#
e2b420fd |
| 17-Dec-2015 |
Dr. Stephen Henson |
Server side EVP_PKEY DH support Reviewed-by: Matt Caswell <matt@openssl.org>
|
#
7644a9ae |
| 16-Dec-2015 |
Rich Salz |
Rename some BUF_xxx to OPENSSL_xxx Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} Add #define's for the old nam
Rename some BUF_xxx to OPENSSL_xxx Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} Add #define's for the old names. Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros. Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0-pre1 |
|
#
361a1191 |
| 05-Dec-2015 |
Kurt Roeckx |
Remove support for all 40 and 56 bit ciphers. Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #364
|
#
fe6ef247 |
| 04-Dec-2015 |
Kurt Roeckx |
Remove SSL_{CTX_}set_ecdh_auto() and always enable ECDH Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
#
6977e8ee |
| 04-Dec-2015 |
Kurt Roeckx |
Make SSL_{CTX}_set_tmp_ecdh() call SSL_{CTX_}set1_curves() SSL_{CTX}_set_tmp_ecdh() allows to set 1 EC curve and then tries to use it. On the other hand SSL_{CTX_}set1_curves() allows y
Make SSL_{CTX}_set_tmp_ecdh() call SSL_{CTX_}set1_curves() SSL_{CTX}_set_tmp_ecdh() allows to set 1 EC curve and then tries to use it. On the other hand SSL_{CTX_}set1_curves() allows you to set a list of curves, but only when SSL_{CTX_}set_ecdh_auto() was called to turn it on. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
show more ...
|
#
6f78b9e8 |
| 04-Dec-2015 |
Kurt Roeckx |
Remove support for SSL_{CTX_}set_tmp_ecdh_callback(). This only gets used to set a specific curve without actually checking that the peer supports it or not and can therefor result in ha
Remove support for SSL_{CTX_}set_tmp_ecdh_callback(). This only gets used to set a specific curve without actually checking that the peer supports it or not and can therefor result in handshake failures that can be avoided by selecting a different cipher. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
show more ...
|
Revision tags: OpenSSL_0_9_8zh, OpenSSL_1_0_0t, OpenSSL_1_0_1q, OpenSSL_1_0_2e |
|
#
ae4d0c8d |
| 11-Nov-2015 |
Matt Caswell |
Add comment explaining why we don't check a return value A call to X509_verify_cert() is used to build a chain of certs for the server to send back to the client. It isn't *actually* use
Add comment explaining why we don't check a return value A call to X509_verify_cert() is used to build a chain of certs for the server to send back to the client. It isn't *actually* used for verifying the cert at all - just building the chain. Therefore the return value is ignored. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
show more ...
|
#
a71edf3b |
| 30-Oct-2015 |
Matt Caswell |
Standardise our style for checking malloc failures if we have a malloc |x = OPENSSL_malloc(...)| sometimes we check |x| for NULL and sometimes we treat it as a boolean |if(!x) ...|. Stan
Standardise our style for checking malloc failures if we have a malloc |x = OPENSSL_malloc(...)| sometimes we check |x| for NULL and sometimes we treat it as a boolean |if(!x) ...|. Standardise the approach in libssl. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
show more ...
|
#
23a635c0 |
| 10-Sep-2015 |
Matt Caswell |
Remove the type variable The SSL structure contained a "type" variable that was set to either SSL_ST_ACCEPT or SSL_ST_CONNECT depending on whether we are the server or the client. Th
Remove the type variable The SSL structure contained a "type" variable that was set to either SSL_ST_ACCEPT or SSL_ST_CONNECT depending on whether we are the server or the client. This duplicates the capability of the "server" variable and was actually rarely used. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
9076bd25 |
| 11-Sep-2015 |
Dr. Stephen Henson |
Make no-psk compile without warnings. PR#4035 Reviewed-by: Matt Caswell <matt@openssl.org>
|
#
9982cbbb |
| 30-Sep-2015 |
Rich Salz |
Remove BIO_s_file_internal macro. Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
984d6c60 |
| 11-Sep-2015 |
David Woodhouse |
Fix no-stdio build Much related/similar work also done by Ivan Nestlerode <ivan.nestlerode@sonos.com> +Replace FILE BIO's with dummy ops that fail. +Include <stdio.h>
