- Jun 05, 2017
-
-
Rich Salz authored
Document that -psk is required to use PSK cipher [skip ci] Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3607)
-
Daniel Kahn Gillmor authored
s_server has traditionally been very brittle in PSK mode. If the client offered any PSK identity other than "Client_identity" s_server would simply abort. This is breakage for breakage's sake, and unlike most other parts of s_server, which tend to allow more flexible connections. This change accomplishes two things: * when the client's psk_identity does *not* match the identity expected by the server, just warn, don't fail. * allow the server to expect instead a different psk_identity from the client besides "Client_identity" Signed-off-by:
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3605)
-
Rich Salz authored
Standardize file:line messages Reduce buff size; move to end of STANZA Add some Title entries (with blank line after) Add Title to some BN test files. Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3608)
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Drop some redundant instructions in reduction in ecp_nistz256_sqr_montx. Reviewed-by:
-
- Jun 02, 2017
-
-
Todd Short authored
Code was added in commit b3c31a65 that overwrote the last ex_data value using CRYPTO_dup_ex_data() causing a memory leak, and potentially confusing the ex_data dup() callback. In ssl_session_dup(), fix error handling (properly reference and up-ref shared data) and new-up the ex_data before calling CRYPTO_dup_ex_data(); all other structures that dup ex_data have the destination ex_data new'd before the dup. Fix up some of the ex_data documentation. Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
-
Rich Salz authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3606)
-
Matt Caswell authored
One particular build was running out of memory. By swapping to debug mode we reduce the optimisation level which should reduce the amount of memory required. [extended tests] Reviewed-by:
-
Matt Caswell authored
Fix undefined behaviour in curve25519.c. Prior to this running with ubsan produces errors like this: crypto/ec/curve25519.c:3871:18: runtime error: left shift of negative value -22867 [extended tests] Reviewed-by:
-
- Jun 01, 2017
-
-
Keigo Tanaka authored
Reviewed-by:
-
Aashil Patel authored
Reviewed-by:
-
Rich Salz authored
Report if any non-public items are documented. Add util/private.num that lists items that aren't in the public (lib*.num) files that we do want to document. Reviewed-by:
-
- May 31, 2017
-
-
Rich Salz authored
Thanks to Jan Alexander Steffens for finding the bug and confirming the fix. Reviewed-by:
-
Erwann Abalea authored
CLA: trivial Reviewed-by:
-
Richard Levitte authored
This can be used by engines that need to retain the data for a longer time than just the call where this user data is passed. Reviewed-by:
-
Paul Yang authored
Reformat some indents and braces based on OpenSSL coding style spec. Signed-off-by:
Paul Yang <paulyang.inf@gmail.com> Reviewed-by:
-
HorimotoYasuhiro authored
Fix coding style Reviewed-by:
-
Matt Caswell authored
In a recent PR (#3566) it seems that TLSProxy gave up trying to connect to the server process too quickly. This meant the test failed even though the server *did* eventually start. Currently we try 3 times to connect with a 0.1 second pause between each attempt. That is probably too aggressive. Reviewed-by:
-
- May 30, 2017
-
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Add Ed25519 certificate verify test using certificate from draft-ietf-curdle-pkix-04 and custom generated root certificate. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Since ED25519 doesn't have an associated digest it needs custom sign/verify routines to handle ASN.1 signatures. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Make X25519 key method more flexible by removing hard coding of NID_X25519 OID. Since the parameters and key syntax between ED25519 and X25519 are almost identical they can share a lot of common code. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Rename and change ED25519_keypair_from_seed to ED25519_public_from_private to be consistent with X25519 API. Modidy ED25519_sign to take separate public key argument instead of requiring it to follow the private key. Reviewed-by:
-
Dr. Stephen Henson authored
Reinstate Ed25519 algorithm to curv25519.c this is largely just a copy of the code from BoringSSL with some adjustments so it compiles under OpenSSL. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
