-
-
Jeffrey Walton authored
Stack Overflow has a number of questions related to mutual authentication, the client and its certificate. Those visiting the man pages for functions like SSL_CTX_use_certificate and SSL_CTX_load_verify_locations don't receive the benefit of a cross reference to SSL_CTX_set_client_CA_list. Reviewed-by: -
J Mohan Rao Arisankala authored
Reviewed-by:
Kurt Roeckx <kurt@openssl.org> Reviewed-by:
-
J Mohan Rao Arisankala authored
- srtp_profiles variable is defined when building with SRTP, keeping the variable usage also under ifndef OPENSSL_NO_SRTP - alpn help option was kept under ifndef OPENSSL_NO_SRTP Reviewed-by:
-
Richard Levitte authored
The INCLUDE statement can handle setting extra include directories for individual object files, let's use it. Reviewed-by:Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
Reviewed-by: -
Andy Polyakov authored
Even though AVX support was added in GAS 2.19 vpclmulqdq was apparently added in 2.20. Reviewed-by: -
Andy Polyakov authored
RT#4323 Reviewed-by: -
Dr. Stephen Henson authored
Add some missing parentheses and reformat. Document EC_KEY_oct2key(), EC_KEY_key2buf(), EC_KEY_oct2priv(), EC_KEY_priv2oct() and EC_KEY_priv2buf() Reviewed-by: -
Rich Salz authored
Now that BIO_sock_nbio is available, use it in the apps. Reviewed-by: -
Rich Salz authored
I read the PROBLEMS, and they're outdated; nothing I'd put in the online FAQ, for example. Test-builds work without using these files. Had to remove the rehash.time stuff from Makefile.in Reviewed-by: -
Richard Levitte authored
We don't want recipes for the same files generated more than once Reviewed-by:
-
