- Sep 08, 2017
-
-
Richard Levitte authored
This allows completely arbitrary passphrases to be entered, including NUL bytes. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3821)
-
xemdetia authored
It is talked around but not explicitly stated in one part of the documentation that you should put library configuration lines at the start of the configuration file. CLA: trivial Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3959)
-
Matt Caswell authored
If an alert gets sent and then we close the connection immediately with data still in the input buffer then a TCP-RST gets sent. Some OSs immediately abandon data in their input buffer if a TCP-RST is received - meaning the alert data itself gets ditched. Sending a TCP-FIN before the TCP-RST seems to avoid this. This was causing test failures in MSYS2 builds. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4333)
-
- Sep 07, 2017
-
-
Rich Salz authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4326)
-
Benjamin Kaduk authored
The extensions not sent when TLS 1.2 is not used caused the message length to be 109, which is less than the 127 threshold needed to activate the F5 workaround. Add another 20 bytes of dummy ALPN data do push it over the threshold. Also, fix the definition of the (unused) local macro indicating the threshold. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4346)
-
Benjamin Kaduk authored
In OpenSSL 1.1.0, when there were no extensions added to the ServerHello, we did not write the extension data length bytes to the end of the ServerHello; this is needed for compatibility with old client implementations that do not support TLS extensions (such as the default configuration of OpenSSL 0.9.8). When ServerHello extension construction was converted to the new extensions framework in commit 7da160b0 , this behavior was inadvertently limited to cases when SSLv3 was negotiated (and similarly for ClientHellos), presumably since extensions are not defined at all for SSLv3. However, extensions for TLS prior to TLS 1.3 have been defined in separate RFCs (6066, 4366, and 3546) from the TLS protocol specifications, and as such should be considered an optional protocol feature in those cases. Accordingly, be conservative in what we send, and skip the extensions block when there are no extensions to be sent, regardless of the TLS/SSL version. (TLS 1.3 requires extensions and can safely be treated differently.) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4296)
-
- Sep 06, 2017
-
-
Rich Salz authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4341)
-
Alfred E. Heggestad authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4011)
-
- Sep 05, 2017
-
-
Richard Levitte authored
This quiets down complaints about the use of uninitialised memory [extended tests] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4340)
-
- Sep 04, 2017
-
-
Matt Caswell authored
clienthellotest tries to fill out the size of the ClientHello by adding extra ciphersuites in order to test the padding extension. This is unreliable because they are very dependent on configuration options. If we add too much data the test will fail! We were already also adding some dummy ALPN protocols to pad out the size, and it turns out that this is sufficient just in itself, so drop the extra ciphersuites. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4331)
-
Matt Caswell authored
The padding extension should always be at least 1 byte long Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4331)
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4332)
-
- Sep 03, 2017
-
-
Pauli authored
[extended tests] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4327)
-
Richard Levitte authored
Some URIs get "mistreated" (converted) by the MSYS run-time. Unfortunately, avoiding this conversion doesn't help either. http://www.mingw.org/wiki/Posix_path_conversion Fixes #4314 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4322)
-
- Sep 02, 2017
-
-
Rich Salz authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4325)
-
Andy Polyakov authored
Addresses GH#2167. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4311)
-
Andy Polyakov authored
Ironically enough not all installations get Module::Load::Conditional installed by default... [It's a bit half-hearted, because such installations are likely to lack more stuffi that is needed, but nevertheless, it proved to be helpful.] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4323)
-
Rich Salz authored
Deprecated functions are still documented. Put HISTORY after SEE ALSO; add HISTORY to BN_zero Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3746)
-
- Sep 01, 2017
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4319)
-
Benjamin Kaduk authored
If the server_name extension is long enough to require two bytes to hold the length of either field, the test suite would not decode the length properly. Using the PACKET_ APIs would have avoided this, but it was desired to avoid using private APIs in this part of the test suite, to keep ourselves honest. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4318)
-
Benjamin Kaduk authored
The include search path was not picking up files in the root of the tree. [extended tests] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4316)
-
Benjamin Kaduk authored
This function is really emulating what would happen in client mode, and does not necessarily reflect what is usable for a server SSL. Make this a bit more explicit, and do some wordsmithing while here. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4284)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4305)
-
Andy Polyakov authored
OPENSSL_ia32cap.pod discusses possibility to disable operations on XMM register bank. This formally means that this flag has to be checked in combination with other flags. But it customarily isn't. But instead of chasing all the cases we can flip more bits together with FXSR one. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4303)
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4297)
-
Andy Polyakov authored
This is actually not all warnings, only return values. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4297)
-
- Aug 31, 2017
-
-
Pauli authored
Move struct timeval includes into e_os.h (where the Windows ones were). Enaure that the include is guarded canonically. Refer #4271 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4312)
-
Rich Salz authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4294)
-
Rich Salz authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4294)
-
Pauli authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4313)
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4307)
-
Richard Levitte authored
The program will fail to run if it doesn't exist anyway, no need to check its existence here. Fixes #4306 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4309)
-
Richard Levitte authored
When parsing the header files, mkdef.pl didn't clear the line terminator properly. In most cases, this didn't matter, but there were moments when this caused parsing errors (such as CRLFs in certain cases). Fixes #4267 Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4304)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-