- Apr 18, 2018
-
-
Andy Polyakov authored
s_server -rev emits info output on stderr, i.e. unbufferred, which risks intermixing with output from TLSProxy itself on non-line boundaries, which in turn is confusing to TAP parser. Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5975)
-
Andy Polyakov authored
This fixes only those tests that were failing when network data was fragmented. Remaining ones might succeed for "wrong reasons". Bunch of tests have to fail to be considered successful and when data is fragmented they might fail for reasons other than originally intended. Reviewed-by:
-
Andy Polyakov authored
(resolve uninitialized variable warning and harmonize output). Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Rahul Chaudhry authored
Branch to global symbol results in reference to PLT, and when compiling for THUMB-2 - in a R_ARM_THM_JUMP19 relocation. Some linkers don't support this relocation (ld.gold), while others can end up truncating the relocation to fit (ld.bfd). Convert this branch through PLT into a direct branch that the assembler can resolve locally. See https://github.com/android-ndk/ndk/issues/337 for background. The current workaround is to disable poly1305 optimization assembly, which is not optimal and can be reverted after this patch: https://github.com/freedesktop/gstreamer-cerbero/commit/beab607d2b1ff23c41b7e01aa9c64be5e247d1e6 CLA: trivial Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5949)
-
FdaSilvaYY authored
fix some indents, and restrict to 80 cols some lines. Reviewed-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4466)
-
Matt Caswell authored
Explicitly state which digests can be used with which algorithms. Fixes #5854 Reviewed-by:
-
Peter Wu authored
Client can only send early data if the PSK allows for it, the max_early_data_size field can only be configured for the server side. Reviewed-by:
-
Peter Wu authored
This will be necessary to enable Wireshark to decrypt QUIC 0-RTT data. Reviewed-by:
-
Peter Wu authored
Reviewed-by:
-
Peter Wu authored
NSS 3.34 and boringssl have support for "EXPORTER_SECRET" (https://bugzilla.mozilla.org/show_bug.cgi?id=1287711 ) which is needed for QUIC 1-RTT decryption support in Wireshark. Reviewed-by:
-
- Apr 17, 2018
-
-
Davide Galassi authored
Old code replaced in favor of a clearer implementation. Performances are not penalized. Updated the copyright end date to 2018. Reviewed-by:
David Benjamin <davidben@google.com> Reviewed-by:
-
Matt Caswell authored
Found by Coverity. Reviewed-by:
-
Matt Caswell authored
Fixes #5934 Reviewed-by:
-
Matt Caswell authored
The SSL_set_bio() tests only did standalone testing without being in the context of an actual connection. We extend this to do additional tests following a successful or failed connection attempt. This would have caught the issue fixed in the previous commit. Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5966)
-
Matt Caswell authored
If SSL_set_bio() is called with a NULL wbio after a failed connection then this can trigger an assertion failure. This should be valid behaviour and the assertion is in fact invalid and can simply be removed. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Make sure the info callback gets called in all the places we expect it to. Reviewed-by:
-
Matt Caswell authored
The first session ticket sent by the server is actually tacked onto the end of the first handshake from a state machine perspective. However in reality this is a post-handshake message, and should be preceeded by a handshake start event from an info callback perspective. Reviewed-by:
-
Matt Caswell authored
Fixes #5721 Reviewed-by:
-
Matt Caswell authored
We cannot provide a certificate status on a resumption so we should ignore this extension in that case. Fixes #1662 Reviewed-by:
-
Dr. Matthias St. Pierre authored
Reviewed-by:
-
Dr. Matthias St. Pierre authored
Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/5977)
-
Dr. Matthias St. Pierre authored
- drbg_lib.c: Silence coverity warning: the comment preceding the RAND_DRBG_instantiate() call explicitely states that the error is ignored and explains the reason why. - drbgtest: Add checks for the return values of RAND_bytes() and RAND_priv_bytes() to run_multi_thread_test(). Reviewed-by:
-
Andy Polyakov authored
For formal backward compatibility print original "ACCEPT" message for fixed port and "ACCEPT host:port" for dynamically allocated. Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by:
-
Bernd Edlinger authored
./config no-autoload-config Reviewed-by:
-
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
- Apr 16, 2018
-
-
Dr. Matthias St. Pierre authored
Fixes #5961 This reverts commit 3c5a61dd . The macros OPENSSL_MAKE_VERSION() and OPENSSL_VERSION_AT_LEAST() contain errors and don't work as designed. Apart from that, their introduction should be held back until a decision has been mad about the future versioning scheme. Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Matt Caswell authored
RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set. Based on an original patch by Billy Brumley CVE-2018-0737 Reviewed-by:
-
- Apr 15, 2018
-
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
- Apr 14, 2018
-
-
Andy Polyakov authored
Original condition was susceptible to race condition... Reviewed-by:
-
Andy Polyakov authored
Bind even test/ssltest_old.c to loopback interface. This allows to avoid unnecessary alerts from Windows and Mac OS X firewalls. Reviewed-by:
-
