Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
10 个月 前同步成功

通知 8
Star 18
Fork 1
T
Third Party Openssl

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

切换分支/标签
  1. 17 8月, 2016 1 次提交
  3. 16 8月, 2016 1 次提交
  5. 15 8月, 2016 1 次提交
  7. 13 8月, 2016 1 次提交
  9. 06 8月, 2016 1 次提交
  11. 05 8月, 2016 2 次提交
  13. 19 7月, 2016 2 次提交
  15. 15 7月, 2016 1 次提交
  17. 04 6月, 2016 1 次提交
  19. 24 5月, 2016 1 次提交
  21. 20 5月, 2016 1 次提交
    • M
      Simplify SSL BIO buffering logic · 46417569
      Matt Caswell 提交于 
      The write BIO for handshake messages is bufferred so that we only write
out to the network when we have a complete flight. There was some
complexity in the buffering logic so that we switched buffering on and
off at various points through out the handshake. The only real reason to
do this was historically it complicated the state machine when you wanted
to flush because you had to traverse through the "flush" state (in order
to cope with NBIO). Where we knew up front that there was only going to
be one message in the flight we switched off buffering to avoid that.

In the new state machine there is no longer a need for a flush state so
it is simpler just to have buffering on for the whole handshake. This
also gives us the added benefit that we can simply call flush after every
flight even if it only has one message in it. This means that BIO authors
can implement their own buffering strategies and not have to be aware of
the state of the SSL object (previously they would have to switch off
their own buffering during the handshake because they could not rely on
a flush being received when they really needed to write data out). This
last point addresses GitHub Issue #322.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
      46417569
  23. 18 5月, 2016 1 次提交
  25. 17 5月, 2016 2 次提交
  27. 16 5月, 2016 1 次提交
  29. 10 5月, 2016 2 次提交
  31. 13 4月, 2016 3 次提交
  33. 11 4月, 2016 1 次提交
  35. 08 4月, 2016 2 次提交
    • R
      Add SSL_DANE typedef for consistency. · b9aec69a
      Rich Salz 提交于 
      Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
      b9aec69a
    • V
      Suppress CT callback as appropriate · 43341433
      Viktor Dukhovni 提交于 
      Suppress CT callbacks with aNULL or PSK ciphersuites that involve
no certificates.  Ditto when the certificate chain is validated via
DANE-TA(2) or DANE-EE(3) TLSA records.  Also skip SCT processing
when the chain is fails verification.

Move and consolidate CT callbacks from libcrypto to libssl.  We
also simplify the interface to SSL_{,CTX_}_enable_ct() which can
specify either a permissive mode that just collects information or
a strict mode that requires at least one valid SCT or else asks to
abort the connection.

Simplified SCT processing and options in s_client(1) which now has
just a simple pair of "-noct" vs. "-ct" options, the latter enables
the permissive callback so that we can complete the handshake and
report all relevant information.  When printing SCTs, print the
validation status if set and not valid.
Signed-off-by: NRob Percival <robpercival@google.com>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
      43341433
  37. 28 3月, 2016 1 次提交
  39. 23 3月, 2016 1 次提交
  41. 21 3月, 2016 1 次提交
  43. 17 3月, 2016 1 次提交
  45. 10 3月, 2016 6 次提交
  47. 09 3月, 2016 1 次提交
  49. 08 3月, 2016 4 次提交
    • T
      GH787: Fix ALPN · 817cd0d5
      Todd Short 提交于 
      * Perform ALPN after the SNI callback; the SSL_CTX may change due to
  that processing
* Add flags to indicate that we actually sent ALPN, to properly error
  out if unexpectedly received.
* clean up ssl3_free() no need to explicitly clear when doing memset
* document ALPN functions
Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
      817cd0d5
    • M
      Add an ability to set the SSL read buffer size · dad78fb1
      Matt Caswell 提交于 
      This capability is required for read pipelining. We will only read in as
many records as will fit in the read buffer (and the network can provide
in one go). The bigger the buffer the more records we can process in
parallel.
Reviewed-by: NTim Hudson <tjh@openssl.org>
      dad78fb1
    • M
      Implement write pipeline support in libssl · d102d9df
      Matt Caswell 提交于 
      Use the new pipeline cipher capability to encrypt multiple records being
written out all in one go. Two new SSL/SSL_CTX parameters can be used to
control how this works: max_pipelines and split_send_fragment.

max_pipelines defines the maximum number of pipelines that can ever be used
in one go for a single connection. It must always be less than or equal to
SSL_MAX_PIPELINES (currently defined to be 32). By default only one
pipeline will be used (i.e. normal non-parallel operation).

split_send_fragment defines how data is split up into pipelines. The number
of pipelines used will be determined by the amount of data provided to the
SSL_write call divided by split_send_fragment. For example if
split_send_fragment is set to 2000 and max_pipelines is 4 then:
SSL_write called with 0-2000 bytes == 1 pipeline used
SSL_write called with 2001-4000 bytes == 2 pipelines used
SSL_write called with 4001-6000 bytes == 3 pipelines used
SSL_write_called with 6001+ bytes == 4 pipelines used

split_send_fragment must always be less than or equal to max_send_fragment.
By default it is set to be equal to max_send_fragment. This will mean that
the same number of records will always be created as would have been
created in the non-parallel case, although the data will be apportioned
differently. In the parallel case data will be spread equally between the
pipelines.
Reviewed-by: NTim Hudson <tjh@openssl.org>
      d102d9df
    • R
      Lowercase name of SSL_validate_ct as it is an internal function · 4d482ee2
      Rob Percival 提交于 
      Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
      4d482ee2