Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
3ddc06f0
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
10 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
3ddc06f0
编写于
10月 13, 2011
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
Submitted by: Bob Buckholz <bbuckholz@google.com>
上级
cdfe0fdd
变更
2
显示空白变更内容
内联
并排
Showing
2 changed file
with
60 addition
and
49 deletion
+60
-49
CHANGES
CHANGES
+57
-49
ssl/s3_lib.c
ssl/s3_lib.c
+3
-0
未找到文件。
CHANGES
浏览文件 @
3ddc06f0
...
@@ -184,16 +184,59 @@
...
@@ -184,16 +184,59 @@
by Google.
by Google.
[Adam Langley <agl@google.com> and Ben Laurie]
[Adam Langley <agl@google.com> and Ben Laurie]
*) Use type ossl_ssize_t instad of ssize_t which isn't available on
all platforms. Move ssize_t definition from e_os.h to the public
header file e_os2.h as it now appears in public header file cms.h
[Steve Henson]
*) New function OPENSSL_gmtime_diff to find the difference in days
*) New function OPENSSL_gmtime_diff to find the difference in days
and seconds between two tm structures. This will be used to provide
and seconds between two tm structures. This will be used to provide
additional functionality for ASN1_TIME.
additional functionality for ASN1_TIME.
[Steve Henson]
[Steve Henson]
*) Add -trusted_first option which attempts to find certificates in the
trusted store even if an untrusted chain is also supplied.
[Steve Henson]
*) Initial experimental support for explicitly trusted non-root CAs.
OpenSSL still tries to build a complete chain to a root but if an
intermediate CA has a trust setting included that is used. The first
setting is used: whether to trust or reject.
[Steve Henson]
*) New -verify_name option in command line utilities to set verification
parameters by name.
[Steve Henson]
*) Initial CMAC implementation. WARNING: EXPERIMENTAL, API MAY CHANGE.
Add CMAC pkey methods.
[Steve Henson]
*) Experiemental regnegotiation in s_server -www mode. If the client
browses /reneg connection is renegotiated. If /renegcert it is
renegotiated requesting a certificate.
[Steve Henson]
*) Add an "external" session cache for debugging purposes to s_server. This
should help trace issues which normally are only apparent in deployed
multi-process servers.
[Steve Henson]
*) Extensive audit of libcrypto with DEBUG_UNUSED. Fix many cases where
return value is ignored. NB. The functions RAND_add(), RAND_seed(),
BIO_set_cipher() and some obscure PEM functions were changed so they
can now return an error. The RAND changes required a change to the
RAND_METHOD structure.
[Steve Henson]
*) New macro __owur for "OpenSSL Warn Unused Result". This makes use of
a gcc attribute to warn if the result of a function is ignored. This
is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
whose return value is often ignored.
[Steve Henson]
Changes between 1.0.0f and 1.0.1 [xx XXX xxxx]
*) Use type ossl_ssize_t instad of ssize_t which isn't available on
all platforms. Move ssize_t definition from e_os.h to the public
header file e_os2.h as it now appears in public header file cms.h
[Steve Henson]
*) New -sigopt option to the ca, req and x509 utilities. Additional
*) New -sigopt option to the ca, req and x509 utilities. Additional
signature parameters can be passed using this option and in
signature parameters can be passed using this option and in
particular PSS.
particular PSS.
...
@@ -228,34 +271,6 @@
...
@@ -228,34 +271,6 @@
parameters r, s.
parameters r, s.
[Steve Henson]
[Steve Henson]
*) Add -trusted_first option which attempts to find certificates in the
trusted store even if an untrusted chain is also supplied.
[Steve Henson]
*) Initial experimental support for explicitly trusted non-root CAs.
OpenSSL still tries to build a complete chain to a root but if an
intermediate CA has a trust setting included that is used. The first
setting is used: whether to trust or reject.
[Steve Henson]
*) New -verify_name option in command line utilities to set verification
parameters by name.
[Steve Henson]
*) Initial CMAC implementation. WARNING: EXPERIMENTAL, API MAY CHANGE.
Add CMAC pkey methods.
[Steve Henson]
*) Experiemental regnegotiation in s_server -www mode. If the client
browses /reneg connection is renegotiated. If /renegcert it is
renegotiated requesting a certificate.
[Steve Henson]
*) Add an "external" session cache for debugging purposes to s_server. This
should help trace issues which normally are only apparent in deployed
multi-process servers.
[Steve Henson]
*) Password based recipient info support for CMS library: implementing
*) Password based recipient info support for CMS library: implementing
RFC3211.
RFC3211.
[Steve Henson]
[Steve Henson]
...
