Revision tags: OpenSSL_1_0_2k, OpenSSL_1_1_0d |
|
#
1a3392c8 |
| 23-Jan-2017 |
Matt Caswell |
Fix <= TLS1.2 break Changing the value of SSL_MAX_MASTER_KEY_LENGTH had some unexpected side effects in the <=TLS1.2 code which apparently relies on this being 48 for interoperabilit
Fix <= TLS1.2 break Changing the value of SSL_MAX_MASTER_KEY_LENGTH had some unexpected side effects in the <=TLS1.2 code which apparently relies on this being 48 for interoperability. Therefore create a new define for the TLSv1.3 resumption master secret which can be up to 64 bytes. Found through the boring test suite. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
#
534a43ff |
| 19-Jan-2017 |
Matt Caswell |
Always ensure that session->cipher is set If we have deserialized the SSL_SESSION then in some circumstances the session->cipher value is NULL. We were patching up in some places but not
Always ensure that session->cipher is set If we have deserialized the SSL_SESSION then in some circumstances the session->cipher value is NULL. We were patching up in some places but not in others. We should just do it as part of loading the SSL_SESSION. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
#
fc24f0bf |
| 17-Jan-2017 |
Matt Caswell |
Add support for the age_add field Update SSL_SESSION to store the age_add and use it where needed. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/ope
Add support for the age_add field Update SSL_SESSION to store the age_add and use it where needed. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
#
aff8c126 |
| 08-Dec-2016 |
Rich Salz |
Move extension data into sub-structs Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2052)
|
Revision tags: OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c |
|
#
348240c6 |
| 19-Oct-2016 |
Matt Caswell |
Fix misc size_t issues causing Windows warnings in 64 bit Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
ec60ccc1 |
| 04-Oct-2016 |
Matt Caswell |
Convert session_id_length and sid_ctx_len to size_t Reviewed-by: Rich Salz <rsalz@openssl.org>
|
Revision tags: OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0 |
|
#
a230b26e |
| 05-Aug-2016 |
Emilia Kasper |
Indent ssl/ Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: Rich Salz <
Indent ssl/ Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0-pre6, OpenSSL-fips-2_0_13 |
|
#
846e33c7 |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 01/10 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5, OpenSSL_1_1_0-pre4, OpenSSL_1_0_1s, OpenSSL_1_0_2g, OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12, OpenSSL_1_0_1r, OpenSSL_1_0_2f, OpenSSL_1_1_0-pre2 |
|
#
34980760 |
| 18-Dec-2015 |
Rich Salz |
Remove /* foo.c */ comments This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1
Remove /* foo.c */ comments This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
show more ...
|
#
7644a9ae |
| 16-Dec-2015 |
Rich Salz |
Rename some BUF_xxx to OPENSSL_xxx Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} Add #define's for the old nam
Rename some BUF_xxx to OPENSSL_xxx Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} Add #define's for the old names. Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros. Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0-pre1, OpenSSL_0_9_8zh, OpenSSL_1_0_0t, OpenSSL_1_0_1q, OpenSSL_1_0_2e |
|
#
df2ee0e2 |
| 05-Sep-2015 |
Ben Laurie |
Enable -Wmissing-variable-declarations and -Wincompatible-pointer-types-discards-qualifiers (the latter did not require any code changes). Reviewed-by: Rich Salz <rsalz@openssl.org>
|
Revision tags: OpenSSL_1_0_1p, OpenSSL_1_0_2d, OpenSSL-fips-2_0_11, OpenSSL_1_0_1o, OpenSSL_1_0_2c, OpenSSL_0_9_8zg, OpenSSL_1_0_0s, OpenSSL_1_0_1n, OpenSSL_1_0_2b |
|
#
e481f9b9 |
| 15-May-2015 |
Matt Caswell |
Remove support for OPENSSL_NO_TLSEXT Given the pervasive nature of TLS extensions it is inadvisable to run OpenSSL without support for them. It also means that maintaining the OPENSS
Remove support for OPENSSL_NO_TLSEXT Given the pervasive nature of TLS extensions it is inadvisable to run OpenSSL without support for them. It also means that maintaining the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably not well tested). Therefore it is being removed. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
55a9a16f |
| 12-May-2015 |
Matt Caswell |
Remove Kerberos support from libssl Remove RFC2712 Kerberos support from libssl. This code and the associated standard is no longer considered fit-for-purpose. Reviewed-by: Rich
Remove Kerberos support from libssl Remove RFC2712 Kerberos support from libssl. This code and the associated standard is no longer considered fit-for-purpose. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
Revision tags: OpenSSL-fips-2_0_10 |
|
#
aacb4f1a |
| 03-May-2015 |
mancha security |
ssl/ssl_asn1.c: Fix typo introduced via cc5b6a03a320f1 Signed-off-by: mancha security <mancha1@zoho.com> Signed-off-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dr. Stephen Henso
ssl/ssl_asn1.c: Fix typo introduced via cc5b6a03a320f1 Signed-off-by: mancha security <mancha1@zoho.com> Signed-off-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
show more ...
