- Apr 18, 2018
-
-
Andy Polyakov authored
(resolve uninitialized variable warning and harmonize output). Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5975)
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Rahul Chaudhry authored
Branch to global symbol results in reference to PLT, and when compiling for THUMB-2 - in a R_ARM_THM_JUMP19 relocation. Some linkers don't support this relocation (ld.gold), while others can end up truncating the relocation to fit (ld.bfd). Convert this branch through PLT into a direct branch that the assembler can resolve locally. See https://github.com/android-ndk/ndk/issues/337 for background. The current workaround is to disable poly1305 optimization assembly, which is not optimal and can be reverted after this patch: https://github.com/freedesktop/gstreamer-cerbero/commit/beab607d2b1ff23c41b7e01aa9c64be5e247d1e6 CLA: trivial Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5949)
-
FdaSilvaYY authored
fix some indents, and restrict to 80 cols some lines. Reviewed-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4466)
-
Matt Caswell authored
Explicitly state which digests can be used with which algorithms. Fixes #5854 Reviewed-by:
-
Peter Wu authored
Client can only send early data if the PSK allows for it, the max_early_data_size field can only be configured for the server side. Reviewed-by:
-
Peter Wu authored
This will be necessary to enable Wireshark to decrypt QUIC 0-RTT data. Reviewed-by:
-
Peter Wu authored
Reviewed-by:
-
Peter Wu authored
NSS 3.34 and boringssl have support for "EXPORTER_SECRET" (https://bugzilla.mozilla.org/show_bug.cgi?id=1287711 ) which is needed for QUIC 1-RTT decryption support in Wireshark. Reviewed-by:
-
- Apr 17, 2018
-
-
Davide Galassi authored
Old code replaced in favor of a clearer implementation. Performances are not penalized. Updated the copyright end date to 2018. Reviewed-by:
David Benjamin <davidben@google.com> Reviewed-by:
-
Matt Caswell authored
Found by Coverity. Reviewed-by:
-
Matt Caswell authored
Fixes #5934 Reviewed-by:
-
Matt Caswell authored
The SSL_set_bio() tests only did standalone testing without being in the context of an actual connection. We extend this to do additional tests following a successful or failed connection attempt. This would have caught the issue fixed in the previous commit. Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5966)
-
Matt Caswell authored
If SSL_set_bio() is called with a NULL wbio after a failed connection then this can trigger an assertion failure. This should be valid behaviour and the assertion is in fact invalid and can simply be removed. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Make sure the info callback gets called in all the places we expect it to. Reviewed-by:
-
Matt Caswell authored
The first session ticket sent by the server is actually tacked onto the end of the first handshake from a state machine perspective. However in reality this is a post-handshake message, and should be preceeded by a handshake start event from an info callback perspective. Reviewed-by:
-
Matt Caswell authored
Fixes #5721 Reviewed-by:
-
Matt Caswell authored
We cannot provide a certificate status on a resumption so we should ignore this extension in that case. Fixes #1662 Reviewed-by:
-
Dr. Matthias St. Pierre authored
Reviewed-by:
-
Dr. Matthias St. Pierre authored
Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/5977)
-
Dr. Matthias St. Pierre authored
- drbg_lib.c: Silence coverity warning: the comment preceding the RAND_DRBG_instantiate() call explicitely states that the error is ignored and explains the reason why. - drbgtest: Add checks for the return values of RAND_bytes() and RAND_priv_bytes() to run_multi_thread_test(). Reviewed-by:
-
Andy Polyakov authored
For formal backward compatibility print original "ACCEPT" message for fixed port and "ACCEPT host:port" for dynamically allocated. Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by:
-
Bernd Edlinger authored
./config no-autoload-config Reviewed-by:
-
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
- Apr 16, 2018
-
-
Dr. Matthias St. Pierre authored
Fixes #5961 This reverts commit 3c5a61dd . The macros OPENSSL_MAKE_VERSION() and OPENSSL_VERSION_AT_LEAST() contain errors and don't work as designed. Apart from that, their introduction should be held back until a decision has been mad about the future versioning scheme. Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Matt Caswell authored
RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set. Based on an original patch by Billy Brumley CVE-2018-0737 Reviewed-by:
-
- Apr 15, 2018
-
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
- Apr 14, 2018
-
-
Andy Polyakov authored
Original condition was susceptible to race condition... Reviewed-by:
-
Andy Polyakov authored
Bind even test/ssltest_old.c to loopback interface. This allows to avoid unnecessary alerts from Windows and Mac OS X firewalls. Reviewed-by:
-
Matthias Kraft authored
The ongoing discussion about casting or not in PR #5626 had me compiling again with above mentioned flags. Indeed the compiler had to say something about it and I did these changes to silence it again. Reviewed-by:
-
- Apr 13, 2018
-
-
Richard Levitte authored
Reviewed-by:
-