@@ -266,21 +281,6 @@
...
@@ -266,21 +281,6 @@
password based CMS).
password based CMS).
[Steve Henson]
[Steve Henson]
*) Extensive audit of libcrypto with DEBUG_UNUSED. Fix many cases where
return value is ignored. NB. The functions RAND_add(), RAND_seed(),
BIO_set_cipher() and some obscure PEM functions were changed so they
can now return an error. The RAND changes required a change to the
RAND_METHOD structure.
[Steve Henson]
*) New macro __owur for "OpenSSL Warn Unused Result". This makes use of
a gcc attribute to warn if the result of a function is ignored. This
is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
whose return value is often ignored.
[Steve Henson]
Changes between 1.0.0e and 1.0.1 [xx XXX xxxx]
*) Session-handling fixes:
*) Session-handling fixes:
- Fix handling of connections that are resuming with a session ID,
- Fix handling of connections that are resuming with a session ID,
but also support Session Tickets.
but also support Session Tickets.
...
@@ -452,7 +452,12 @@
...
@@ -452,7 +452,12 @@
Add command line options to s_client/s_server.
Add command line options to s_client/s_server.
[Steve Henson]
[Steve Henson]
Changes between 1.0.0d and 1.0.0e [xx XXX xxxx]
Changes between 1.0.0e and 1.0.0f [xx XXX xxxx]
*) In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
[Bob Buckholz (Google)]
Changes between 1.0.0d and 1.0.0e [6 Sep 2011]
*) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
*) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
by initialising X509_STORE_CTX properly. (CVE-2011-3207)
by initialising X509_STORE_CTX properly. (CVE-2011-3207)
...
@@ -1359,6 +1364,9 @@
...
@@ -1359,6 +1364,9 @@
Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
*) In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
[Bob Buckholz (Google)]
*) Fix SSL memory handling for (EC)DH ciphersuites, in particular
*) Fix SSL memory handling for (EC)DH ciphersuites, in particular
for multi-threaded use of ECDH.
for multi-threaded use of ECDH.
[Adam Langley (Google)]
[Adam Langley (Google)]
...
...
ssl/s3_lib.c
浏览文件 @
3ddc06f0
...
@@ -3000,6 +3000,7 @@ void ssl3_clear(SSL *s)
...
@@ -3000,6 +3000,7 @@ void ssl3_clear(SSL *s)
{
{
unsigned
char
*
rp
,
*
wp
;
unsigned
char
*
rp
,
*
wp
;
size_t
rlen
,
wlen
;
size_t
rlen
,
wlen
;
int
init_extra
;
#ifdef TLSEXT_TYPE_opaque_prf_input
#ifdef TLSEXT_TYPE_opaque_prf_input
if
(
s
->
s3
->
client_opaque_prf_input
!=
NULL
)
if
(
s
->
s3
->
client_opaque_prf_input
!=
NULL
)
...
@@ -3038,6 +3039,7 @@ void ssl3_clear(SSL *s)
...
@@ -3038,6 +3039,7 @@ void ssl3_clear(SSL *s)
wp
=
s
->
s3
->
wbuf
.
buf
;
wp
=
s
->
s3
->
wbuf
.
buf
;
rlen
=
s
->
s3
->
rbuf
.
len
;
rlen
=
s
->
s3
->
rbuf
.
len
;
wlen
=
s
->
s3
->
wbuf
.
len
;
wlen
=
s
->
s3
->
wbuf
.
len
;
init_extra
=
s
->
s3
->
init_extra
;
if
(
s
->
s3
->
handshake_buffer
)
{
if
(
s
->
s3
->
handshake_buffer
)
{
BIO_free
(
s
->
s3
->
handshake_buffer
);
BIO_free
(
s
->
s3
->
handshake_buffer
);
s
->
s3
->
handshake_buffer
=
NULL
;
s
->
s3
->
handshake_buffer
=
NULL
;
...
@@ -3050,6 +3052,7 @@ void ssl3_clear(SSL *s)
...
@@ -3050,6 +3052,7 @@ void ssl3_clear(SSL *s)
s
->
s3
->
wbuf
.
buf
=
wp
;
s
->
s3
->
wbuf
.
buf
=
wp
;
s
->
s3
->
rbuf
.
len
=
rlen
;
s
->
s3
->
rbuf
.
len
=
rlen
;
s
->
s3
->
wbuf
.
len
=
wlen
;
s
->
s3
->
wbuf
.
len
=
wlen
;
s
->
s3
->
init_extra
=
init_extra
;
ssl_free_wbio_buffer
(
s
);
ssl_free_wbio_buffer
(
s
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录