|
#
66696478 |
| 01-May-2015 |
Rich Salz |
Remove goto inside an if(0) block There were a dozen-plus instances of this construct: if (0) { label: ..... } Reviewed-by: Tim Hudson <tjh@openssl.org>
|
#
b548a1f1 |
| 01-May-2015 |
Rich Salz |
free null cleanup finale Don't check for NULL before calling OPENSSL_free Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
e2010b20 |
| 09-Apr-2015 |
Kurt Cancemi |
The wrong ifdef is used to guard usage of PSK code PR#3790 Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
cc5b6a03 |
| 29-Mar-2015 |
Dr. Stephen Henson |
Rewrite ssl_asn1.c using new ASN.1 code. Complete reimplementation of d2i_SSL_SESSION and i2d_SSL_SESSION using new ASN.1 code and eliminating use of old ASN.1 macros. Reviewed-
Rewrite ssl_asn1.c using new ASN.1 code. Complete reimplementation of d2i_SSL_SESSION and i2d_SSL_SESSION using new ASN.1 code and eliminating use of old ASN.1 macros. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
Revision tags: OpenSSL_0_9_8zf, OpenSSL_1_0_0r, OpenSSL_1_0_1m, OpenSSL_1_0_2a |
|
#
af674d4e |
| 27-Feb-2015 |
Matt Caswell |
Fix d2i_SSL_SESSION for DTLS1_BAD_VER Some Cisco appliances use a pre-standard version number for DTLS. We support this as DTLS1_BAD_VER within the code. This change fixes d2i_S
Fix d2i_SSL_SESSION for DTLS1_BAD_VER Some Cisco appliances use a pre-standard version number for DTLS. We support this as DTLS1_BAD_VER within the code. This change fixes d2i_SSL_SESSION for that DTLS version. Based on an original patch by David Woodhouse <dwmw2@infradead.org> RT#3704 Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
#
ea6bd264 |
| 08-Feb-2015 |
Matt Caswell |
Correct reading back of tlsext_tick_lifetime_hint from ASN1. When writing out the hint, if the hint > 0, then we write it out otherwise we skip it. Previously when reading the h
Correct reading back of tlsext_tick_lifetime_hint from ASN1. When writing out the hint, if the hint > 0, then we write it out otherwise we skip it. Previously when reading the hint back in, if were expecting to see one (because the ticket length > 0), but it wasn't present then we set the hint to -1, otherwise we set it to 0. This fails to set the hint to the same as when it was written out. The hint should never be negative because the RFC states the hint is unsigned. It is valid for a server to set the hint to 0 (this means the lifetime is unspecified according to the RFC). If the server set it to 0, it should still be 0 when we read it back in. Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
#
6f152a15 |
| 23-Jan-2015 |
Dr. Stephen Henson |
Add flags field to SSL_SESSION. Add a "flags" field to SSL_SESSION. This will contain various flags such as encrypt-then-mac and extended master secret support. Reviewed-by: Tim Huds
Add flags field to SSL_SESSION. Add a "flags" field to SSL_SESSION. This will contain various flags such as encrypt-then-mac and extended master secret support. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_0_2, master-post-auto-reformat |
|
#
0f113f3e |
| 22-Jan-2015 |
Matt Caswell |
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
|
Revision tags: OpenSSL_1_0_2-post-auto-reformat, OpenSSL_0_9_8-post-auto-reformat, OpenSSL_0_9_8-pre-auto-reformat, OpenSSL_1_0_0-post-auto-reformat, OpenSSL_1_0_0-pre-auto-reformat, OpenSSL_1_0_1-post-auto-reformat, OpenSSL_1_0_1-pre-auto-reformat, master-post-reformat, OpenSSL_0_9_8-pre-reformat, OpenSSL_0_9_8ze, OpenSSL_1_0_0-pre-reformat, OpenSSL_1_0_0q, OpenSSL_1_0_1-pre-reformat, OpenSSL_1_0_1l, master-pre-reformat, OpenSSL_1_0_2-pre-reformat, OpenSSL_0_9_8zd, OpenSSL_1_0_0p, OpenSSL_1_0_1k, OpenSSL_0_9_8-post-reformat |
|
#
45f55f6a |
| 30-Nov-2014 |
Kurt Roeckx |
Remove SSLv2 support The only support for SSLv2 left is receiving a SSLv2 compatible client hello. Reviewed-by: Richard Levitte <levitte@openssl.org>
|
Revision tags: OpenSSL-fips-2_0_9, OpenSSL_1_0_1j, OpenSSL_1_0_0o, OpenSSL_0_9_8zc, OpenSSL_1_0_2-beta3, OpenSSL_0_9_8zb, OpenSSL_1_0_0n, OpenSSL_1_0_1i, OpenSSL_1_0_2-beta2, OpenSSL-fips-2_0_8, OpenSSL_1_0_1h, OpenSSL_1_0_0m, OpenSSL_0_9_8za, OpenSSL-fips-2_0_7 |
|
#
630f9fc6 |
| 04-May-2014 |
Tim Hudson |
fix coverity issue 966597 - error line is not always initialised
|
Revision tags: OpenSSL_1_0_1g, OpenSSL_1_0_2-beta1, OpenSSL_1_0_0l, OpenSSL_1_0_1f, OpenSSL-fips-2_0_6, OpenSSL-fips-2_0_5, OpenSSL-fips-2_0_4, OpenSSL-fips-2_0_3, OpenSSL_1_0_1e, OpenSSL_0_9_8y, OpenSSL_1_0_0k, OpenSSL_1_0_1d, OpenSSL-fips-2_0-pl1, OpenSSL-fips-2_0_2, OpenSSL-fips-2_0_1 |
|
#
71fa4513 |
| 03-Jun-2012 |
Ben Laurie |
Version skew reduction: trivia (I hope).
|