Fix no-stdio build Much related/similar work also done by Ivan Nestlerode <ivan.nestlerode@sonos.com> +Replace FILE BIO's with dummy ops that fail. +Include <stdio.h> for sscanf() even with no-stdio (since the declaration is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment variable, since it can be larger than a 'long'. And we don't rely on the availability of strtoull(). +Remove OPENSSL_stderr(); not used. +Make OPENSSL_showfatal() do nothing (currently without stdio there's nothing we can do). +Remove file-based functionality from ssl/. The function prototypes were already gone, but not the functions themselves. +Remove unviable conf functionality via SYS_UEFI +Add fallback definition of BUFSIZ. +Remove functions taking FILE * from header files. +Add missing DECLARE_PEM_write_fp_const +Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out, so remove its prototype. +Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid(). +Eliminate SRP_VBASE_init() and supporting functions. Users will need to build the verifier manually instead. +Eliminate compiler warning for unused do_pk8pkey_fp(). +Disable TEST_ENG_OPENSSL_PKEY. +Disable GOST engine as is uses [f]printf all over the place. +Eliminate compiler warning for unused send_fp_chars(). Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
#
0e04674e |
| 17-Sep-2015 |
Filipe DA SILVA |
RT4047: Set reference count earlier Make sure it's valid very early. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
df6da24b |
| 14-Sep-2015 |
Dr. Stephen Henson |
Fix PSK identity hint handling. For server use a PSK identity hint value in the CERT structure which is inherited when SSL_new is called and which allows applications to set hints on
Fix PSK identity hint handling. For server use a PSK identity hint value in the CERT structure which is inherited when SSL_new is called and which allows applications to set hints on a per-SSL basis. The previous version of SSL_use_psk_identity_hint tried (wrongly) to use the SSL_SESSION structure. PR#4039 Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
#
a8d8e06b |
| 02-Sep-2015 |
Dr. Stephen Henson |
Avoid direct X509 structure access Reviewed-by: Tim Hudson <tjh@openssl.org>
|
#
b51bce94 |
| 25-Aug-2015 |
Rich Salz |
Add and use OPENSSL_zalloc There are many places (nearly 50) where we malloc and then memset. Add an OPENSSL_zalloc routine to encapsulate that. (Missed one conversion; thanks Richar
Add and use OPENSSL_zalloc There are many places (nearly 50) where we malloc and then memset. Add an OPENSSL_zalloc routine to encapsulate that. (Missed one conversion; thanks Richard) Also fixes GH328 Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
05f0fb9f |
| 31-Aug-2015 |
Dr. Stephen Henson |
Add X509_up_ref function. Reviewed-by: Rich Salz <rsalz@openssl.org>
|
Revision tags: OpenSSL_1_0_1p, OpenSSL_1_0_2d, OpenSSL-fips-2_0_11 |
|
#
389ebcec |
| 21-Jun-2015 |
Dr. Stephen Henson |
Remove SESS_CERT entirely. Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
c34b0f99 |
| 21-Jun-2015 |
Dr. Stephen Henson |
Move peer chain to SSL_SESSION structure. Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
a273c6ee |
| 21-Jun-2015 |
Dr. Stephen Henson |
Remove certificates from sess_cert As numerous comments indicate the certificate and key array is not an appopriate structure to store the peers certificate: so remove it and just th
Remove certificates from sess_cert As numerous comments indicate the certificate and key array is not an appopriate structure to store the peers certificate: so remove it and just the s->session->peer instead. Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
8d92c1f8 |
| 21-Jun-2015 |
Dr. Stephen Henson |
Remove peer temp keys from SESS_CERT Reviewed-by: Richard Levitte <levitte@openssl.org>
|
Revision tags: OpenSSL_1_0_1o, OpenSSL_1_0_2c, OpenSSL_0_9_8zg, OpenSSL_1_0_0s, OpenSSL_1_0_1n, OpenSSL_1_0_2b |
|
#
2c55a0bc |
| 15-May-2015 |
Matt Caswell |
Add CHANGES entry for OPENSSL_NO_TLSEXT removal Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
e481f9b9 |
| 15-May-2015 |
Matt Caswell |
Remove support for OPENSSL_NO_TLSEXT Given the pervasive nature of TLS extensions it is inadvisable to run OpenSSL without support for them. It also means that maintaining the OPENSS
Remove support for OPENSSL_NO_TLSEXT Given the pervasive nature of TLS extensions it is inadvisable to run OpenSSL without support for them. It also means that maintaining the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably not well tested). Therefore it is being removed. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
4d69f9e6 |
| 18-May-2015 |
Dr. Stephen Henson |
move masks out of CERT structure Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
6383d316 |
| 12-May-2015 |
Dr. Stephen Henson |
Move certificate validity flags out of CERT. Reviewed-by: Rich Salz <rsalz@openssl.org>
|