提交 · 02a36fdae8cb503e2f88eac52eb3053431089397 · OpenHarmony / Third Party Openssl

26 3月, 2015 3 次提交
- M
  Move more SSL3_RECORD oriented functions into ssl3_record.c · 02a36fda
  由 Matt Caswell 提交于 2月 01, 2015
```
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
  02a36fda
- M
  Encapsulate s->s3->wrec · 92ffa83d
  由 Matt Caswell 提交于 2月 01, 2015
```
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
  92ffa83d
- M
  Encapsulate s->s3->rrec · 258f8721
  由 Matt Caswell 提交于 1月 30, 2015
```
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
  258f8721
25 3月, 2015 1 次提交

Ensure last_write_sequence is saved in DTLS1.2 · d5d0a1cb

由 Matt Caswell 提交于 2月 05, 2015

In DTLS, immediately prior to epoch change, the write_sequence is supposed
to be stored in s->d1->last_write_sequence. The write_sequence is then reset
back to 00000000. In the event of retransmits of records from the previous
epoch, the last_write_sequence is restored. This commit fixes a bug in
DTLS1.2 where the write_sequence was being reset before last_write_sequence
was saved, and therefore retransmits are sent with incorrect sequence
numbers.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

d5d0a1cb

23 3月, 2015 1 次提交

Fix missing return value checks · 69f68237

由 Matt Caswell 提交于 3月 06, 2015

Ensure that all functions have their return values checked where
appropriate. This covers all functions defined and called from within
libssl.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

69f68237

17 3月, 2015 1 次提交

Add sanity check to PRF · 668f6f08

由 Matt Caswell 提交于 3月 12, 2015

The function tls1_PRF counts the number of digests in use and partitions
security evenly between them. There always needs to be at least one digest
in use, otherwise this is an internal error. Add a sanity check for this.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

668f6f08

11 3月, 2015 1 次提交

Cleanse buffers · c9dd49a7

由 Matt Caswell 提交于 3月 09, 2015

Cleanse various intermediate buffers used by the PRF.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

c9dd49a7

27 2月, 2015 1 次提交

Fixed missing return value checks. · eadf70d2

由 Matt Caswell 提交于 2月 26, 2015

Added various missing return value checks in tls1_change_cipher_state.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

eadf70d2

13 2月, 2015 1 次提交

Missing OPENSSL_free on error path. · 1d2932de

由 Eric Dequin 提交于 2月 12, 2015

Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

1d2932de

06 2月, 2015 1 次提交

dead code cleanup: #if 0 in ssl · 9e9858d1

由 Rich Salz 提交于 2月 06, 2015

I left many "#if 0" lines, usually because I thought we would
probably want to revisit them later, or because they provided
some useful internal documentation tips.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

9e9858d1

04 2月, 2015 1 次提交
- D
  Remove unused variables. · 3d47c1d3
  由 Dr. Stephen Henson 提交于 2月 03, 2015
```
Reviewed-by: NRich Salz <rsalz@openssl.org>
```
  3d47c1d3
03 2月, 2015 2 次提交

Add extms support to master key generation. · 0cfb0e75

由 Dr. Stephen Henson 提交于 1月 23, 2015

Update master secret calculation to support extended master secret.
TLS 1.2 client authentication adds a complication because we need to
cache the handshake messages. This is simpllified however because
the point at which the handshake hashes are calculated for extended
master secret is identical to that required for TLS 1.2 client
authentication (immediately after client key exchange which is also
immediately before certificate verify).
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

0cfb0e75

Utility function to retrieve handshake hashes. · 48fbcbac

由 Dr. Stephen Henson 提交于 1月 23, 2015

Retrieve handshake hashes in a separate function. This tidies the existing
code and will be used for extended master secret generation.
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

48fbcbac

29 1月, 2015 1 次提交

Remove support for opaque-prf · 68fd6dce

由 Rich Salz 提交于 1月 28, 2015

An expired IETF Internet-Draft (seven years old) that nobody
implements, and probably just as good as NSA DRBG work.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

68fd6dce

22 1月, 2015 4 次提交
- M
  Run util/openssl-format-source -v -c . · 0f113f3e
  由 Matt Caswell 提交于 1月 22, 2015
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  0f113f3e
- M
  Move more comments that confuse indent · 68d39f3c
  由 Matt Caswell 提交于 1月 21, 2015
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  68d39f3c
- M
  Fix strange formatting by indent · b853717f
  由 Matt Caswell 提交于 1月 21, 2015
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  b853717f
- M
  Fix source where indent will not be able to cope · e636e2ac
  由 Matt Caswell 提交于 1月 19, 2015
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  e636e2ac
06 1月, 2015 1 次提交
- M
  Further comment amendments to preserve formatting prior to source reformat · 3a83462d
  由 Matt Caswell 提交于 1月 05, 2015
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  3a83462d
17 12月, 2014 2 次提交
- R
  Clear warnings/errors within TLS_DEBUG code sections · 6dec5e1c
  由 Richard Levitte 提交于 12月 16, 2014
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  6dec5e1c
- R
  Clear warnings/errors within KSSL_DEBUG code sections · 3ddb2914
  由 Richard Levitte 提交于 12月 16, 2014
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  3ddb2914
08 12月, 2014 1 次提交

Remove some unnecessary OPENSSL_FIPS references · 00b4ee76

由 Dr. Stephen Henson 提交于 10月 18, 2014

FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS
capable.
