#
643d91fe |
| 05-Jan-2018 |
Bernd Edlinger |
Stop using unimplemented cipher classes. Add comments to no longer usable ciphers. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/502
Stop using unimplemented cipher classes. Add comments to no longer usable ciphers. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5023)
show more ...
|
#
8175af50 |
| 27-Dec-2017 |
Bernd Edlinger |
Alternate fix for ../test/recipes/80-test_ssl_old.t with no-ec Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4981)
|
Revision tags: OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
#
26a7d938 |
| 17-Oct-2017 |
KaoruToda |
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4541)
show more ...
|
#
ea78d1ec |
| 30-Aug-2017 |
Pauli |
Add ARIA as an alias for all ARIA based modes. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4300)
|
#
50966bfa |
| 22-Aug-2017 |
Paul Yang |
Introduce SSL_CIPHER_get_protocol_id The returned ID matches with what IANA specifies (or goes on the wire anyway, IANA notwithstanding). Doc is added. Reviewed-by: Mat
Introduce SSL_CIPHER_get_protocol_id The returned ID matches with what IANA specifies (or goes on the wire anyway, IANA notwithstanding). Doc is added. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4107)
show more ...
|
#
bc326738 |
| 21-Aug-2017 |
Jon Spillett |
Implement Aria GCM/CCM Modes and TLS cipher suites AEAD cipher mode implementation is based on that used for AES: https://tools.ietf.org/html/rfc5116 TLS GCM cipher suite
Implement Aria GCM/CCM Modes and TLS cipher suites AEAD cipher mode implementation is based on that used for AES: https://tools.ietf.org/html/rfc5116 TLS GCM cipher suites as specified in: https://tools.ietf.org/html/rfc6209 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4287)
show more ...
|
#
677963e5 |
| 18-Aug-2017 |
Pauli |
e_os.h removal from other headers and source files. Removed e_os.h from all bar three headers (apps/apps.h crypto/bio/bio_lcl.h and ssl/ssl_locl.h). Added e_os.h into the files
e_os.h removal from other headers and source files. Removed e_os.h from all bar three headers (apps/apps.h crypto/bio/bio_lcl.h and ssl/ssl_locl.h). Added e_os.h into the files that need it now. Directly reference internal/nelem.h when required. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4188)
show more ...
|
#
00dfbaad |
| 20-Aug-2017 |
Pauli |
Fix ctype arguments. Cast arguments to the various ctype functions to unsigned char to match their documentation. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from
Fix ctype arguments. Cast arguments to the various ctype functions to unsigned char to match their documentation. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4203)
show more ...
|
#
67dc995e |
| 02-Aug-2017 |
Matt Caswell |
Move ossl_assert Move the definition of ossl_assert() out of e_os.h which is intended for OS specific things. Instead it is moved into internal/cryptlib.h. This also changes the
Move ossl_assert Move the definition of ossl_assert() out of e_os.h which is intended for OS specific things. Instead it is moved into internal/cryptlib.h. This also changes the definition to remove the (int) cast. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4073)
show more ...
|
#
3519bae5 |
| 30-Jul-2017 |
Xiaoyin Liu |
Fix typos in files in ssl directory Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4052)
|
#
bbb4ceb8 |
| 29-Jun-2017 |
Paul Yang |
Support converting cipher name to RFC name and vice versa Fixes: issue #3747 make SSL_CIPHER_standard_name globally available and introduce a new function OPENSSL_cipher_name.
Support converting cipher name to RFC name and vice versa Fixes: issue #3747 make SSL_CIPHER_standard_name globally available and introduce a new function OPENSSL_cipher_name. A new option '-convert' is also added to 'openssl ciphers' app. Documentation and test cases are added. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3859)
show more ...
|
#
7f6b466b |
| 29-Jun-2017 |
Dr. Stephen Henson |
Use certificate tables instead of ssl_cipher_get_cert_index. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
|
#
c04cd728 |
| 28-Jun-2017 |
Dr. Stephen Henson |
Add certificate properties table. Add certificate table giving properties of each certificate index: specifically the NID associated with the index and the the auth mask value for an
Add certificate properties table. Add certificate table giving properties of each certificate index: specifically the NID associated with the index and the the auth mask value for any cipher the certificate can be used with. This will be used to generalise certificate handling instead of hard coding algorithm specific cases. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
show more ...
|
#
72257204 |
| 21-Jun-2017 |
Matt Caswell |
PSK related tweaks based on review feedback Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
|
#
ba4df682 |
| 12-Jun-2017 |
Matt Caswell |
Add a function to get the handshake digest for an SSL_CIPHER Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
|
#
c80149d9 |
| 20-Jun-2017 |
Rich Salz |
Merge Nokia copyright notice into standard This is done with the kind permission of Nokia. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/o
Merge Nokia copyright notice into standard This is done with the kind permission of Nokia. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3722)
show more ...
|
#
aa8f3d76 |
| 15-Jun-2017 |
Rich Salz |
Modify Sun copyright to follow OpenSSL style Approved by Oracle. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/358
Modify Sun copyright to follow OpenSSL style Approved by Oracle. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3585)
show more ...
