- 20 9月, 2016 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 14 9月, 2016 2 次提交
-
-
由 Matt Caswell 提交于
Updated the construction code to use the new function. Also added some convenience macros for WPACKET_sub_memcpy(). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 13 9月, 2016 6 次提交
-
-
由 Matt Caswell 提交于
A few style tweaks here and there. The main change is that curr and packet_len are now offsets into the buffer to account for the fact that the pointers can change if the buffer grows. Also dropped support for the WPACKET_set_packet_len() function. I thought that was going to be needed but so far it hasn't been. It doesn't really work any more due to the offsets change. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Otherwise a mem leak can occur. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
No need to declare an explicit sub-packet. Just start one. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
To avoid confusion with the read PACKET structure. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 23 8月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Don't leak pke_ctx on error. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 18 8月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 15 8月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix no-ec builds by having separate functions to create keys based on an existing EVP_PKEY and a curve id. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 13 8月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
When handling ECDH check to see if the curve is "custom" (X25519 is currently the only curve of this type) and instead of setting a curve NID just allocate a key of appropriate type. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 05 8月, 2016 1 次提交
-
-
由 David Woodhouse 提交于
The Change Cipher Spec message in this ancient pre-standard version of DTLS that Cisco are unfortunately still using in their products, is 3 bytes. Allow it. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 01 8月, 2016 1 次提交
-
-
由 Ben Laurie 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 23 7月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
RT#4619 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 19 7月, 2016 18 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
After the refactor of tls_process_key_exchange(), this commit tidies up some loose ends. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Continuing from the previous commit. Refactor tls_process_key_exchange() to split out into a separate function the ECDHE aspects. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Continuing from the previous commit. Refactor tls_process_key_exchange() to split out into a separate function the DHE aspects. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Continuing from the previous commit. Refactor tls_process_key_exchange() to split out into a separate function the SRP aspects. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The tls_process_key_exchange() function is too long. This commit starts the process of splitting it up by moving the PSK preamble code to a separate function. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The function tls_process_key_exchange() is too long. This commit moves the PSK preamble processing out to a separate function. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Narrow the scope of the local vars in preparation for split up this function. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
If the SSL_SESS_CACHE_NO_INTERNAL_STORE cache mode is used then we weren't removing sessions from the external cache, e.g. if an alert occurs the session is supposed to be automatically removed. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Continuing previous commit to break up the tls_construct_client_key_exchange() function. This splits out the SRP code. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Continuing previous commit to break up the tls_construct_client_key_exchange() function. This splits out the GOST code. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Continuing previous commit to break up the tls_construct_client_key_exchange() function. This splits out the ECDHE code. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Continuing previous commit to break up the tls_construct_client_key_exchange() function. This splits out the DHE code. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The tls_construct_client_key_exchange() function is too long. This splits out the construction of the PSK pre-amble into a separate function as well as the RSA construction. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
This is in preparation for splitting up this over long function. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 18 7月, 2016 3 次提交
-
-
由 Matt Caswell 提交于
The static function key_exchange_expected() used to return -1 on error. Commit 361a1191 changed that so that it can never fail. This means that some tidy up can be done to simplify error handling in callers of that function. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
In TLS if the server sends a CertificateRequest and the client does not provide one, if the server cannot continue it should send a HandshakeFailure alert. In SSLv3 the same should happen, but instead we were sending an UnexpectedMessage alert. This is incorrect - the message isn't unexpected - it is valid for the client not to send one - its just that we cannot continue without one. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
Move the preparation of the client certificate to be post processing work after reading the CertificateRequest message rather than pre processing work prior to writing the Certificate message. As part of preparing the client certificate we may discover that we do not have one available. If we are also talking SSLv3 then we won't send the Certificate message at all. However, if we don't discover this until we are about to send the Certificate message it is too late and we send an empty one anyway. This is wrong for SSLv3. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 15 7月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 13 7月, 2016 1 次提交
-
-
由 David Benjamin 提交于
The set0 setters take ownership of their arguments, so the values should be set to NULL to avoid a double-free in the cleanup block should ssl_security(SSL_SECOP_TMP_DH) fail. Found by BoringSSL's WeakDH test. Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1299)
-