1. 22 3月, 2016 1 次提交
  2. 18 3月, 2016 1 次提交
  3. 11 3月, 2016 1 次提交
  4. 10 3月, 2016 1 次提交
  5. 08 3月, 2016 1 次提交
    • T
      GH787: Fix ALPN · 817cd0d5
      Todd Short 提交于
      * Perform ALPN after the SNI callback; the SSL_CTX may change due to
        that processing
      * Add flags to indicate that we actually sent ALPN, to properly error
        out if unexpectedly received.
      * clean up ssl3_free() no need to explicitly clear when doing memset
      * document ALPN functions
      Signed-off-by: NRich Salz <rsalz@openssl.org>
      Reviewed-by: NEmilia Käsper <emilia@openssl.org>
      817cd0d5
  6. 04 3月, 2016 1 次提交
  7. 29 2月, 2016 1 次提交
    • M
      Refactor the async wait fd logic · ff75a257
      Matt Caswell 提交于
      Implementation experience has shown that the original plan for async wait
      fds was too simplistic. Originally the async logic created a pipe internally
      and user/engine code could then get access to it via API calls. It is more
      flexible if the engine is able to create its own fd and provide it to the
      async code.
      
      Another issue is that there can be a lot of churn in the fd value within
      the context of (say) a single SSL connection leading to continually adding
      and removing fds from (say) epoll. It is better if we can provide some
      stability of the fd value across a whole SSL connection. This is
      problematic because an engine has no concept of an SSL connection.
      
      This commit refactors things to introduce an ASYNC_WAIT_CTX which acts as a
      proxy for an SSL connection down at the engine layer.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      ff75a257
  8. 26 2月, 2016 1 次提交
  9. 23 2月, 2016 1 次提交
  10. 19 2月, 2016 1 次提交
    • R
      Remove outdated DEBUG flags. · d63a5e5e
      Rich Salz 提交于
      Add -DBIO_DEBUG to --strict-warnings.
      Remove comments about outdated debugging ifdef guards.
      Remove md_rand ifdef guarding an assert; it doesn't seem used.
      Remove the conf guards in conf_api since we use OPENSSL_assert, not assert.
      For pkcs12 stuff put OPENSSL_ in front of the macro name.
      Merge TLS_DEBUG into SSL_DEBUG.
      Various things just turned on/off asserts, mainly for checking non-NULL
      arguments, which is now removed: camellia, bn_ctx, crypto/modes.
      Remove some old debug code, that basically just printed things to stderr:
        DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG,
        RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG.
      Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      d63a5e5e
  11. 17 2月, 2016 1 次提交
  12. 15 2月, 2016 1 次提交
  13. 03 2月, 2016 1 次提交
  14. 21 1月, 2016 1 次提交
  15. 14 1月, 2016 2 次提交
  16. 17 12月, 2015 1 次提交
    • R
      Rename some BUF_xxx to OPENSSL_xxx · 7644a9ae
      Rich Salz 提交于
      Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
      to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
      Add #define's for the old names.
      Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.
      Reviewed-by: NTim Hudson <tjh@openssl.org>
      7644a9ae
  17. 21 11月, 2015 1 次提交
  18. 10 11月, 2015 1 次提交
  19. 24 10月, 2015 1 次提交
  20. 25 9月, 2015 1 次提交
    • M
      Add support for -no-CApath and -no-CAfile options · 2b6bcb70
      Matt Caswell 提交于
      For those command line options that take the verification options
      -CApath and -CAfile, if those options are absent then the default path or
      file is used instead. It is not currently possible to specify *no* path or
      file at all. This change adds the options -no-CApath and -no-CAfile to
      specify that the default locations should not be used to all relevant
      applications.
      Reviewed-by: NAndy Polyakov <appro@openssl.org>
      2b6bcb70
  21. 12 9月, 2015 1 次提交
  22. 07 9月, 2015 1 次提交
  23. 06 9月, 2015 3 次提交
  24. 16 7月, 2015 1 次提交
  25. 16 6月, 2015 1 次提交
    • R
      RT2547: Tighten perms on generated privkey files · 3b061a00
      Rich Salz 提交于
      When generating a private key, try to make the output file be readable
      only by the owner.  Put it in CHANGES file since it might be noticeable.
      
