- 08 2月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Previous commit 7bb196a7 attempted to "fix" a problem with the way SSL_shutdown() behaved whilst in mid-handshake. The original behaviour had SSL_shutdown() return immediately having taken no action if called mid- handshake with a return value of 1 (meaning everything was shutdown successfully). In fact the shutdown has not been successful. Commit 7bb196a7 changed that to send a close_notify anyway and then return. This seems to be causing some problems for some applications so perhaps a better (much simpler) approach is revert to the previous behaviour (no attempt at a shutdown), but return -1 (meaning the shutdown was not successful). This also fixes a bug where SSL_shutdown always returns 0 when shutdown *very* early in the handshake (i.e. we are still using SSLv23_method). Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 07 2月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 06 2月, 2016 4 次提交
-
-
由 Matt Caswell 提交于
Adds a new function BIO_ADDR_clear to reset a BIO_ADDR back to an unitialised state, and to set the family to AF_UNSPEC. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 FdaSilvaYY 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
The DTLSv1_listen function exposed details of the underlying BIO abstraction and did not properly allow for IPv6. This commit changes the "peer" argument to be a BIO_ADDR and makes it a first class function (rather than a ctrl) to ensure proper type checking. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
Replace all magic numbers with #defined constants except in boolean functions that return 0 for failure and 1 for success. Avoid a couple memory leaks in error recovery code paths. Code style improvements. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 05 2月, 2016 5 次提交
-
-
由 Dr. Stephen Henson 提交于
Add new function EC_KEY_priv2buf() to allocated and encode private key octet in one call. Update and simplify ASN.1 and print routines. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dr. Stephen Henson 提交于
Update EC ASN.1 and print routines to use EC_KEY_oct2priv and EC_KEY_priv2oct. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dr. Stephen Henson 提交于
New functions EC_KEY_oct2priv and EC_KEY_priv2oct. These are private key equivalents of EC_POINT_oct2point and EC_POINT_point2oct which convert between the private key octet format and EC_KEY. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dmitry Sobinov 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 04 2月, 2016 11 次提交
-
-
由 Kurt Roeckx 提交于
Windows doesn't have h_error or hstrerror() Reviewed-by: NRichard Levitte <levitte@openssl.org> MR: #1848
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
And some others found in the Internet. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Added functions: BIO_socket BIO_connect BIO_listen BIO_accept_ex BIO_closesocket BIO_sock_info These get deprecated: BIO_gethostbyname BIO_get_port BIO_get_host_ip BIO_get_accept_socket BIO_accept Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Because different platforms have different levels of support for IPv6, different kinds of sockaddr variants, and some have getaddrinfo et al while others don't, we could end up with a mess if ifdefs, duplicate code and other maintainance nightmares. Instead, we're introducing wrappers around the common form for socket communication: BIO_ADDR, closely related to struct sockaddr and some of its variants. BIO_ADDRINFO, closely related to struct addrinfo. With that comes support routines, both convenient creators and accessors, plus a few utility functions: BIO_parse_hostserv, takes a string of the form host:service and splits it into host and service. It checks for * in both parts, and converts any [ipv6-address] syntax to ust the IPv6 address. BIO_lookup, looks up information on a host. All routines handle IPv4 (AF_INET) and IPv6 (AF_INET6) addresses, and there is support for local sockets (AF_UNIX) as well. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 03 2月, 2016 2 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Dr. Stephen Henson 提交于
Add new function BN_bn2binpad() which checks the length of the output buffer and pads the result with zeroes if necessary. New functions BN_bn2lebinpad() and BN_lebin2bn() which use little endian format. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 01 2月, 2016 5 次提交
-
-
由 Emilia Kasper 提交于
PACKET contents should be read-only. To achieve this, also - constify two user callbacks - constify BUF_reverse. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Viktor Dukhovni 提交于
When auxiliary data contains only reject entries, continue to trust self-signed objects just as when no auxiliary data is present. This makes it possible to reject specific uses without changing what's accepted (and thus overring the underlying EKU). Added new supported certs and doubled test count from 38 to 76. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Viktor Dukhovni 提交于
This includes basic constraints, key usages, issuer EKUs and auxiliary trust OIDs (given a trust suitably related to the intended purpose). Added tests and updated documentation. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Dr. Stephen Henson 提交于
New functions to return internal pointer for order and cofactor. This avoids the need to allocate a new BIGNUM which to copy the value to. Simplify code to use new functions. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Daniel Kahn Gillmor 提交于
Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 31 1月, 2016 5 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Rich Salz 提交于
Remove OPENSSL_IMPORT as its only purpose is to define OPENSSL_EXTERN. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
There was an unused macro in ssl_locl.h that used an internal type, so I removed it. Move bio_st from bio.h to ossl_type.h Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Rich Salz 提交于
Can't hurt and seems to prevent problems from some over-aggressive (LTO?) compilers. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
PR#4280 Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 29 1月, 2016 3 次提交
-
-
由 Viktor Dukhovni 提交于
By default X509_check_trust() trusts self-signed certificates from the trust store that have no explicit local trust/reject oids encapsulated as a "TRUSTED CERTIFICATE" object. (See the -addtrust and -trustout options of x509(1)). This commit adds a flag that makes it possible to distinguish between that implicit trust, and explicit auxiliary settings. With flags |= X509_TRUST_NO_SS_COMPAT, a certificate is only trusted via explicit trust settings. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
A new return value for DH_check_pub_key was recently added: DH_CHECK_PUBKEY_INVALID. As this is a flag which can be ORed with other return values it should have been set to the value 4 not 3. RT#4278 Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 28 1月, 2016 3 次提交
-
-
由 Matt Caswell 提交于
Historically OpenSSL only ever generated DH parameters based on "safe" primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Where an application is using DH configured with parameters based on primes that are not "safe" then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same DH exponent. A simple mitigation is to ensure that y^q (mod p) == 1 CVE-2016-0701 Issue reported by Antonio Sanso. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Also turn B<foo> into foo() in the pod page. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-