• R/O
  • HTTP
  • SSH
  • HTTPS

List of commits

Tags
No Tags

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

TLS/SSL and crypto library


RSS
Rev. Time Author
669c623 tls1.3-draft-18 2017-07-14 19:19:17 Roelof duToit

Update PR#3925

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3925)

a889e97 2017-07-14 19:19:17 Roelof duToit

Retry SSL_read on ERROR_WANT_READ.
This resolves the retry issue in general, but also the specific case where a TLS 1.3 server sends a post-handshake NewSessionTicket message prior to appdata.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3925)

f315b66 2017-05-04 19:49:20 Matt Caswell

Add tests for version/ciphersuite sanity checks

The previous commits added sanity checks for where the max enabled protocol
version does not have any configured ciphersuites. We should check that we
fail in those circumstances.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3334)

ae47653 2017-05-04 19:49:19 Matt Caswell

Add a ciphersuite config sanity check for servers

Ensure that there are ciphersuites enabled for the maximum supported
version we will accept in a ClientHello.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3334)

5d62fd7 2017-05-04 19:49:19 Matt Caswell

Add a ciphersuite config sanity check for clients

Ensure that there are ciphersuites enabled for the maximum supported
version we are claiming in the ClientHello.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3334)

05a2feb 2017-03-21 19:09:14 Matt Caswell

Add a test for resumption after HRR

Make sure we actually test resumption where an HRR has occurred.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2996)
(cherry picked from commit 1763ab10291eec361d8e56519582d710158e1e8e)

2c7e645 2017-03-21 19:09:14 Matt Caswell

Fix resumption after HRR

Commit 6b1bb98fa moved the processing of ClientHello extensions into the
state machine post-processing stage. After processing s->init_num is reset
to 0, so by post-processing we cannot rely on its value. Unfortunately we
were using it to handle the PSK extension. This causes the handshake to
fail.

We were using init_num to figure out the length of ClientHello2 so we can
remove it from the handshake_buffer. The handshake_buffer holds the
transcript of all the messages sent so far. For PSK processing though we
only want to add in a partial ClientHello2. This commit changes things so
we just work out where ClientHello2 starts, working forward from the
beginning of handshake_buffer.

Fixes #2983

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2996)
(cherry picked from commit 77815a026cbedbb7b9a89558612f69e6294fe1ea)

7baabf4 2017-03-16 22:50:21 Paul Yang

Fix typo in ASYNC_WAIT_CTX_new.pod doc

For the function that get the changed fds, it should be
'ASYNC_WAIT_CTX_get_changed_fds()' instead of 'ASYNC_WAIT_CTX_fds_have_changed()'.

CLA: trivial

Signed-off-by: Paul Yang <paulyang.inf@gmail.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2966)

f2ff143 2017-03-16 19:43:39 FdaSilvaYY

Simplify code around next_proto.len by changing 'len' data type.

clean an useless static qualifier and a dead comment.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2278)

0ae407e 2017-03-16 19:39:34 Benjamin Kaduk

Remove documentation of deleted function

It's even removing a BUGS entry!

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2797)

b00d540 2017-03-16 19:39:34 Benjamin Kaduk

Remove unused typedefs from indent config

Some things were not removed from util/indent.pro when they were removed
from the code.

grep '^-T' util/indent.pro | awk '{print $2} > /tmp/a
grep -rF -f /tmp/a --exclude CHANGES --exclude 'INSTALL' --exclude 'LICENSE' --exclude 'NEWS' --exclude 'NOTES*' --exclude 'README*' --exclude indent.pro --exclude-dir corpora -o -h *|sort|uniq>/tmp/b
comm -23 <(sort /tmp/a) /tmp/b >/tmp/c
grep -v -E '(LHASH_OF|STACK_OF)' /tmp/c > /tmp/d
grep -v -Ff /tmp/d util/indent.pro > util/indent.pro

Manually adjusted to retain time_t and the ossl_*intmax_t types.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2797)

f775245 2017-03-16 19:39:34 Benjamin Kaduk

Remove some unused PEM structures

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2797)

5a81a05 2017-03-16 19:36:11 Pauli

Rename the test_stack recipe file name to be consistent with the rest of the
tests.