      Add "int private" flag to apps that write private keys, and check that it's
      set whenever we do write a private key.  Checked via assert so that this
      bug (security-related) gets fixed.  Thanks to Viktor for help in tracing
      the code-paths where private keys are written.
      Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
      3b061a00
  26. 29 5月, 2015 2 次提交
  27. 23 5月, 2015 1 次提交
  28. 11 5月, 2015 1 次提交
  29. 07 5月, 2015 1 次提交
  30. 06 5月, 2015 2 次提交
    • G
      Initialize potentially uninitialized local variables · 4c9b0a03
      Gunnar Kudrjavets 提交于
      Compiling OpenSSL code with MSVC and /W4 results in a number of warnings.
      One category of warnings is particularly interesting - C4701 (potentially
      uninitialized local variable 'name' used). This warning pretty much means
      that there's a code path which results in uninitialized variables being used
      or returned. Depending on compiler, its options, OS, values in registers
      and/or stack, the results can be nondeterministic. Cases like this are very
      hard to debug so it's rational to fix these issues.
      
      This patch contains a set of trivial fixes for all the C4701 warnings (just
      initializing variables to 0 or NULL or appropriate error code) to make sure
      that deterministic values will be returned from all the execution paths.
      
      RT#3835
      Signed-off-by: NMatt Caswell <matt@openssl.org>
      
      Matt's note: All of these appear to be bogus warnings, i.e. there isn't
      actually a code path where an unitialised variable could be used - its just
      that the compiler hasn't been able to figure that out from the logic. So
      this commit is just about silencing spurious warnings.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      4c9b0a03
    • M
      Fix windows build · b1ad95e3
      Matt Caswell 提交于
      Fix error in WIN32_rename() introduced by commit b4faea50.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      b1ad95e3
  31. 05 5月, 2015 1 次提交
    • R
      Use safer sizeof variant in malloc · b4faea50
      Rich Salz 提交于
      For a local variable:
              TYPE *p;
      Allocations like this are "risky":
              p = OPENSSL_malloc(sizeof(TYPE));
      if the type of p changes, and the malloc call isn't updated, you
      could get memory corruption.  Instead do this:
              p = OPENSSL_malloc(sizeof(*p));
      Also fixed a few memset() calls that I noticed while doing this.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      b4faea50
  32. 04 5月, 2015 1 次提交
  33. 02 5月, 2015 1 次提交
    • R
      free NULL cleanup -- coda · 25aaa98a
      Rich Salz 提交于
      After the finale, the "real" final part. :)  Do a recursive grep with
      "-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are
      an "if NULL" check that can be removed.
      Reviewed-by: NTim Hudson <tjh@openssl.org>
      25aaa98a
  34. 01 5月, 2015 2 次提交
    • R
      free NULL cleanup 11 · efa7dd64
      Rich Salz 提交于
      Don't check for NULL before calling free functions. This gets:
              ERR_STATE_free
              ENGINE_free
              DSO_free
              CMAC_CTX_free
              COMP_CTX_free
              CONF_free
              NCONF_free NCONF_free_data _CONF_free_data
              A sk_free use within OBJ_sigid_free
              TS_TST_INFO_free (rest of TS_ API was okay)
              Doc update for UI_free (all uses were fine)
              X509V3_conf_free
              X509V3_section_free
              X509V3_string_free
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      efa7dd64
    • R
      free null cleanup finale · b548a1f1
      Rich Salz 提交于
      Don't check for NULL before calling OPENSSL_free
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      b548a1f1