- 01 8月, 2017 1 次提交
-
-
由 Todd Short 提交于
Some extensions were being displayed twice, before they were parsed, and again after they were parsed. The supported_versions extension was not being fully displayed, as it was processed differently than other extensions. Move the debug callback to where the extensions are first collected, to catch all the extensions as they come in, so they are ordered correctly. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3911)
-
- 21 7月, 2017 1 次提交
-
-
由 Paul Yang 提交于
Fixes: issue #3747 make SSL_CIPHER_standard_name globally available and introduce a new function OPENSSL_cipher_name. A new option '-convert' is also added to 'openssl ciphers' app. Documentation and test cases are added. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3859)
-
- 18 7月, 2017 2 次提交
-
-
由 Matt Caswell 提交于
TLSv1.3 draft-21 requires the ticket nonce to be at least 1 byte in length. However NSS sends a zero length nonce. This is actually ok because the next draft will allow zero length nonces anyway, so we should tolerate this. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3957)
-
由 Matt Caswell 提交于
early_data is not allowed after an HRR. We failed to handle that correctly. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3933)
-
- 13 7月, 2017 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-
- 07 7月, 2017 5 次提交
-
-
由 Matt Caswell 提交于
Allow that mode to be configured if desired. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3833)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3852)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3852)
-
由 Matt Caswell 提交于
In most scenarios the length of the input data is the hashsize, or 0 if the data is NULL. However with the new ticket_nonce changes the length can be different. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3852)
-
由 Matt Caswell 提交于
This just adds the processing for sending and receiving the newly added ticket_nonce field. It doesn't actually use it yet. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3852)
-
- 03 7月, 2017 2 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3667)
-
由 Bernd Edlinger 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3667)
-
- 24 6月, 2017 2 次提交
-
-
由 Matt Caswell 提交于
Following on from the previous commit this fixes another instance where we need to treat a -ve return from EVP_DigestVerify() as a bad signature. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3756)
-
由 Matt Caswell 提交于
Prior to 72ceb6a6 we treated all failures from the call to EVP_DigestVerifyFinal() as if it were a bad signature, and failures in EVP_DigestUpdate() as an internal error. After that commit we replaced this with the one-shot function EVP_DigestVerify() and treated a 0 return as a bad signature and a negative return as an internal error. However, some signature errors can be negative (e.g. according to the docs if the form of the signature is wrong). Therefore we should treat all <=0 returns as a bad signature. This fixes a boringssl test failure. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3756)
-
- 22 6月, 2017 1 次提交
-
-
由 Paul Yang 提交于
initialize some local variables Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3741)
-
- 21 6月, 2017 11 次提交
-
-
由 Matt Caswell 提交于
The value of BIO_CTRL_DGRAM_SET_PEEK_MODE was clashing with the value for BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. In an SCTP enabled build BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE was used unconditionally with the reasoning that it would be ignored if SCTP wasn't in use. Unfortunately due to this clash, this wasn't the case. The BIO ended up going into peek mode and was continually reading the same data over and over - throwing it away as a replay. Fixes #3723 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3724)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-
由 Matt Caswell 提交于
Found while developing the PSK tests Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Rich Salz 提交于
This is done with the kind permission of Nokia. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3722)
-
- 20 6月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Approved by Oracle. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3585)
-
- 16 6月, 2017 4 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3623)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3623)
-
由 Matt Caswell 提交于
This does things as per the recommendation in the TLSv1.3 spec. It also means that the server will always choose its preferred ciphersuite. Previously the server would only select ciphersuites compatible with the session. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3623)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3623)
-
- 12 6月, 2017 2 次提交
-
-
由 Benjamin Kaduk 提交于
It is an API to be used from the early callback that indicates what extensions were present in the ClientHello, and in what order. This can be used to eliminate unneeded calls to SSL_early_get0_ext() (which itself scales linearly in the number of extensions supported by the library). Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2976)
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> CLA: trivial (Merged from https://github.com/openssl/openssl/pull/3419)
-
- 10 6月, 2017 2 次提交
-
-
由 Pichulin Dmitrii 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3642)
-
由 Paul Yang 提交于
Signed-off-by: NPaul Yang <paulyang.inf@gmail.com> Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3622)
-
- 07 6月, 2017 1 次提交
-
-
由 Todd Short 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3432)
-
- 23 5月, 2017 1 次提交
-
-
由 Dr. Stephen Henson 提交于
SSLv3 (specifically with client auth) cannot use one shot APIs: the digested data and the master secret are handled in separate update operations. So in the special case of SSLv3 use the streaming API. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3527)
-
- 22 5月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Provides consistent output and approach. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3496)
-