Reviewed-by: NTim Hudson <tjh@openssl.org>

00b4ee76

04 12月, 2014 1 次提交

Remove SSLv2 support · 45f55f6a

由 Kurt Roeckx 提交于 11月 30, 2014

The only support for SSLv2 left is receiving a SSLv2 compatible client hello.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

45f55f6a

15 10月, 2014 1 次提交
- B
  Support TLS_FALLBACK_SCSV. · cf6da053
  由 Bodo Moeller 提交于 10月 15, 2014
```
Reviewed-by: NStephen Henson <steve@openssl.org>
```
  cf6da053
02 7月, 2014 1 次提交
- R
  
  RT 1528; misleading debug print, "pre-master" should be "master key" · e67ddd19
  由 Rich Salz 提交于 7月 01, 2014
  
  e67ddd19
28 6月, 2014 1 次提交
- Y
  Fix compilation with -DSSL_DEBUG -DTLS_DEBUG -DKSSL_DEBUG · d183545d
  由 yogesh nagarkar 提交于 6月 28, 2014
```
PR#3141
```
  d183545d
31 5月, 2014 1 次提交
- D
  Use correct digest when exporting keying material. · 4fdf9174
  由 Dr. Stephen Henson 提交于 5月 30, 2014
```
PR#3319
```
  4fdf9174
25 5月, 2014 1 次提交
- M
  
  Fix for non compilation with TLS_DEBUG defined · 955376fd
  由 Matt Caswell 提交于 5月 24, 2014
  
  955376fd
26 2月, 2014 1 次提交
- A
  ssl/t1_enc.c: check EVP_MD_CTX_copy return value. · 03da57fe
  由 Andy Polyakov 提交于 2月 25, 2014
```
PR: 3201
```
  03da57fe
04 1月, 2014 1 次提交
- A
  
  ssl/t1_enc.c: optimize PRF (suggested by Intel). · e8b0dd57
  由 Andy Polyakov 提交于 1月 03, 2014
  
  e8b0dd57
21 12月, 2013 1 次提交

Fix DTLS retransmission from previous session. · 20b82b51

由 Dr. Stephen Henson 提交于 12月 20, 2013

For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b)

20b82b51

18 12月, 2013 1 次提交
- D
  Check EVP errors for handshake digests. · ed496b3d
  由 Dr. Stephen Henson 提交于 12月 14, 2013
```
Partial mitigation of PR#3200
(cherry picked from commit 0294b2be5f4c11e60620c0018674ff0e17b14238)
```
  ed496b3d
08 9月, 2013 1 次提交

Experimental encrypt-then-mac support. · 5e3ff62c

由 Dr. Stephen Henson 提交于 3月 22, 2013

Experimental support for encrypt then mac from
draft-gutmann-tls-encrypt-then-mac-02.txt

To enable it set the appropriate extension number (0x10 for the test server)
using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10

For non-compliant peers (i.e. just about everything) this should have no
effect.

5e3ff62c

06 9月, 2013 1 次提交
- V
  
  misspellings fixes by https://github.com/vlajos/misspell_fixer · 478b50cf
  由 Veres Lajos 提交于 6月 13, 2013
  
  478b50cf
28 3月, 2013 1 次提交
- D
  Enable TLS 1.2 ciphers in DTLS 1.2. · 4221c0dd
  由 Dr. Stephen Henson 提交于 3月 27, 2013
```
Port TLS 1.2 GCM code to DTLS. Enable use of TLS 1.2 only ciphers when in
DTLS 1.2 mode too.
```
  4221c0dd
19 3月, 2013 1 次提交
- D
  
  Typo. · eb7ece13
  由 Dr. Stephen Henson 提交于 3月 19, 2013
  
  eb7ece13
18 3月, 2013 1 次提交

Use enc_flags when deciding protocol variations. · cbd64894

由 Dr. Stephen Henson 提交于 3月 13, 2013

Use the enc_flags field to determine whether we should use explicit IV,
signature algorithms or SHA256 default PRF instead of hard coding which
versions support each requirement.

cbd64894

08 2月, 2013 1 次提交
- A
  ssl/*: revert "remove SSL_RECORD->orig_len" and merge "fix IV". · dd7e60bd
  由 Andy Polyakov 提交于 2月 08, 2013
```
Revert is appropriate because binary compatibility is not an issue
in 1.1.
```
  dd7e60bd
06 2月, 2013 2 次提交

ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. · 2aec073a

由 Andy Polyakov 提交于 2月 01, 2013

Kludge alert. This is arranged by passing padding length in unused
bits of SSL3_RECORD->type, so that orig_len can be reconstructed.
(cherry picked from commit 8bfd4c659f180a6ce34f21c0e62956b362067fba)

2aec073a

Timing fix mitigation for FIPS mode. · c4e6fb15

由 Dr. Stephen Henson 提交于 1月 29, 2013

We have to use EVP in FIPS mode so we can only partially mitigate
timing differences.

Make an extra call to EVP_DigestSignUpdate to hash additonal blocks
to cover any timing differences caused by removal of padding.
(cherry picked from commit b908e88ec15aa0a74805e3f2236fc4f83f2789c2)

c4e6fb15

OpenHarmony / Third Party Openssl 大约 1 年 前同步成功

OpenHarmony / Third Party Openssl
大约 1 年前同步成功