- Jan 03, 2018
-
-
Benjamin Kaduk authored
Although this is forbidden by all three(!) relevant specifications, there seem to be multiple server implementations in the wild that send it. Since we didn't check for unexpected extensions in any given message type until TLS 1.3 support was added, our previous behavior was to silently accept these extensions and pass them over to the custom extension callback (if any). In order to avoid regression of functionality, relax the check for "extension in unexpected context" for this specific case, but leave the protocol enforcment mechanism unchanged for other extensions and in other extension contexts. Leave a detailed comment to indicate what is going on. Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4463)
-
- Jan 02, 2018
-
-
Matt Caswell authored
A TLSv1.3 Certificate Request message was issuing a "Message length parse error" using the -trace option to s_server/s_client. Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5008)
-
Daniel Bevenius authored
Similar to commit 17b60280 ( "Remove extra `the` in SSL_SESSION_set1_id.pod"), this commit removes typos where additional 'the' have been added. Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
-
- Dec 28, 2017
-
-
Richard Levitte authored
Following the changes that removed Makefile.shared, we also changed the generation of .def / .map / .opt files from ordinals more explicit, removing the need to the "magic" ORDINALS declaration. Reviewed-by:
-
Andy Polyakov authored
"Double" is in quotes because improvement coefficient varies significantly depending on platform and compiler. You're likely to measure ~2x improvement on popular desktop and server processors, but not so much on mobile ones, even minor regression on ARM Cortex series. Latter is because they have rather "weak" umulh instruction. On low-end x86_64 problem is that contemporary gcc and clang tend to opt for double-precision shift for >>51, which can be devastatingly slow on some processors. Just in case for reference, trick is to use 2^51 radix [currently only for DH]. Reviewed-by: -
Matt Caswell authored
Now that we attempt to send early data in the first TCP packet along with the ClientHello, the documentation for SSL_write_early_data() needed a tweak. Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4802)
-
Matt Caswell authored
We don't keep track of the number of bytes written between in the SSL_write_ex() call and the subsequent flush. If the flush needs to be retried then we will have forgotten how many bytes actually got written. The simplest solution is to just disable it for this scenario. Reviewed-by:
-
Matt Caswell authored
We'd like the first bit of early_data and the ClientHello to go in the same TCP packet if at all possible to enable things like TCP Fast Open. Also, if you're only going to send one block of early data then you also don't need to worry about TCP_NODELAY. Fixes #4783 Reviewed-by:
-
Richard Levitte authored
The idea is to be able to add extension value lines directly on the command line instead of through the config file, for example: openssl req -new -extension 'subjectAltName = DNS:dom.ain, DNS:oth.er' \ -extension 'certificatePolicies = 1.2.3.4' Fixes #3311 Thank you Jacob Hoffman-Andrews for the inspiration Reviewed-by:
-
- Dec 27, 2017
-
-
Bernd Edlinger authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4974)
-
Richard Levitte authored
The simplifications that were made when Makefile.shared was removed didn't work quite right. Also, this is what we do on Unix and Windows anyway, so this makes us more consistent across all platforms. Reviewed-by:
-
- Dec 26, 2017
-
-
Paul Yang authored
Variables n, d, p are no longer there. [skip ci] Reviewed-by:
-
Daniel Bevenius authored
This commit is a suggestion to hopefully improve x509.pod. I had to re-read it the first time through and with these changes it reads a little easier, and wondering if others agree. Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
-
- Dec 25, 2017
-
-
Kurt Roeckx authored
This comment was correct for the original commit introducing this function (5a3d21c0), but was fixed in commit d2fa1829 (and 67b8bcee ) Reviewed-by:
-
- Dec 23, 2017
-
-
Andy Polyakov authored
Hardware used for benchmarking courtesy of Atos, experiments run by Romain Dolbeau <romain.dolbeau@atos.net>. Kudos! Reviewed-by:
-
- Dec 22, 2017
-
-
Andy Polyakov authored
Reviewed-by:
-
Daniel Bevenius authored
Reviewed-by:
-
- Dec 18, 2017
-
-
Bernd Edlinger authored
Reviewed-by:
-
Richard Levitte authored
This is because VMS perl will otherwise lowercase them Reviewed-by:
-
Richard Levitte authored
It is a hack, but it existed in the recently removed Makefile.shared, and its use is documented in fuzz/README.md, so we cannot drop it now. Fixes https://github.com/google/oss-fuzz/issues/1037 Reviewed-by:
-
- Dec 17, 2017
-
-
Pauli authored
Reviewed-by:
-
Dr. Matthias St. Pierre authored
Previously, the RAND_DRBG_uninstantiate() call was not exactly inverse to RAND_DRBG_instantiate(), because some important member values of the drbg->ctr member where cleared. Now these values are restored internally. Signed-off-by:
Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by:
-
Dr. Matthias St. Pierre authored
Signed-off-by:
-
Dr. Matthias St. Pierre authored
Every DRBG now supports automatic reseeding not only after a given number of generate requests, but also after a specified time interval. Signed-off-by:
-
Dr. Matthias St. Pierre authored
A third shared DRBG is added, the so called master DRBG. Its sole purpose is to reseed the two other shared DRBGs, the public and the private DRBG. The randomness for the master DRBG is either pulled from the os entropy sources, or added by the application using the RAND_add() call. The master DRBG reseeds itself automatically after a given number of generate requests, but can also be reseeded using RAND_seed() or RAND_add(). A reseeding of the master DRBG is automatically propagated to the public and private DRBG. This construction fixes the problem, that up to now the randomness provided by RAND_add() was added only to the public and not to the private DRBG. Signed-off-by:
-
Paul Yang authored
Reviewed-by:
-
Daniel Bevenius authored
This commit adds comments to bio_method_st definitions where the function pointers are defined as NULL. Most of the structs have comments but some where missing and not all consitent. CLA: trivial Reviewed-by:
-
- Dec 15, 2017
-
-
Bernd Edlinger authored
Rename bio_info_cb to BIO_info_cb. Reviewed-by:
-
Bernd Edlinger authored
Ignore libssl.map/libcrypto.map instead of ssl.map/crypto.map Reviewed-by:
-
- Dec 14, 2017
-
-
Todd Short authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
This fixes a bug where some CCS records were written with the wrong TLS record version. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Flush following the CCS after an HRR. Only flush the HRR if middlebox compat is turned off. Reviewed-by:
-
Matt Caswell authored
Normally we flush immediately after writing the ClientHello. However if we are going to write a CCS immediately because we've got early_data to come, then we should move the flush until after the CCS. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
