cryptlib: add default CA path for Android #116
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 30 commits
March 10, 2020 11:13
ok bcook@ tb@
The enc function pointers do not serve any purpose these days - remove a layer of indirection and call dtls1_enc()/tls1_enc() directly. ok inoguchi@ tb@
In the unlikely event that the return value from the read callback is larger than the number of bytes we asked for, we can end up incrementing buf->len beyond capacity. Check the return value from the read callback to prevent this. ok inoguchi@ tb@
Both session tickets and key updates are post-handshake handshake messages, which were originally included in the handshake code. ok inoguchi@ tb@
ok inoguchi@ tb@
SSL3_BUFFER, SSL3_RECORD and DTLS1_RECORD_DATA are currently still in public headers, even though their usage is internal. This moves to using _INTERNAL suffixed versions that are in internal headers, which then allows us to change them without any potential public API fallout. ok inoguchi@ tb@
Currently the CBC related code stuffs the padding length in the upper bits of the type field... stop doing that and add a padding_length field to the record struct instead. ok inoguchi@ tb@
This reduces the chance of accidently leaking stack memory. ok inoguchi@ tb@
CBB uses recallocarray() to expand buffers, however was still using malloc() for the initial buffer, which could result in memory being leaked in incorrect use cases. While here also use calloc() to allocate internal structs. ok inoguchi@ tb@
Fix proposed by tb@
Like much of the original DTLS code, dtls1_enc() is effectively a renamed copy of tls1_enc(). Since then tls1_enc() has been modified, however the non-AEAD code remains largely the same. As such, remove dtls1_enc() and instead call tls1_enc() from the DTLS code. The tls1_enc() AEAD code does not currently work correctly with DTLS, however this is a non-issue since we do not support AEAD cipher suites with DTLS currently. ok tb@
crossing a byte boundary.
We currently throw an error on overflow, but still wrap. Check up front if we would need to wrap and only increment if that case is excluded. This simplifies the increment loop and makes the returns in this function less magic. ok jsing
to prefer that. No binary change except in d1_srtp.c where the generated assembly differs only in line numbers (due to a wrapped long line) and in s3_cbc.c where there is no change in the generated assembly. ok inoguchi jsing
and a compact test suite for getopt(3) intended automated regression testing, both written from scratch. The suite is intended to provide full coverage, except that it doesn't test manual changes of optind and optreset and except that it so far avoids the situation where we have a known bug.
Check and print out boolean type properly. Based on OpenSSL commit ad72d9fdf7709ddb97a58d7d45d755e6e0504b96. Reduced unneeded parentheses from if condition. Check return value from i2s_ASN1_INTEGER. Based on OpenSSL commit 5e3553c2de9a365479324b8ba8b998f0cce3e527. Added if condition expression and return 0 if NULL is returned. ok tb@
…bvious. Useless text reported by Martin Vahlensieck (academicsolutions.ch) on tech@.
Patch from Martin Vahlensieck <academicsolutions dot ch>.
Patch from Martin Vahlensieck <academicsolutions dot ch>.
OK schwarze@
If the maximum version is less than TLSv1.3, send a zero-length session identifier (matching the behaviour of the legacy TLS stack), rather than a 32 byte random identifier. The 32 byte random identifier is only needed for "compatibility" mode in TLSv1.3. ok beck@
First check the client random against the zeroed value, then zero the client random in the client hello, before comparing with the golden value. This makes failures more obvious and the test code more readable.
which is still under a free license. Wording tweaked by me.
correct the description of X509_get_X509_PUBKEY(3), document error handling of the read accessors, and mention the relevant STANDARDS
and point to UI_UTIL_read_pw(3) instead; tb@ agrees with the general direction
missed a subsequent fix for an off-by-one in that code. If the first byte of a CBC padding of length 255 is mangled, we don't detect that. Adam Langley's BoringSSL commit 80842bdb44855dd7f1dde64a3fa9f4e782310fc7 Fixes the failing tlsfuzzer lucky 13 test case. ok beck inoguchi
|
Related to libressl/portable#597 |
|
@aberaud can you close this, too ? |
busterb
force-pushed
the
master
branch
3 times, most recently
from
388f2ae
to
a2210d0
Compare
botovq
force-pushed
the
master
branch
6 times, most recently
from
fc84c6d
to
384d7c0
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.