- 24 11月, 2016 3 次提交
-
-
由 Matt Caswell 提交于
ossl_shim had some TLS1.3 defines that are now in ssl.h so need to be removed. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 23 11月, 2016 17 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The SSL_IS_TLS13() macro wasn't quite right. It would come back with true in the case where we haven't yet negotiated TLSv1.3, but it could be negotiated. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Add various different handshake types that are possible. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Current s_server can only get an OCSP Response from an OCSP responder. This provides the capability to instead get the OCSP Response from a DER encoded file. This should make testing of OCSP easier. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
After the client processes the server's initial flight in TLS1.3 it may respond with either an encrypted, or an unencrypted alert. We needed to teach TLSProxy about this so that it didn't issue spurious warnings. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
In one case we weren't always sending an unexpected message alert if we don't get what we expect. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
There is a set of miscellaneous processing for OCSP, CT etc at the end of the ServerDone processing. In TLS1.3 we don't have a ServerDone, so this needs to move elsewhere. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The previous commit had a dummy payload for the Finished data. This commit fills it in with a real value. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
This is a major overhaul of the TLSv1.3 state machine. Currently it still looks like TLSv1.2. This commit changes things around so that it starts to look a bit less like TLSv1.2 and bit more like TLSv1.3. After this commit we have: ClientHello + key_share ----> ServerHello +key_share {CertificateRequest*} {Certificate*} {CertificateStatus*} <---- {Finished} {Certificate*} {CertificateVerify*} {Finished} ----> [ApplicationData] <---> [Application Data] Key differences between this intermediate position and the final TLSv1.3 position are: - No EncryptedExtensions message yet - No server side CertificateVerify message yet - CertificateStatus still exists as a separate message - A number of the messages are still in the TLSv1.2 format - Still running on the TLSv1.2 record layer Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
TLSv1.3 has a NewSessionTicket message, but it is *completely* different to the TLSv1.2 one and may as well have been called something else. This commit removes the old style NewSessionTicket from TLSv1.3. We will have to add the new style one back in later. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Commit 94ed2c67 dropped a ! operator by mistake, which causes extended master secret connections to fail. This puts in back. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1980)
-
- 22 11月, 2016 3 次提交
-
-
由 Kurt Roeckx 提交于
b6d5ba1a forgot to update some linux arches. Reviewed-by: NRichard Levitte <levitte@openssl.org> GH: #1977
-
由 Todd Short 提交于
When configured with "no-mdc2 enable-crypto-mdebug" the evp_test will leak memory due to skipped tests, and error out. Also fix a skip condition Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1968)
-
由 Kurt Roeckx 提交于
This reverts commit 4880672a. Fixes: #1903 Reviewed-by: NMatt Caswell <matt@openssl.org> GH: #1931
-
- 20 11月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 18 11月, 2016 9 次提交
-
-
由 Robert Scheck 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1945)
-
由 Robert Scheck 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1945)
-
由 Robert Scheck 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1945)
-
由 Beat Bolli 提交于
In the X509_NAME_get_index_by_NID.pod example, the initialized variable is called "loc", but the one used in the for loop is called "lastpos". Make the names match. CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1949)
-
由 Beat Bolli 提交于
CLA: trivial Since 99d63d46 ("Move manpages to man[1357] structure.", 2016-10-26), the location of the pod files has changed. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1951)
-
由 Kurt Roeckx 提交于
It's called with 0 when it's already locked, with 1 when it's not. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1500
-
由 Kurt Roeckx 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1500
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Andy Polyakov 提交于
In non-__KERNEL__ context 32-bit-style __ARMEB__/__ARMEL__ macros were set in arm_arch.h, which is shared between 32- and 64-bit builds. Since it's not included in __KERNEL__ case, we have to adhere to official 64-bit pre-defines, __AARCH64EB__/__AARCH64EL__. [If we are to share more code, it would need similar adjustment.] Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 17 11月, 2016 7 次提交
-
-
由 Matt Caswell 提交于
We should use the macro for testing if we are using TLSv1.3 rather than checking s->version directly. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Nicola Tuveri 提交于
Calling EVP_PKEY_CTX_new_id(curve_NID, NULL) causes an error for most curves that are implemented through the EC low-level API, and in the last commit we call it for every curve to avoid treating X25519 as a special case. Last commit code already handles correctly this failure, but does not remove these events from the thread error queue, thus some false-positive warnings are printed at the end of execution. This commit ensures that the error queue is clean, without flushing other errors. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1658)
-
由 Nicola Tuveri 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1658)
-
由 Nicola Tuveri 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1658)
-
由 Nicola Tuveri 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1658)
-
由 Nicola Tuveri 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1658)
-
由 Nicola Tuveri 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1658)
-