[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2964)

29d1fad 2017-03-16 06:32:28 Bernd Edlinger

Fixed a crash in print_notice.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2935)

dda12ce 2017-03-16 05:59:42 Benjamin Kaduk

Remove dead code

tls1_get_curvelist() does not read from its third parameter, so
the assignments prior to function call were dead code and can be removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2952)

d9aea04 2017-03-16 05:44:57 Benjamin Kaduk

Tighten up client status_request processing

Instead of making a positive comparison against the invalid value
that our server would send, make a negative check against the only
value that is not an error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2953)

26721d3 2017-03-16 05:20:11 Richard Levitte

Forgotten 'make update'

Reviewed-by: Rich Salz <rsalz@openssl.org>

a2880ae 2017-03-16 01:16:37 Richard Levitte

VMS: turning off CALL_DEBUG isn't possible on Alpha

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2962)

d1da335 2017-03-15 23:03:11 Richard Levitte

Add EC_KEY_get0_engine()

Just as for DH, DSA and RSA, this gives the engine associated with the
key.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2960)

89b06ca 2017-03-15 22:26:26 Pauli

Rewrite the documentation for sk_TYPE_find() and sk_TYPE_find_ex() to better
describe the vagaries in their behaviour.

[skip ci]

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2958)

9837496 2017-03-15 22:15:08 Pauli

Unit tests for crypto/stack.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2924)

db0e0ab 2017-03-15 20:23:57 Matt Caswell

Fix a hang in tests that use sessionfile

The logic for testing whether the sessionfile has been created or not
was faulty and could result in race conditions. If you "lose" the tests
hang waiting for a session file that's never going to arrive.

Fixes #2950

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2955)

3a80bd2 2017-03-15 20:17:52 Andy Polyakov

NOTES.WIN: mention Strawberry Perl as option.

Reviewed-by: Rich Salz <rsalz@openssl.org>

b3068d0 2017-03-15 20:16:48 Andy Polyakov

test/recipes/03-test_internal_*: call setup() first.

Strawberry Perl bailed out running test\run_tests.pl insisting on
setup() being called explicitly.

Reviewed-by: Richard Levitte <levitte@openssl.org>

a5bb1aa 2017-03-15 11:18:01 Benjamin Kaduk

Clear alpn_selected_len for clients, too

Zero out the length alongside the NULLing of the pointer, to
bring parity between the selected and proposed fields..

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2954)

1ae4c07 2017-03-15 11:09:57 Richard Levitte

VMS: don't use /DSF, turn off CALL_DEBUG instead

It turns out that /DSF didn't do any good for our purposes. Instead,
remove the CALL_DEBUG flag from any image we link. This ensures that
we can have debugging information in the image files, but don't
automatically end up in a debugging session upon image activation.

Unfortunately, this means the CALL_DEBUG must be turned on when there
is a need to run with the debugger activated, and to turn it off when
done. This has been documented in NOTES.VMS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2957)

5c9e344 2017-03-15 09:26:36 Jon Spillett

Add Python Cryptography.io external test suite

Add python cryptography testing instructions too

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2885)

946a515 2017-03-15 09:04:44 Dr. Stephen Henson

Add additional RSA-PSS and RSA-OAEP tests.

Import test data from:
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip

This is a set of RSA-PSS and RSA-OAEP test vectors including some edge cases
with unusual key sizes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2944)

f81f279 2017-03-15 08:15:21 Matt Caswell

Re-enable some BoringSSL tests

The previous 2 commits fixed some issues in the Boring tests. This
re-enables those tests.

[extended tests]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2942)

162e120 2017-03-15 08:15:21 Matt Caswell

SSL_get_peer_cert_chain() does not work after a resumption

After a resumption it is documented that SSL_get_peer_cert_chain() will
return NULL. In BoringSSL it still returns the chain. We don't support that
so we should update the shim to call SSL_get_peer_certificate() instead
when checking whether a peer certificate is available.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2942)