Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
1 年多 前同步成功

通知 10
Star 18
Fork 1
T
Third Party Openssl
切换分支/标签
  1. 01 8月, 2016 20 次提交
  3. 31 7月, 2016 7 次提交
  5. 30 7月, 2016 5 次提交
  7. 29 7月, 2016 8 次提交
    • M
      Update the SSL_set_bio()/SSL_set0_rbio()/SSL_set0_wbio() docs · e040a42e
      Matt Caswell 提交于 
      Update the documentation for the newly renamed and modified SSL_set0_rbio()
and SSL_set0_wbio() functions. State that they should be preferred over
SSL_set_bio(). Attempt to document the ownership rules for SSL_set_bio().
Reviewed-by: NRich Salz <rsalz@openssl.org>
      e040a42e
    • M
      Simplify and rename SSL_set_rbio() and SSL_set_wbio() · 65e2d672
      Matt Caswell 提交于 
      SSL_set_rbio() and SSL_set_wbio() are new functions in 1.1.0 and really
should be called SSL_set0_rbio() and SSL_set0_wbio(). The old
implementation was not consistent with what "set0" means though as there
were special cases around what happens if the rbio and wbio are the same.
We were only ever taking one reference on the BIO, and checking everywhere
whether the rbio and wbio are the same so as not to double free.

A better approach is to rename the functions to SSL_set0_rbio() and
SSL_set0_wbio(). If an existing BIO is present it is *always* freed
regardless of whether the rbio and wbio are the same or not. It is
therefore the callers responsibility to ensure that a reference is taken
for *each* usage, i.e. one for the rbio and one for the wbio.

The legacy function SSL_set_bio() takes both the rbio and wbio in one go
and sets them both. We can wrap up the old behaviour in the implementation
of that function, i.e. previously if the rbio and wbio are the same in the
call to this function then the caller only needed to ensure one reference
was passed. This behaviour is retained by internally upping the ref count.

This commit was inspired by BoringSSL commit f715c423224.

RT#4572
Reviewed-by: NRich Salz <rsalz@openssl.org>
      65e2d672
    • M
      Add some SSL BIO tests · 9a716987
      Matt Caswell 提交于 
      This adds some simple SSL BIO tests that check for pushing and popping of
BIOs into the chain. These tests would have caught the bugs fixed in the
previous three commits, if combined with a crypto-mdebug build.
Reviewed-by: NRich Salz <rsalz@openssl.org>
      9a716987
    • M
      Fix BIO_pop for SSL BIOs · b46fe860
      Matt Caswell 提交于 
      The BIO_pop implementation assumes that the rbio still equals the next BIO
in the chain. While this would normally be the case, it is possible that it
could have been changed directly by the application. It also does not
properly cater for the scenario where the buffering BIO is still in place
for the write BIO.

Most of the existing BIO_pop code for SSL BIOs can be replaced by a single
call to SSL_set_bio(). This is equivalent to the existing code but
additionally handles the scenario where the rbio has been changed or the
buffering BIO is still in place.
Reviewed-by: NRich Salz <rsalz@openssl.org>
      b46fe860
    • M
      Fix BIO_push ref counting for SSL BIO · eddef305
      Matt Caswell 提交于 
      When pushing a BIO onto an SSL BIO we set the rbio and wbio for the SSL
object to be the BIO that has been pushed. Therefore we need to up the ref
count for that BIO. The existing code was uping the ref count on the wrong
BIO.
Reviewed-by: NRich Salz <rsalz@openssl.org>
      eddef305
    • M
      Don't double free the write bio · 8e3854ac
      Matt Caswell 提交于 
      When setting the read bio we free up any old existing one. However this can
lead to a double free if the existing one is the same as the write bio.
Reviewed-by: NRich Salz <rsalz@openssl.org>
      8e3854ac
    • M
      Add a test for SSL_set_bio() · 7fb4c820
      Matt Caswell 提交于 
      The SSL_set_bio() function has some complicated ownership rules. This adds a
test to make sure it all works as expected.
Reviewed-by: NRich Salz <rsalz@openssl.org>
      7fb4c820
    • M
      Make the checks for an SSLv2 style record stricter · 0647719d
      Matt Caswell 提交于 
      SSLv2 is no longer supported in 1.1.0, however we *do* still accept an SSLv2
style ClientHello, as long as we then subsequently negotiate a protocol
version >= SSLv3. The record format for SSLv2 style ClientHellos is quite
different to SSLv3+. We only accept this format in the first record of an
initial ClientHello. Previously we checked this by confirming
s->first_packet is set and s->server is true. However, this really only
tells us that we are dealing with an initial ClientHello, not that it is
the first record (s->first_packet is badly named...it really means this is
the first message). To check this is the first record of the initial
ClientHello we should also check that we've not received any data yet
(s->init_num == 0), and that we've not had any empty records.

GitHub Issue #1298
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
      0647719d