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f |
|
#
380a522f |
| 19-May-2017 |
Matt Caswell |
Replace instances of OPENSSL_assert() with soft asserts in libssl Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3496)
|
Revision tags: OpenSSL-fips-2_0_16 |
|
#
2f0ca54c |
| 28-Feb-2017 |
Emilia Kasper |
Remove some obsolete/obscure internal define switches: - FLAT_INC - PKCS1_CHECK (the SSL_OP_PKCS1_CHECK options have been no-oped) - PKCS_TESTVECT (debugging leftovers) - S
Remove some obsolete/obscure internal define switches: - FLAT_INC - PKCS1_CHECK (the SSL_OP_PKCS1_CHECK options have been no-oped) - PKCS_TESTVECT (debugging leftovers) - SSL_AD_MISSING_SRP_USERNAME (unfinished feature) - DTLS_AD_MISSING_HANDSHAKE_MESSAGE (unfinished feature) - USE_OBJ_MAC (note this removes a define from the public header but very unlikely someone would be depending on it) - SSL_FORBID_ENULL Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org>
show more ...
|
#
38f2837b |
| 28-Feb-2017 |
Matt Caswell |
Remove some commented out code in libssl Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/ope
Remove some commented out code in libssl Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2774)
show more ...
|
#
b53338cb |
| 28-Feb-2017 |
Emilia Kasper |
Clean up references to FIPS This removes the fips configure option. This option is broken as the required FIPS code is not available. FIPS_mode() and FIPS_mode_set() are retaine
Clean up references to FIPS This removes the fips configure option. This option is broken as the required FIPS code is not available. FIPS_mode() and FIPS_mode_set() are retained for compatibility, but FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to turn FIPS mode off. Reviewed-by: Stephen Henson <steve@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0e |
|
#
60d685d1 |
| 06-Feb-2017 |
Benjamin Kaduk |
Let ssl_get_cipher_by_char yield not-valid ciphers Now that we have made SCSVs into more of a first-class object, provide a way for the bytes-to-SSL_CIPHER conversion to actually return
Let ssl_get_cipher_by_char yield not-valid ciphers Now that we have made SCSVs into more of a first-class object, provide a way for the bytes-to-SSL_CIPHER conversion to actually return them. Add a flag 'all' to ssl_get_cipher_by_char to indicate that we want all the known ciphers, not just the ones valid for encryption. This will, in practice, let the caller retrieve the SCSVs. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2279)
show more ...
|
#
d42d0a4d |
| 01-Feb-2017 |
Pauli |
Implementation of the ARIA cipher as described in RFC 5794. This implementation is written in endian agnostic C code. No attempt at providing machine specific assembly code has been made
Implementation of the ARIA cipher as described in RFC 5794. This implementation is written in endian agnostic C code. No attempt at providing machine specific assembly code has been made. This implementation expands the evptests by including the test cases from RFC 5794 and ARIA official site rather than providing an individual test case. Support for ARIA has been integrated into the command line applications, but not TLS. Implemented modes are CBC, CFB1, CFB8, CFB128, CTR, ECB and OFB128. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2337)
show more ...
|
#
e0670973 |
| 06-Feb-2017 |
Yuchi |
mem leak on error path and error propagation fix Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/opens
mem leak on error path and error propagation fix Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2559)
show more ...
|
#
d0ff28f8 |
| 10-Feb-2017 |
Dr. Stephen Henson |
Replace SSL_PKEY_RSA_ENC, SSL_PKEY_RSA_SIGN The original intent of SSL_PKEY_RSA_SIGN and SSL_PKEY_RSA_ENC was to support two different keys for RSA signing and decrypt. However this
Replace SSL_PKEY_RSA_ENC, SSL_PKEY_RSA_SIGN The original intent of SSL_PKEY_RSA_SIGN and SSL_PKEY_RSA_ENC was to support two different keys for RSA signing and decrypt. However this was never implemented and we only ever set one key and the other was always NULL. Replace with single SSL_PKEY_RSA type. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2587)
show more ...
|