- 20 5月, 2021 32 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15381)
-
由 Richard Levitte 提交于
We use a fake EVP_KEYMGMT import function with the newly modified EVP_PKEY_ASN1_METHOD export_to function to pass the exported OSSL_PARAM array directly to the EVP_PKEY_export() callback instead of exporting to an actual provided key and then getting the OSSL_PARAM array from there, just to throw away that key again. Fixes #15290 Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15293)
-
由 Richard Levitte 提交于
We previously took an EVP_KEYMGMT pointer, but now found it necessary to use a different import function in some cases. Since that's the only thing we use from EVP_KEYMGMT, we might as well pass the import function directly, allowing for some flexibility in how export_to is used. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15293)
-
由 Richard Levitte 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15293)
-
由 Matt Caswell 提交于
We now have a migration guide which should be the definitive source of information for upgrading from a previous version of OpenSSL. Fixes #15186 Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15373)
-
由 Matt Caswell 提交于
In 1.1.1 when installing the man pages we created symlinks to the base page for all functions described on the page. We need to continue doing this. Fixes #14846 Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15312)
-
由 Pauli 提交于
Fixes #15307 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15323)
-
由 Richard Levitte 提交于
Modern compilers complain about variable being set but otherwise not used. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15339)
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15242)
-
由 Matt Caswell 提交于
If the global properties are updated after a provider with a child libctx has already started we need to make sure those updates are mirrored in that child. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15242)
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15242)
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15242)
-
由 Matt Caswell 提交于
Where a child libctx is in use it needs to know what the current global properties are. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15242)
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15242)
-
由 Matt Caswell 提交于
We have the ability to parse a string into a PROPERTY_LIST already. Now we have the ability to go the other way. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15242)
-
由 Pauli 提交于
Almost all were notes about wanting to deprecate CTRLs/utility functions. Fixes #15325 Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15328)
-
由 Shane Lontis 提交于
This confirms that another merge has addressed this issue. Fixes #14996 Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15303)
-
由 Pauli 提交于
This reverts commit da51566b. Fixes #15321 Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15364)
-
由 Shane Lontis 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14710)
-
由 Benjamin Kaduk 提交于
Document the recently added functionality. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14817)
-
由 Benjamin Kaduk 提交于
Now that we can become "in init" directly after the call, test the various scenarios where explicit SSL_do_handshake() calls can come into play. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14817)
-
由 Benjamin Kaduk 提交于
The initial implementation always deferred the generation of the requested ticket(s) until the next application write, but this is not a great fit for what it actually does, architecturally wise. A request to send a session ticket means entering back into the handshake state machine (or "in init", as it's known in the implementation). The state machine transition is not something that only occurs at an application-data write, and in general could occur at any time. The only constraint is that we can't enter "init" while in the middle of writing application data. In such cases we will need to wait until the next TLS record boundary to enter the state machine, as is currently done. However, there is no reason why we cannot enter the handshake state machine immediately in SSL_new_session_ticket() if there are no application writes pending. Doing so provides a cleaner API surface to the application, as then calling SSL_do_handshake() suffices to drive the actual ticket generation. In the previous state of affairs a dummy zero-length SSL_write() would be needed to trigger the ticket generation, which is a logical mismatch in the type of operation being performed. This commit should only change whether SSL_do_handshake() vs zero-length SSL_write() is needed to immediately generate a ticket after the SSL_new_session_ticket() call -- the default behavior is still to defer the actual write until there is other application data to write, unless the application requests otherwise. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14817)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14422)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14422)
-
由 Dr. David von Oheimb 提交于
This also removes an inadequate guard: if (num == ctx->num_untrusted) Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14422)
-
由 Dr. David von Oheimb 提交于
This increases readability and maintainability. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14422)
-
由 Dr. David von Oheimb 提交于
This should increase readability and maintainability. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14422)
-
由 Dr. David von Oheimb 提交于
This should increase readability and maintainability. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14422)
-
由 Richard Levitte 提交于
apps/progs.pl will have apps/progs.c as output, and on some systems, the output file of a program is locked against reading. Unfortunately, apps/progs.c is also part of the sources that make up apps/openssl, so it's necessary to mark that file in a way that makes progs.pl skip over it. Fortunately, this is easily done with a special attribute in apps/build.info and a simple adaptation of apps/progs.pl. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15332)
-
由 Richard Levitte 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15332)
-
- 19 5月, 2021 8 次提交
-
-
由 Tomas Mraz 提交于
Fixes #7032 Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15330)
-
由 Dr. David von Oheimb 提交于
This is a quick workaround for #15347. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15351)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15329)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15329)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15329)
-
由 Jake Cooke 提交于
Add bounds checking to length returned by wcslen in wide_to_asc conversion to resolve integer overflow flaw Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15316)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15319)
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15319)
-