Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
大约 1 年 前同步成功

通知 9
Star 18
Fork 1
T
Third Party Openssl
切换分支/标签
  1. 01 5月, 2015 1 次提交
    • R
      free NULL cleanup 5a · 222561fe
      Rich Salz 提交于 
      Don't check for NULL before calling a free routine.  This gets X509_.*free:
    x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
    X509_STORE_free X509_STORE_CTX_free X509_PKEY_free
    X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free
Reviewed-by: NRichard Levitte <levitte@openssl.org>
      222561fe
  3. 30 4月, 2015 1 次提交
  5. 29 4月, 2015 1 次提交
  7. 25 4月, 2015 1 次提交
    • R
      Big apps cleanup (option-parsing, etc) · 7e1b7485
      Rich Salz 提交于 
      This is merges the old "rsalz-monolith" branch over to master.  The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt.  Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that.  There have been many other changes and code-cleanup, see
bullet list below.

Special thanks to Matt for the long and detailed code review.

TEMPORARY:
        For now, comment out CRYPTO_mem_leaks() at end of main

Tickets closed:
        RT3515: Use 3DES in pkcs12 if built with no-rc2
        RT1766: s_client -reconnect and -starttls broke
        RT2932: Catch write errors
        RT2604: port should be 'unsigned short'
        RT2983: total_bytes undeclared #ifdef RENEG
        RT1523: Add -nocert to fix output in x509 app
        RT3508: Remove unused variable introduced by b09eb246
        RT3511: doc fix; req default serial is random
        RT1325,2973: Add more extensions to c_rehash
        RT2119,3407: Updated to dgst.pod
        RT2379: Additional typo fix
        RT2693: Extra include of string.h
        RT2880: HFS is case-insensitive filenames
        RT3246: req command prints version number wrong

Other changes; incompatibilities marked with *:
        Add SCSV support
        Add -misalign to speed command
        Make dhparam, dsaparam, ecparam, x509 output C in proper style
        Make some internal ocsp.c functions void
        Only display cert usages with -help in verify
        Use global bio_err, remove "BIO*err" parameter from functions
        For filenames, - always means stdin (or stdout as appropriate)
        Add aliases for -des/aes "wrap" ciphers.
        *Remove support for IISSGC (server gated crypto)
        *The undocumented OCSP -header flag is now "-header name=value"
        *Documented the OCSP -header flag
Reviewed-by: NMatt Caswell <matt@openssl.org>
      7e1b7485
  9. 22 4月, 2015 2 次提交
    • D
      SSL_CIPHER lookup functions. · 98c9ce2f
      Dr. Stephen Henson 提交于 
      Add tables to convert between SSL_CIPHER fields and indices for ciphers
and MACs.

Reorganise ssl_ciph.c to use tables to lookup values and load them.

New functions SSL_CIPHER_get_cipher_nid and SSL_CIPHER_get_digest_nid.

Add documentation.
Reviewed-by: NRich Salz <rsalz@openssl.org>
      98c9ce2f
    • E
      Repair EAP-FAST session resumption · 6e3d0153
      Emilia Kasper 提交于 
      EAP-FAST session resumption relies on handshake message lookahead
to determine server intentions. Commits
980bc1ec
and
7b3ba508
removed the lookahead so broke session resumption.

This change partially reverts the commits and brings the lookahead back
in reduced capacity for TLS + EAP-FAST only. Since EAP-FAST does not
support regular session tickets, the lookahead now only checks for a
Finished message.

Regular handshakes are unaffected by this change.
Reviewed-by: NDavid Benjamin <davidben@chromium.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
      6e3d0153
  11. 18 4月, 2015 1 次提交
  13. 17 4月, 2015 1 次提交
  15. 14 4月, 2015 2 次提交
    • M
      Fix ssl_get_prev_session overrun · 5e0a80c1
      Matt Caswell 提交于 
      If OpenSSL is configured with no-tlsext then ssl_get_prev_session can read
past the end of the ClientHello message if the session_id length in the
ClientHello is invalid. This should not cause any security issues since the
underlying buffer is 16k in size. It should never be possible to overrun by
that many bytes.

This is probably made redundant by the previous commit - but you can never be
too careful.

With thanks to Qinghao Tang for reporting this issue.
Reviewed-by: NRich Salz <rsalz@openssl.org>
      5e0a80c1
    • M
      Check for ClientHello message overruns · 5e9f0eeb
      Matt Caswell 提交于 
      The ClientHello processing is insufficiently rigorous in its checks to make
sure that we don't read past the end of the message. This does not have
security implications due to the size of the underlying buffer - but still
needs to be fixed.

With thanks to Qinghao Tang for reporting this issue.
Reviewed-by: NRich Salz <rsalz@openssl.org>
      5e9f0eeb
  17. 12 4月, 2015 1 次提交
    • R
      free NULL cleanup 9 · e0e920b1
      Rich Salz 提交于 
      Ongoing work to skip NULL check before calling free routine.  This gets:
    ecp_nistz256_pre_comp_free nistp224_pre_comp_free nistp256_pre_comp_free
    nistp521_pre_comp_free PKCS7_free PKCS7_RECIP_INFO_free
    PKCS7_SIGNER_INFO_free sk_PKCS7_pop_free PKCS8_PRIV_KEY_INFO_free
    PKCS12_free PKCS12_SAFEBAG_free PKCS12_free sk_PKCS12_SAFEBAG_pop_free
    SSL_CONF_CTX_free SSL_CTX_free SSL_SESSION_free SSL_free ssl_cert_free
    ssl_sess_cert_free
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
      e0e920b1
  19. 11 4月, 2015 2 次提交
  21. 10 4月, 2015 1 次提交
  23. 04 4月, 2015 1 次提交
  25. 03 4月, 2015 1 次提交
  27. 02 4月, 2015 1 次提交
  29. 01 4月, 2015 4 次提交
  31. 31 3月, 2015 2 次提交
  33. 28 3月, 2015 1 次提交
    • R
      free NULL cleanup · c5ba2d99
      Rich Salz 提交于 
      EVP_.*free; this gets:
        EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free
        EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it
        EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
      c5ba2d99
  35. 27 3月, 2015 4 次提交
  37. 26 3月, 2015 12 次提交