- 21 6月, 2017 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-
由 Rich Salz 提交于
This is done with the kind permission of Nokia. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3722)
-
- 03 6月, 2017 1 次提交
-
-
由 Todd Short 提交于
Code was added in commit b3c31a65 that overwrote the last ex_data value using CRYPTO_dup_ex_data() causing a memory leak, and potentially confusing the ex_data dup() callback. In ssl_session_dup(), fix error handling (properly reference and up-ref shared data) and new-up the ex_data before calling CRYPTO_dup_ex_data(); all other structures that dup ex_data have the destination ex_data new'd before the dup. Fix up some of the ex_data documentation. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3323)
-
- 19 5月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
We are quite inconsistent about which alerts get sent. Specifically, these alerts should be used (normally) in the following circumstances: SSL_AD_DECODE_ERROR = The peer sent a syntactically incorrect message SSL_AD_ILLEGAL_PARAMETER = The peer sent a message which was syntactically correct, but a parameter given is invalid for the context SSL_AD_HANDSHAKE_FAILURE = The peer's messages were syntactically and semantically correct, but the parameters provided were unacceptable to us (e.g. because we do not support the requested parameters) SSL_AD_INTERNAL_ERROR = We messed up (e.g. malloc failure) The standards themselves aren't always consistent but I think the above represents the best interpretation. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3480)
-
- 26 4月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Provide a way to test whether the SSL_SESSION object can be used to resume a sesion or not. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3008)
-
- 07 4月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
This move prepares for the later addition of the new custom extensions API. The context codes have an additional "SSL_" added to their name to ensure we don't have name clashes with other applications. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
-
- 08 3月, 2017 1 次提交
-
-
由 Roberto Guimaraes 提交于
this change will prevent undefined behavior when src and dst are equal (memcpy), effectively allowing setting length only in both functions. CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2750)
-
- 03 3月, 2017 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
-
- 28 2月, 2017 1 次提交
-
-
由 Bernd Edlinger 提交于
the uninitialized session_id now. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2608)
-
- 30 1月, 2017 9 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
Now we're using an enum the values themselves are self explanatory Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
Remove "magic" return values and use an enum instead. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
If we have deserialized the SSL_SESSION then in some circumstances the session->cipher value is NULL. We were patching up in some places but not in others. We should just do it as part of loading the SSL_SESSION. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
Make sure the session version consistency check is inside ssl_get_prev_session(). Also fixes a bug where an inconsistent version can cause a seg fault in TLSv1.3. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
These functions are problematic in TLSv1.3 because the server sends the NewSessionTicket message after the handshake has finished. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
- 24 1月, 2017 1 次提交
-
-
由 Bernd Edlinger 提交于
- s == NULL can mean c is a new session *or* lh_insert was unable to create a hash entry. - use lh_SSL_SESSION_retrieve to check for this error condition. - If it happens simply remove the extra reference again. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2138)
-
- 10 1月, 2017 2 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2052)
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2052)
-
- 18 11月, 2016 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1500
-
- 16 11月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
This is a temporary fix for while we are still using the old session resumption logic in the TLSv1.3 code. Due to differences in EXTMS support we can't resume a <=TLSv1.2 session in a TLSv1.3 connection (the EXTMS consistency check causes the connection to abort). This causes test failures. Ultimately we will rewrite the session resumption logic for TLSv1.3 so this problem will go away. But until then we need a quick fix to keep the tests happy. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 10 11月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
This is a skin deep change, which simply renames most places where we talk about curves in a TLS context to groups. This is because TLS1.3 has renamed the extension, and it can now include DH groups too. We still only support curves, but this rename should pave the way for a future extension for DH groups. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 09 11月, 2016 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 04 11月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 02 11月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Includes addition of the various options to s_server/s_client. Also adds one of the new TLS1.3 ciphersuites. This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not a "real" TLS1.3 ciphersuite). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 18 8月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 17 8月, 2016 2 次提交
-
-
由 Remi Gacogne 提交于
* SSL_SESSION_set1_id() * SSL_SESSION_get0_id_context() * SSL_CTX_get_tlsext_status_cb() * SSL_CTX_get_tlsext_status_arg() Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 13 8月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1451)
-
- 20 7月, 2016 1 次提交
-
-
由 FdaSilvaYY 提交于
Fix some indentation at the same time Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1292)
-
- 19 7月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
If the SSL_SESS_CACHE_NO_INTERNAL_STORE cache mode is used then we weren't removing sessions from the external cache, e.g. if an alert occurs the session is supposed to be automatically removed. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 15 6月, 2016 1 次提交
-
-
由 Kurt Roeckx 提交于
ssl_session_hash() always looks at the first 4 bytes, regardless of the length. A client can send a session id that's shorter, and the callback could also generate one that's shorter. So we make sure that the rest of the buffer is initliazed to 0 so that we always calculate the same hash. Found by tis-interpreter, also previously reported as RT #2871 Reviewed-by: NRich Salz <rsalz@openssl.org> MR: #2911
-
- 14 6月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
SSL_clear() and SSL_free() will remove a session from the cache if it is considered "bad". However SSL_set_session() does not do this for the session it is replacing. SSL_clear() clears an SSL object ready for reuse. It does not clear the session though. This means that: SSL_clear(s) SSL_set_session(s, sess); and SSL_set_session(s, sess); SSL_clear(s); do not do the same thing, although logically you would expect that they would. The failure of SSL_set_session() to remove bad sessions from the cache should be considered a bug, so this commit fixes it. RT#597 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 08 6月, 2016 1 次提交
-
-
由 Todd Short 提交于
Sessions are stored on the session_ctx, which doesn't change after SSL_set_SSL_CTX(). Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 01 6月, 2016 2 次提交
-
-
由 TJ Saunders 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1135)
-
由 TJ Saunders 提交于
accompanying documentation. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1135)
-