- 01 9月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 03 8月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Uses the new PACKET code to process the incoming ClientHello including all extensions etc. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 30 6月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 22 6月, 2015 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 11 6月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Fix error handling in ssl_session_dup, as well as incorrect setting up of the session ticket. Follow on from CVE-2015-1791. Thanks to LibreSSL project for reporting these issues. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 02 6月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. CVE-2015-1791 This also fixes RT#3808 where a session ID is changed for a session already in the client session cache. Since the session ID is the key to the cache this breaks the cache access. Parts of this patch were inspired by this Akamai change: https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 23 5月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Given the pervasive nature of TLS extensions it is inadvisable to run OpenSSL without support for them. It also means that maintaining the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably not well tested). Therefore it is being removed. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 13 5月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Remove RFC2712 Kerberos support from libssl. This code and the associated standard is no longer considered fit-for-purpose. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 06 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr) for memset and memcpy. Remove needless casts for those functions. For memset, replace alternative forms of zero with 0. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 05 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
For a local variable: TYPE *p; Allocations like this are "risky": p = OPENSSL_malloc(sizeof(TYPE)); if the type of p changes, and the malloc call isn't updated, you could get memory corruption. Instead do this: p = OPENSSL_malloc(sizeof(*p)); Also fixed a few memset() calls that I noticed while doing this. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 02 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
After the finale, the "real" final part. :) Do a recursive grep with "-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are an "if NULL" check that can be removed. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 01 5月, 2015 4 次提交
-
-
由 Rich Salz 提交于
Don't check for NULL before calling OPENSSL_free Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Sanity check the |len| parameter to ensure it is positive. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Rich Salz 提交于
Add OPENSSL_clear_free which merges cleanse and free. (Names was picked to be similar to BN_clear_free, etc.) Removed OPENSSL_freeFunc macro. Fixed the small simple ones that are left: CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Don't check for NULL before calling a free routine. This gets X509_.*free: x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free X509_STORE_free X509_STORE_CTX_free X509_PKEY_free X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 29 4月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Following ANSI C rules, remove the casts from calls to OPENSSL_malloc and OPENSSL_realloc. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 17 4月, 2015 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 14 4月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
If OpenSSL is configured with no-tlsext then ssl_get_prev_session can read past the end of the ClientHello message if the session_id length in the ClientHello is invalid. This should not cause any security issues since the underlying buffer is 16k in size. It should never be possible to overrun by that many bytes. This is probably made redundant by the previous commit - but you can never be too careful. With thanks to Qinghao Tang for reporting this issue. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 12 4月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Ongoing work to skip NULL check before calling free routine. This gets: ecp_nistz256_pre_comp_free nistp224_pre_comp_free nistp256_pre_comp_free nistp521_pre_comp_free PKCS7_free PKCS7_RECIP_INFO_free PKCS7_SIGNER_INFO_free sk_PKCS7_pop_free PKCS8_PRIV_KEY_INFO_free PKCS12_free PKCS12_SAFEBAG_free PKCS12_free sk_PKCS12_SAFEBAG_pop_free SSL_CONF_CTX_free SSL_CTX_free SSL_SESSION_free SSL_free ssl_cert_free ssl_sess_cert_free Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 11 4月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Avoid checking for NULL before calling free functions. This gets ssl.*free: ssl_sess_cert_free ssl_free ssl_excert_free ssl_cert_free SSL_free SSL_SRP_CTX_free SSL_SESSION_free SSL_CTX_free SSL_CTX_SRP_CTX_free SSL_CONF_CTX_free Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 25 3月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Ensure RAND_bytes return value is checked correctly, and that we no longer use RAND_pseudo_bytes. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 23 3月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Ensure that all functions have their return values checked where appropriate. This covers all functions defined and called from within libssl. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 11 2月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
SSL_SESSION_get_ticket_lifetime_hint. The latter has been reported as required to fix Qt for OpenSSL 1.1.0. I have also added the former in order to determine whether a ticket is present or not - otherwise it is difficult to know whether a zero lifetime hint is because the server set it to 0, or because there is no ticket. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 22 1月, 2015 6 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
This should be a one off operation (subsequent invokation of the script should not move them) Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 06 1月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 31 12月, 2014 1 次提交
-
-
由 Tim Hudson 提交于
indent will not alter them when reformatting comments Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 11 12月, 2014 1 次提交
-
-
由 Jonas Maebe 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 04 12月, 2014 1 次提交
-
-
由 Kurt Roeckx 提交于
The only support for SSLv2 left is receiving a SSLv2 compatible client hello. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 29 10月, 2014 1 次提交
-
-
由 Emilia Kasper 提交于
Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends the extension anew in the ServerHello. Previously, a TLS client would reuse the old extension state and thus accept a session ticket if one was announced in the initial ServerHello. Reviewed-by: NBodo Moeller <bodo@openssl.org>
-
- 06 9月, 2013 1 次提交
-
-
由 Scott Deboy 提交于
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
-
- 26 3月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add correct flags for DTLS 1.2, update s_server and s_client to handle DTLS 1.2 methods. Currently no support for version negotiation: i.e. if client/server selects DTLS 1.2 it is that or nothing.
-
- 04 6月, 2012 1 次提交
-
-
由 Ben Laurie 提交于
-
- 30 5月, 2012 1 次提交
-
-
由 Ben Laurie 提交于
-