- Apr 20, 2018
-
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6020)
-
Matt Caswell authored
DTLS was not correctly returning the number of pending bytes left in a call to SSL_pending(). This makes the detection of truncated packets almost impossible. Fixes #5478 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6020)
-
Matt Caswell authored
Check that in a handshake done event SSL_in_init() is 0 (see #4574) Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6019)
-
Matt Caswell authored
In 1.1.0 and before calling SSL_in_init() from the info_callback at SSL_CB_HANDSHAKE_DONE would return 0. This commit fixes it so that it does again for 1.1.1. This broke Node. Fixes #4574 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6019)
-
- Apr 19, 2018
-
-
Kurt Roeckx authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6024)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6025)
-
Bernd Edlinger authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5814)
-
Alois Mahdal authored
Actual behavior of DEFAULT is different than currently described. Rather than actinf as cipher string, DEFAULT cannot be combined using logical operators, etc. Fixes #5420. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5428)
-
Richard Levitte authored
Configurations/90-team.conf isn't for public consumption, so we rename it to 90-team.norelease.conf and make sure 'make dist' and 'make tar' don't include it in the tarball. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5836)
-
A. Schulze authored
CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5801)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6001)
-
Matt Caswell authored
The X509_STORE_CTX_init() docs explicitly allow a NULL parameter for the X509_STORE. Therefore we shouldn't crash if we subsequently call X509_verify_cert() and no X509_STORE has been set. Fixes #2462 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6001)
-
Matt Caswell authored
If we run the ocsp command line app and the responder returns a non-successful status code then the app should exit with a failure code. Based on an original patch by Tatsuhiro Tsujikawa. Fixes #2387 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5998)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5997)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5996)
-
Viktor Dukhovni authored
Also, future-proof index_index() return codes by requiring success to return a positive value. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Apr 18, 2018
-
-
Beat Bolli authored
Similar to 0652e8a7 ("Clarify default section in config.pod", 2018-04-12), reword a sentence to make it easier to parse. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5794)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5994)
-
Andy Polyakov authored
s_server -rev emits info output on stderr, i.e. unbufferred, which risks intermixing with output from TLSProxy itself on non-line boundaries, which in turn is confusing to TAP parser. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5975)
-
Andy Polyakov authored
This fixes only those tests that were failing when network data was fragmented. Remaining ones might succeed for "wrong reasons". Bunch of tests have to fail to be considered successful and when data is fragmented they might fail for reasons other than originally intended. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5975)
-
Andy Polyakov authored
(resolve uninitialized variable warning and harmonize output). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5975)
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5975)
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5975)
-
Rahul Chaudhry authored
Branch to global symbol results in reference to PLT, and when compiling for THUMB-2 - in a R_ARM_THM_JUMP19 relocation. Some linkers don't support this relocation (ld.gold), while others can end up truncating the relocation to fit (ld.bfd). Convert this branch through PLT into a direct branch that the assembler can resolve locally. See https://github.com/android-ndk/ndk/issues/337 for background. The current workaround is to disable poly1305 optimization assembly, which is not optimal and can be reverted after this patch: https://github.com/freedesktop/gstreamer-cerbero/commit/beab607d2b1ff23c41b7e01aa9c64be5e247d1e6 CLA: trivial Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5949)
-
FdaSilvaYY authored
fix some indents, and restrict to 80 cols some lines. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4466)
-
Matt Caswell authored
Explicitly state which digests can be used with which algorithms. Fixes #5854 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5992)
-
Peter Wu authored
Client can only send early data if the PSK allows for it, the max_early_data_size field can only be configured for the server side. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5702)
-
Peter Wu authored
This will be necessary to enable Wireshark to decrypt QUIC 0-RTT data. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5702)
-
Peter Wu authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5702)
-
Peter Wu authored
NSS 3.34 and boringssl have support for "EXPORTER_SECRET" (https://bugzilla.mozilla.org/show_bug.cgi?id=1287711 ) which is needed for QUIC 1-RTT decryption support in Wireshark. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5702)
-
- Apr 17, 2018
-
-
Davide Galassi authored
Old code replaced in favor of a clearer implementation. Performances are not penalized. Updated the copyright end date to 2018. Reviewed-by: David Benjamin <davidben@google.com> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5963)
-
Matt Caswell authored
Found by Coverity. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5970)
-
Matt Caswell authored
Fixes #5934 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5983)
-
Matt Caswell authored
The SSL_set_bio() tests only did standalone testing without being in the context of an actual connection. We extend this to do additional tests following a successful or failed connection attempt. This would have caught the issue fixed in the previous commit. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5966)
-
Matt Caswell authored
If SSL_set_bio() is called with a NULL wbio after a failed connection then this can trigger an assertion failure. This should be valid behaviour and the assertion is in fact invalid and can simply be removed. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5966)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5987)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5874)
-
Matt Caswell authored
Make sure the info callback gets called in all the places we expect it to. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5874)
-
Matt Caswell authored
The first session ticket sent by the server is actually tacked onto the end of the first handshake from a state machine perspective. However in reality this is a post-handshake message, and should be preceeded by a handshake start event from an info callback perspective. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5874)
-
Matt Caswell authored
Fixes #5721 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5874)
-