#
7e56c626 |
| 08-Sep-2019 |
Pauli |
Coverity 1453627: Null pointer dereferences (REVERSE_INULL) Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9805)
|
#
ce3b1bb4 |
| 20-Aug-2019 |
Pauli |
Fix TLS/SSL PRF usages. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9662)
|
#
32495464 |
| 26-May-2019 |
David Makepeace |
Changed ssl layer to use EVP_KDF API for TLS1_PRF and HKDF. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis
Changed ssl layer to use EVP_KDF API for TLS1_PRF and HKDF. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9010)
show more ...
|
#
555cbb32 |
| 12-Dec-2018 |
Todd Short |
Collapse ssl3_state_st (s3) into ssl_st With the removal of SSLv2, the s3 structure is always allocated, so there is little point in having it be an allocated pointer. Collapse the s
Collapse ssl3_state_st (s3) into ssl_st With the removal of SSLv2, the s3 structure is always allocated, so there is little point in having it be an allocated pointer. Collapse the ssl3_state_st structure into ssl_st and fixup any references. This should be faster than going through an indirection and due to fewer allocations, but I'm not seeing any significant performance improvement; it seems to be within the margin of error in timing. Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7888)
show more ...
|
#
c35e921f |
| 21-Feb-2019 |
Boris Pismenny |
ssl: Linux TLS Rx Offload This patch adds support for the Linux TLS Rx socket option. It completes the previous patch for TLS Tx offload. If the socket option is successful, then the
ssl: Linux TLS Rx Offload This patch adds support for the Linux TLS Rx socket option. It completes the previous patch for TLS Tx offload. If the socket option is successful, then the receive data-path of the TCP socket is implemented by the kernel. We choose to set this option at the earliest - just after CCS is complete. Change-Id: I59741e04d89dddca7fb138e88fffcc1259b30132 Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7848)
show more ...
|
#
49b26f54 |
| 11-Dec-2018 |
Richard Levitte |
Adapt SSL_DEBUG to the new generic trace API Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from ht
Adapt SSL_DEBUG to the new generic trace API Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8198)
show more ...
|
#
d072eea2 |
| 02-Jan-2019 |
Dmitry Belyavskiy |
Remove unused variables from tls1_change_cipher_state Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/o
Remove unused variables from tls1_change_cipher_state Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7971)
show more ...
|
Revision tags: OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
#
50ec7505 |
| 01-Jun-2017 |
Boris Pismenny |
ssl: Linux TLS Tx Offload This patch adds support for the Linux TLS Tx socket option. If the socket option is successful, then the data-path of the TCP socket is implemented by the k
ssl: Linux TLS Tx Offload This patch adds support for the Linux TLS Tx socket option. If the socket option is successful, then the data-path of the TCP socket is implemented by the kernel. We choose to set this option at the earliest - just after CCS is complete. Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5253)
show more ...
|
#
2c18d164 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in ssl/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7768)
|
#
157af9be |
| 08-Nov-2018 |
Matt Caswell |
Add a missing SSLfatal call A missing SSLfatal call can result in an assertion failed error if the condition gets triggered. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merge
Add a missing SSLfatal call A missing SSLfatal call can result in an assertion failed error if the condition gets triggered. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7594)
show more ...
|
#
7426cd34 |
| 07-Aug-2018 |
Matt Caswell |
Ensure that we write out alerts correctly after early_data If we sent early_data and then received back an HRR, the enc_write_ctx was stale resulting in errors if an alert needed to be s
Ensure that we write out alerts correctly after early_data If we sent early_data and then received back an HRR, the enc_write_ctx was stale resulting in errors if an alert needed to be sent. Thanks to Quarkslab for reporting this. In any case it makes little sense to encrypt alerts using the client_early_traffic_secret, so we add special handling for alerts sent after early_data. All such alerts are sent in plaintext. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6887)
show more ...
|
#
7b4d3ffa |
| 30-Mar-2018 |
Matt Caswell |
GOST MAC algorithms don't support EVP_PKEY_new_raw_private_key() We should use the old EVP_PKEY_new_mac_key() instead. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewe
GOST MAC algorithms don't support EVP_PKEY_new_raw_private_key() We should use the old EVP_PKEY_new_mac_key() instead. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5808)
show more ...
|
#
b0edda11 |
| 20-Mar-2018 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5689)
|
#
16cfc2c9 |
| 08-Mar-2018 |
Kurt Roeckx |
Don't use a ssl specific DRBG anymore Since the public and private DRBG are per thread we don't need one per ssl object anymore. It could also try to get entropy from a DRBG that's r
Don't use a ssl specific DRBG anymore Since the public and private DRBG are per thread we don't need one per ssl object anymore. It could also try to get entropy from a DRBG that's really from an other thread because the SSL object moved to an other thread. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5547)
show more ...
|
#
d4ef4fbf |
| 16-Mar-2018 |
Bernd Edlinger |
Fix a crash in SSLfatal due to invalid enc_write_ctx Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5645)
|
#
f929439f |
| 15-Mar-2018 |
Matt Caswell |
Rename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key() Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per feedback. Reviewed-by: Richard Levitte <lev
Rename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key() Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per feedback. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
show more ...
|
#
e32b52a2 |
| 05-Mar-2018 |
Matt Caswell |
Add support for setting raw private HMAC keys Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
|
#
d91f4568 |
| 05-Nov-2017 |
Kurt Roeckx |
Tell the ciphers which DRBG to use for generating random bytes. Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #4672
|
#
d4d2f3a4 |
| 23-Nov-2017 |
Matt Caswell |
Convert more functions in ssl/statem/statem.c to use SSLfatal() Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
|
#
f63a17d6 |
| 21-Nov-2017 |
Matt Caswell |
Convert the state machine code to use SSLfatal() Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
|
#
f479eab2 |
| 26-Aug-2017 |
FdaSilvaYY |
style : fix some if(... Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4457)
|
#
26a7d938 |
| 17-Oct-2017 |
KaoruToda |
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4541)
show more ...
|
#
208fb891 |
| 09-Oct-2017 |
KaoruToda |
Since return is inconsistent, I removed unnecessary parentheses and unified them. - return (0); -> return 0; - return (1); -> return 1; - return (-1); -> return -1; Reviewed-
Since return is inconsistent, I removed unnecessary parentheses and unified them. - return (0); -> return 0; - return (1); -> return 1; - return (-1); -> return -1; Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4500)
show more ...
|
#
f6373823 |
| 22-Jun-2017 |
Alexey Komnin |
Fix tls1_generate_master_secret Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3751)
|
#
c80149d9 |
| 20-Jun-2017 |
Rich Salz |
Merge Nokia copyright notice into standard This is done with the kind permission of Nokia. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/o
Merge Nokia copyright notice into standard This is done with the kind permission of Nokia. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3722)
show more ...
|