- 21 6月, 2017 11 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Rich Salz 提交于
This is done with the kind permission of Nokia. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3722)
-
- 20 6月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Approved by Oracle. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3585)
-
- 16 6月, 2017 5 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3623)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3623)
-
由 Matt Caswell 提交于
This does things as per the recommendation in the TLSv1.3 spec. It also means that the server will always choose its preferred ciphersuite. Previously the server would only select ciphersuites compatible with the session. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3623)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3623)
-
由 Benjamin Kaduk 提交于
Also remove nested OPENSSL_NO_EC conditional; it was properly indented, but a no-op. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBenjamin Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3693)
-
- 13 6月, 2017 2 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3660)
-
由 Rich Salz 提交于
Add "*" as indicator meaning the function/reason is removed, so put an empty string in the function/reason string table; this preserves backward compatibility by keeping the #define's. In state files, trailing backslash means text is on the next line. Add copyright to state files Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3640)
-
- 12 6月, 2017 3 次提交
-
-
由 Benjamin Kaduk 提交于
It is an API to be used from the early callback that indicates what extensions were present in the ClientHello, and in what order. This can be used to eliminate unneeded calls to SSL_early_get0_ext() (which itself scales linearly in the number of extensions supported by the library). Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2976)
-
由 Benjamin Kaduk 提交于
We prevent compression both when the server is parsing the ClientHello and when the client is constructing the ClientHello. A 1.3 ServerHello has no way to hand us back a compression method, and we already check that the server does not try to give us back a compression method that we did not request, so these checks seem sufficient. Weaken the INSTALL note slightly, as we do now expect to interoperate with other implementations. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3131)
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> CLA: trivial (Merged from https://github.com/openssl/openssl/pull/3419)
-
- 10 6月, 2017 2 次提交
-
-
由 Pichulin Dmitrii 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3642)
-
由 Paul Yang 提交于
Signed-off-by: NPaul Yang <paulyang.inf@gmail.com> Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3622)
-
- 09 6月, 2017 4 次提交
-
-
由 Tomas Mraz 提交于
Fixes #3490 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3518)
-
由 Diego Santa Cruz 提交于
This uses memset() to clear all of the SRP_CTX when free'ing or initializing it as well as in error paths instead of having a series of NULL and zero assignments as it is safer. It also changes SSL_SRP_CTX_init() to reset all the SRP_CTX to zero in case or error, previously it could retain pointers to freed memory, potentially leading to a double free. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3467)
-
由 Diego Santa Cruz 提交于
Ownership and lifetime rules of SRP_CTX.info are confusing and different from those of SRP_CTX.login, making it difficult to use correctly. This makes the ownership and lifetime be the same as those of SRP_CTX.login, thet is a copy is made when setting it and is freed when SRP_CTX is freed. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3467)
-
由 Matt Caswell 提交于
This used to work but was inadvertently removed as part of the TLSv1.3 work. This adds it back. Fixes #3633 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3639)
-
- 08 6月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Run perltidy on util/mkerr Change some mkerr flags, write some doc comments Make generated tables "const" when genearting lib-internal ones. Add "state" file for mkerr Renerate error tables and headers Rationalize declaration of ERR_load_XXX_strings Fix out-of-tree build Add -static; sort flags/vars for options. Also tweak code output Moved engines/afalg to engines (from master) Use -static flag Standard engine #include's of errors Don't linewrap err string tables unless necessary Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3392)
-
- 07 6月, 2017 2 次提交
-
-
由 Todd Short 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3432)
-
由 Todd Short 提交于
At the moment we flush the write BIO if we send a fatal alert, but not a warning one. This can mean the warning is never sent if we never do another write and subsequently flush the BIO. Instead we should just always flush after writing an alert. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3432)
-
- 03 6月, 2017 1 次提交
-
-
由 Todd Short 提交于
Code was added in commit b3c31a65 that overwrote the last ex_data value using CRYPTO_dup_ex_data() causing a memory leak, and potentially confusing the ex_data dup() callback. In ssl_session_dup(), fix error handling (properly reference and up-ref shared data) and new-up the ex_data before calling CRYPTO_dup_ex_data(); all other structures that dup ex_data have the destination ex_data new'd before the dup. Fix up some of the ex_data documentation. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3323)
-
- 26 5月, 2017 1 次提交
-
-
由 Todd Short 提交于
The check for SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is inconsistent. Most places check SSL->options, one place is checking SSL_CTX->options; fix that. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> GH: #3523
-
- 23 5月, 2017 1 次提交
-
-
由 Dr. Stephen Henson 提交于
SSLv3 (specifically with client auth) cannot use one shot APIs: the digested data and the master secret are handled in separate update operations. So in the special case of SSLv3 use the streaming API. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3527)
-
- 22 5月, 2017 4 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3496)
-
由 Matt Caswell 提交于
Provides consistent output and approach. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3496)
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3496)
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3496)
-
- 20 5月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
The return code from tls1_mac is supposed to be a boolean 0 for fail, 1 for success. In one place we returned -1 on error. This would cause code calling the mac function to erroneously see this as a success (because a non-zero value is being treated as success in all call sites). Fortunately, AFAICT, the place that returns -1 can only happen on an internal error so is not under attacker control. Additionally this code only appears in master. In 1.1.0 the return codes are treated differently. Therefore there are no security implications. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3495)
-
- 19 5月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Fixes #1526 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3360)
-