- 28 5月, 2015 3 次提交
-
-
由 Matt Caswell 提交于
Change the new SSL_get_client_random(), SSL_get_server_random() and SSL_SESSION_get_master_key() functions to use size_t for |outlen| instead of int. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Nick Mathewson 提交于
Tor uses these values to implement a low-rent clone of RFC 5705 (which, in our defense, we came up with before RFC 5705 existed). But now that ssl_st is opaque, we need another way to get at them. Includes documentation, with suitable warnings about not actually using these functions. Signed-off-by: NNick Mathewson <nickm@torproject.org> Signed-off-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Nick Mathewson 提交于
On the server side, if you want to know which ciphers the client offered, you had to use session->ciphers. But that field is no longer visible, so we need a method to get at it. Signed-off-by: NNick Mathewson <nickm@torproject.org> Signed-off-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 23 5月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
The certificate masks are used to select which ciphersuite we are going to use. The variables |emask_k| and |emask_a| relate to export grade key exchange and authentication respecitively. The variables |mask_k| and |mask_a| are the equivalent versions for non-export grade. This fixes an instance where the two usages of export/non-export were mixed up. In practice it makes little difference since it still works! Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Given the pervasive nature of TLS extensions it is inadvisable to run OpenSSL without support for them. It also means that maintaining the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably not well tested). Therefore it is being removed. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 19 5月, 2015 4 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Move per-connection state out of the CERT structure: which should just be for shared configuration data (e.g. certificates to use). In particular move temporary premaster secret, raw ciphers, peer signature algorithms and shared signature algorithms. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 16 5月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
Miscellaneous updates following review comments on the version negotiation rewrite patches. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Matt Caswell 提交于
This commit changes the way that we do server side protocol version negotiation. Previously we had a whole set of code that had an "up front" state machine dedicated to the negotiating the protocol version. This adds significant complexity to the state machine. Historically the justification for doing this was the support of SSLv2 which works quite differently to SSLv3+. However, we have now removed support for SSLv2 so there is little reason to maintain this complexity. The one slight difficulty is that, although we no longer support SSLv2, we do still support an SSLv3+ ClientHello in an SSLv2 backward compatible ClientHello format. This is generally only used by legacy clients. This commit adds support within the SSLv3 code for these legacy format ClientHellos. Server side version negotiation now works in much the same was as DTLS, i.e. we introduce the concept of TLS_ANY_VERSION. If s->version is set to that then when a ClientHello is received it will work out the most appropriate version to respond with. Also, SSLv23_method and SSLv23_server_method have been replaced with TLS_method and TLS_server_method respectively. The old SSLv23* names still exist as macros pointing at the new name, although they are deprecated. Subsequent commits will look at client side version negotiation, as well of removal of the old s23* code. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 13 5月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Remove RFC2712 Kerberos support from libssl. This code and the associated standard is no longer considered fit-for-purpose. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 12 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Since COMP_METHOD is now defined in comp_lcl.h, it is no longer possible to create new TLS compression methods without using the OpenSSL source. Only ZLIB is supported by default. Also, since the types are opaque, #ifdef guards to use "char *" instead of the real type aren't necessary. The changes are actually minor. Adding missing copyright to some files makes the diff misleadingly big. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 11 5月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
If sk_SSL_CIPHER_new_null() returns NULL then ssl_bytes_to_cipher_list() should also return NULL. Based on an original patch by mrpre <mrpre@163.com>. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 06 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr) for memset and memcpy. Remove needless casts for those functions. For memset, replace alternative forms of zero with 0. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 05 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
For a local variable: TYPE *p; Allocations like this are "risky": p = OPENSSL_malloc(sizeof(TYPE)); if the type of p changes, and the malloc call isn't updated, you could get memory corruption. Instead do this: p = OPENSSL_malloc(sizeof(*p)); Also fixed a few memset() calls that I noticed while doing this. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 02 5月, 2015 2 次提交
-
-
由 Rich Salz 提交于
After the finale, the "real" final part. :) Do a recursive grep with "-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are an "if NULL" check that can be removed. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Rich Salz 提交于
There were a dozen-plus instances of this construct: if (0) { label: ..... } Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 01 5月, 2015 3 次提交
-
-
由 Rich Salz 提交于
Don't check for NULL before calling free functions. This gets: ERR_STATE_free ENGINE_free DSO_free CMAC_CTX_free COMP_CTX_free CONF_free NCONF_free NCONF_free_data _CONF_free_data A sk_free use within OBJ_sigid_free TS_TST_INFO_free (rest of TS_ API was okay) Doc update for UI_free (all uses were fine) X509V3_conf_free X509V3_section_free X509V3_string_free Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Don't check for NULL before calling OPENSSL_free Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Don't check for NULL before calling a free routine. This gets X509_.*free: x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free X509_STORE_free X509_STORE_CTX_free X509_PKEY_free X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 29 4月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Following ANSI C rules, remove the casts from calls to OPENSSL_malloc and OPENSSL_realloc. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 17 4月, 2015 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 12 4月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Ongoing work to skip NULL check before calling free routine. This gets: ecp_nistz256_pre_comp_free nistp224_pre_comp_free nistp256_pre_comp_free nistp521_pre_comp_free PKCS7_free PKCS7_RECIP_INFO_free PKCS7_SIGNER_INFO_free sk_PKCS7_pop_free PKCS8_PRIV_KEY_INFO_free PKCS12_free PKCS12_SAFEBAG_free PKCS12_free sk_PKCS12_SAFEBAG_pop_free SSL_CONF_CTX_free SSL_CTX_free SSL_SESSION_free SSL_free ssl_cert_free ssl_sess_cert_free Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 11 4月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Avoid checking for NULL before calling free functions. This gets ssl.*free: ssl_sess_cert_free ssl_free ssl_excert_free ssl_cert_free SSL_free SSL_SRP_CTX_free SSL_SESSION_free SSL_CTX_free SSL_CTX_SRP_CTX_free SSL_CONF_CTX_free Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 26 3月, 2015 12 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
RECORD_LAYER_write_pending. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The recent updates to libssl to enforce stricter return code checking, left a small number of instances behind where return codes were being swallowed (typically because the function they were being called from was declared as void). This commit fixes those instances to handle the return codes more appropriately. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 25 3月, 2015 2 次提交
-
-
由 Rich Salz 提交于
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free BIO_free BIO_free_all BIO_vfree Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
Ensure RAND_bytes return value is checked correctly, and that we no longer use RAND_pseudo_bytes. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 24 3月, 2015 1 次提交
-
-
由 Kurt Roeckx 提交于
Also removes for it being NULL Reviewed-by: NMatt Caswell <matt@openssl.org>
-