- 26 9月, 2017 7 次提交
-
-
由 Dr. Stephen Henson 提交于
Rename tls1_get_curvelist to tls1_get_grouplist, change to void as it can never fail and remove unnecessary return value checks. Clean up the code. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/=4412)
-
由 Dr. Stephen Henson 提交于
Replace existing compression and groups check with two functions. tls1_check_pkey_comp() checks a keys compression algorithms is consistent with extensions. tls1_check_group_id() checks is a group is consistent with extensions and preferences. Rename tls1_ec_nid2curve_id() to tls1_nid2group_id() and make it static. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/=4412)
-
由 Dr. Stephen Henson 提交于
Setup EVP_PKEY structure from a group ID in ssl_generate_param_group, replace duplicate code with this function. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/=4412)
-
由 Dr. Stephen Henson 提交于
Replace tls1_ec_curve_id2nid() with tls_group_id_lookup() which returns the TLS_GROUP_INFO for the group. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/=4412)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/=4412)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/=4412)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/=4412)
-
- 23 9月, 2017 3 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> GH: #4410
-
由 Kurt Roeckx 提交于
Found by OSS-Fuzz and the tests Reviewed-by: NAndy Polyakov <appro@openssl.org> GH: #4410
-
由 Dr. Stephen Henson 提交于
Instead of storing supported groups in on-the-wire format store them as parsed uint16_t values. This simplifies handling of groups as the values can be directly used instead of being converted. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4406)
-
- 22 9月, 2017 2 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4383)
-
由 Patrick Steuer 提交于
Compilation failed due to -Werror=misleading-indentation. Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4395)
-
- 20 9月, 2017 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)
-
由 Dr. Stephen Henson 提交于
Allo RSA certificate to be used for RSA-PSS signatures: this needs to be explicit because RSA and RSA-PSS certificates are now distinct types. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)
-
由 Dr. Stephen Henson 提交于
Recognise RSA-PSS certificate algorithm and add a new certificate type. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)
-
- 15 9月, 2017 1 次提交
-
-
由 Christian Heimes 提交于
OpenSSL 1.1.0 made SSL_CTX and SSL structs opaque and introduced a new API to set the minimum and maximum protocol version for SSL_CTX with TLS_method(). Add getters to introspect the configured versions: int SSL_CTX_get_min_proto_version(SSL_CTX *ctx); int SSL_CTX_get_max_proto_version(SSL_CTX *ctx); int SSL_get_min_proto_version(SSL *ssl); int SSL_get_max_proto_version(SSL *ssl); NOTE: The getters do not resolv the version in case when the minimum or maxium version are configured as '0' (meaning auto-select lowest and highst version number). Signed-off-by: NChristian Heimes <christian@python.org> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4364)
-
- 14 9月, 2017 2 次提交
-
-
由 Benjamin Kaduk 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4369)
-
由 Pauli 提交于
This reverts commit a89c9a0d. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4357)
-
- 11 9月, 2017 1 次提交
-
-
由 FdaSilvaYY 提交于
A fix formatting fixes. SSL Trace: internal constification - static trace tables - trace methods arguments SSL Trace: enhance error message when tracing an invalid extension packet ... instead of just "Message length parse error!". SSL trace: add Maximum-Fragment-Length TLS extension log support Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4353)
-
- 09 9月, 2017 2 次提交
-
-
由 David Benjamin 提交于
It is otherwise unclear what all the magic numbers mean. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4349)
-
由 David Benjamin 提交于
"Early callback" is a little ambiguous now that early data exists. Perhaps "ClientHello callback"? Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4349)
-
- 07 9月, 2017 1 次提交
-
-
由 Benjamin Kaduk 提交于
In OpenSSL 1.1.0, when there were no extensions added to the ServerHello, we did not write the extension data length bytes to the end of the ServerHello; this is needed for compatibility with old client implementations that do not support TLS extensions (such as the default configuration of OpenSSL 0.9.8). When ServerHello extension construction was converted to the new extensions framework in commit 7da160b0, this behavior was inadvertently limited to cases when SSLv3 was negotiated (and similarly for ClientHellos), presumably since extensions are not defined at all for SSLv3. However, extensions for TLS prior to TLS 1.3 have been defined in separate RFCs (6066, 4366, and 3546) from the TLS protocol specifications, and as such should be considered an optional protocol feature in those cases. Accordingly, be conservative in what we send, and skip the extensions block when there are no extensions to be sent, regardless of the TLS/SSL version. (TLS 1.3 requires extensions and can safely be treated differently.) Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4296)
-
- 06 9月, 2017 1 次提交
-
-
由 Alfred E. Heggestad 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4011)
-
- 04 9月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
The padding extension should always be at least 1 byte long Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4331)
-
- 01 9月, 2017 4 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4297)
-
由 Andy Polyakov 提交于
This is actually not all warnings, only return values. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4297)
-
由 Pauli 提交于
Move struct timeval includes into e_os.h (where the Windows ones were). Enaure that the include is guarded canonically. Refer #4271 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4312)
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4307)
-
- 31 8月, 2017 12 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
由 Matt Caswell 提交于
SNI and ALPN must be set to be consistent with the PSK. Otherwise this is an error. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
由 Pauli 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4300)
-
由 Paul Yang 提交于
The returned ID matches with what IANA specifies (or goes on the wire anyway, IANA notwithstanding). Doc is added. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4107)
-