- 03 8月, 2017 3 次提交
-
-
由 Matt Caswell 提交于
Move the definition of ossl_assert() out of e_os.h which is intended for OS specific things. Instead it is moved into internal/cryptlib.h. This also changes the definition to remove the (int) cast. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4073)
-
由 Lingmo Zhu 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4014)
-
由 Lingmo Zhu 提交于
The comment "The following should not return 1, otherwise, things are very strange" is from the very first commit of OpenSSL. The really meaning of the comment is if the identical session can be found from internal cache after calling get_session_cb but not found before calling get_session_cb, it is just strange. The value 1 was originated from the old doc of SSLeay, reversed from the actual return value of SSL_CTX_add_session(). Anyway either return value of SSL_CTX_add_session() should not interrupt the session resumption process. So the checking of return value of SSL_CTX_add_session() is not necessary. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4014)
-
- 01 8月, 2017 2 次提交
-
-
由 Matt Caswell 提交于
If a new_session_cb is set then it was only ever getting invoked if !s->hit is true. This is sensible for <=TLSv1.2 but does not work for TLSv1.3. Fixes #4045 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4068)
-
由 Todd Short 提交于
Some extensions were being displayed twice, before they were parsed, and again after they were parsed. The supported_versions extension was not being fully displayed, as it was processed differently than other extensions. Move the debug callback to where the extensions are first collected, to catch all the extensions as they come in, so they are ordered correctly. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3911)
-
- 31 7月, 2017 6 次提交
-
-
由 David Benjamin 提交于
The names of these ciphers have an "SSL_" prefix, but the RFC names use "TLS_": https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4 This dates back to these ciphers being originally defined in SSLv3. As SSLv3 is on its way out anyway and this is a new set of APIs, consistently use the TLS names. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4007)
-
由 Xiaoyin Liu 提交于
TLS_ST_SR_NEXT_PROTO means "SSLv3/TLS read next proto" Fix typo in the message for TLS_ST_SW_CERT_STATUS Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4054)
-
由 Xiaoyin Liu 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4052)
-
由 Xiaoyin Liu 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4049)
-
由 Xiaoyin Liu 提交于
Remove the function prototypes for ssl_cert_get0_next_certificate, ssl_set_default_md, tls1_shared_list, dtls1_send_newsession_ticket, tls1_ctrl, and tls1_callback_ctrl, all of which are not defined. It also changed the signature of the function pqueue_next to `pitem *pqueue_next(piterator *item)` in pqueue.c, making it match the prototype in ssl_locl.h. (`piterator *` is equivalent to `pitem **`.) Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4049)
-
由 Xiaoyin Liu 提交于
This patch removes the prototype of function RECORD_LAYER_set_write_sequence from record_locl.h, since this function is not defined. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4051)
-
- 28 7月, 2017 1 次提交
-
-
由 Paul Yang 提交于
Documentation and test cases are also updated Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3783)
-
- 26 7月, 2017 1 次提交
-
-
由 Todd Short 提交于
OpenSSL already has the feature of SSL_MODE_RELEASE_BUFFERS that can be set to release the read or write buffers when data has finished reading or writing. OpenSSL will automatically re-allocate the buffers as needed. This can be quite aggressive in terms of memory allocation. This provides a manual mechanism. SSL_free_buffers() will free the data buffers if there's no pending data. SSL_alloc_buffers() will realloc them; but this function is not strictly necessary, as it's still done automatically in the state machine. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2240)
-
- 21 7月, 2017 1 次提交
-
-
由 Paul Yang 提交于
Fixes: issue #3747 make SSL_CIPHER_standard_name globally available and introduce a new function OPENSSL_cipher_name. A new option '-convert' is also added to 'openssl ciphers' app. Documentation and test cases are added. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3859)
-
- 19 7月, 2017 2 次提交
-
-
由 Matt Caswell 提交于
We now allow a different protocol version when reusing a session so we can unconditionally reset the SSL_METHOD if it has changed. Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3954)
-
由 Matt Caswell 提交于
SSL_clear() does not reset the SSL_METHOD if a session already exists in the SSL object. However, TLSv1.3 does not have an externally visible version fixed method (only an internal one). The state machine assumes that we are always starting from a version flexible method for TLSv1.3. The simplest solution is to just fix SSL_clear() to always reset the method if it is using the internal TLSv1.3 version fixed method. Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3954)
-
- 18 7月, 2017 2 次提交
-
-
由 Matt Caswell 提交于
TLSv1.3 draft-21 requires the ticket nonce to be at least 1 byte in length. However NSS sends a zero length nonce. This is actually ok because the next draft will allow zero length nonces anyway, so we should tolerate this. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3957)
-
由 Matt Caswell 提交于
early_data is not allowed after an HRR. We failed to handle that correctly. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3933)
-
- 17 7月, 2017 1 次提交
-
-
由 Tatsuhiro Tsujikawa 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3941)
-
- 13 7月, 2017 9 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-
由 Dr. Stephen Henson 提交于
The functiontls12_get_pkey_idx is only used to see if a certificate index is enabled: call ssl_cert_is_disabled instead. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-
由 Dr. Stephen Henson 提交于
Add certificate table giving properties of each certificate index: specifically the NID associated with the index and the the auth mask value for any cipher the certificate can be used with. This will be used to generalise certificate handling instead of hard coding algorithm specific cases. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-
- 09 7月, 2017 1 次提交
-
-
由 Richard Levitte 提交于
Unsigned overflow. Found by Brian Carpenter Fixes #3889 Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3890)
-
- 07 7月, 2017 6 次提交
-
-
由 Matt Caswell 提交于
Allow that mode to be configured if desired. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3833)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3852)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3852)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3852)
-
由 Matt Caswell 提交于
In most scenarios the length of the input data is the hashsize, or 0 if the data is NULL. However with the new ticket_nonce changes the length can be different. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3852)
-
由 Matt Caswell 提交于
This just adds the processing for sending and receiving the newly added ticket_nonce field. It doesn't actually use it yet. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3852)
-
- 06 7月, 2017 1 次提交
-
-
由 Benjamin Kaduk 提交于
If the result of a SSL_{CTX_,}set_{min,max}_proto_version() call leaves the min and max version identical, and support for that version is compiled out of the library, return an error. Such an object has no hope of successfully completing a handshake, and this error may be easier to decipher than the resulting handshake failure. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3422)
-
- 03 7月, 2017 3 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3667)
-
由 Bernd Edlinger 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3667)
-
由 Matt Caswell 提交于
We need to use the hashsize in generating the exportsecret not 0! Otherwise we end up with random garbage for the secret. It was pure chance that this passed the tests previously. It so happens that, because we call SSL_export_keying_material() repeatedly for different scenarios in the test, we end up in the tls13_export_keying_material() at exactly the same position in the stack each time and therefore end up using the same random garbage secret each time! Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3810)
-
- 30 6月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
There are no public TLSv1_3_*method() functions so OPENSSL_NO_TLS1_3_METHOD doesn't make any sense and should be removed. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3800)
-