Skip to content
GitLab
  1. 25 Jul, 2017 1 commit
  3. 03 Jul, 2017 1 commit
  5. 29 Jun, 2017 1 commit
  7. 28 Jun, 2017 1 commit
  9. 27 Jun, 2017 1 commit
    • Richard Levitte's avatar
      util/mkerr.pl: allow module names prefixed with OSSL_ or OPENSSL_ · 4b2799c1
      Richard Levitte authored 
      

To make sure that our symbols don't clash with other libraries, we
claim the namespaces OSSL and OPENSSL.  Because C doesn't provide
namespaces, the only solution is to have them as prefixes on symbols,
thus we allow OSSL_ and OPENSSL_ as prefixes.

These namespace prefixes are optional for the foreseeable future, and
will only be used for new modules as needed on a case by case basis,
until further notice.

For extra safety, there's an added requirement that module names -
apart from the namespace prefix - be at least 2 characters long.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3781)
      4b2799c1
  11. 19 Jun, 2017 1 commit
  13. 16 Jun, 2017 1 commit
  15. 08 Jun, 2017 1 commit
  17. 02 Jun, 2017 1 commit
  19. 31 May, 2017 1 commit
  21. 25 May, 2017 1 commit
  23. 17 May, 2017 1 commit
    • Matt Caswell's avatar
      Don't allow fragmented alerts · bd990e25
      Matt Caswell authored 
      

An alert message is 2 bytes long. In theory it is permissible in SSLv3 -
TLSv1.2 to fragment such alerts across multiple records (some of which
could be empty). In practice it make no sense to send an empty alert
record, or to fragment one. TLSv1.3 prohibts this altogether and other
libraries (BoringSSL, NSS) do not support this at all. Supporting it adds
significant complexity to the record layer, and its removal is unlikely
to cause inter-operability issues.

The DTLS code for this never worked anyway and it is not supported at a
protocol level for DTLS. Similarly fragmented DTLS handshake records only
work at a protocol level where at least the handshake message header
exists within the record. DTLS code existed for trying to handle fragmented
handshake records smaller than this size. This code didn't work either so
has also been removed.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3476)
      bd990e25
  25. 27 Apr, 2017 1 commit
  27. 20 Apr, 2017 1 commit
  29. 10 Apr, 2017 1 commit
  31. 07 Apr, 2017 1 commit
  33. 30 Mar, 2017 1 commit
  35. 29 Mar, 2017 2 commits
  37. 28 Mar, 2017 1 commit
  39. 15 Mar, 2017 1 commit
  41. 14 Mar, 2017 1 commit
  43. 13 Mar, 2017 1 commit
  45. 02 Mar, 2017 1 commit
  47. 28 Feb, 2017 2 commits
  49. 24 Feb, 2017 1 commit
  51. 16 Feb, 2017 1 commit
  53. 01 Feb, 2017 1 commit
  55. 26 Jan, 2017 1 commit
  57. 28 Nov, 2016 1 commit
    • Emilia Kasper's avatar
      Test mac-then-encrypt · b3618f44
      Emilia Kasper authored 
      

Verify that the encrypt-then-mac negotiation is handled
correctly. Additionally, when compiled with no-asm, this test ensures
coverage for the constant-time MAC copying code in
ssl3_cbc_copy_mac. The proxy-based CBC padding test covers that as
well but it's nevertheless better to have an explicit handshake test
for mac-then-encrypt.

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      b3618f44
  59. 13 Nov, 2016 1 commit
  61. 10 Nov, 2016 1 commit
  63. 02 Nov, 2016 1 commit
  65. 01 Nov, 2016 1 commit
  67. 31 Oct, 2016 1 commit
  69. 25 Oct, 2016 1 commit
  71. 13 Oct, 2016 1 commit
  73. 26 Sep, 2016 1 commit
  75. 22 Sep, 2016 1 commit