- 09 9月, 2015 1 次提交
-
-
由 Emilia Kasper 提交于
Use each once in s3_srvr.c to show how they work. Also fix a bug introduced in c3fc7eea and made apparent by this change: ssl3_get_next_proto wasn't updating next_proto_negotiated_len Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 07 9月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
Process the ServerKeyExchange message using the PACKET API Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Process ServerHello messages using the PACKET API Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 06 9月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 05 9月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
PR#4009. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 04 9月, 2015 1 次提交
-
-
由 Rich Salz 提交于
After openssl_zalloc, cleanup more "set to 0/NULL" assignments. Many are from github feedback. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 03 9月, 2015 2 次提交
-
-
由 Rich Salz 提交于
There are many places (nearly 50) where we malloc and then memset. Add an OPENSSL_zalloc routine to encapsulate that. (Missed one conversion; thanks Richard) Also fixes GH328 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 02 9月, 2015 1 次提交
-
-
由 Hiroyuki YAMAMORI 提交于
Fix the setup of DTLS1.2 buffers to take account of the Header Reviewed-by: NEmilia Käsper <emilia@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 01 9月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 26 8月, 2015 5 次提交
-
-
由 Matt Caswell 提交于
Use sizeof instead of an explicit size, and use the functions for the purpose. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Emilia Kasper 提交于
Rewrite ssl3_get_client_hello to use the new methods. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Emilia Kasper 提交于
If the client challenge is less than 32 bytes, it is padded with leading - not trailing - zero bytes. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Emilia Kasper 提交于
The PACKET should hold a 'const unsigned char*' underneath as well but the legacy code passes the record buffer around as 'unsigned char*' (to callbacks, too) so that's a bigger refactor. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
A DTLS client will abort a handshake if the server attempts to renew the session ticket. This is caused by a state machine discrepancy between DTLS and TLS discovered during the state machine rewrite work. The bug can be demonstrated as follows: Start a DTLS s_server instance: openssl s_server -dtls Start a client and obtain a session but no ticket: openssl s_client -dtls -sess_out session.pem -no_ticket Now start a client reusing the session, but allow a ticket: openssl s_client -dtls -sess_in session.pem The client will abort the handshake. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 15 8月, 2015 4 次提交
-
-
由 Matt Caswell 提交于
Process CertificateRequest messages using the PACKET API Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
Use the new PACKET code to process the CKE message Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
Process NewSessionTicket messages using the new PACKET API Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
Commit 9ceb2426 (PACKETise ClientHello) broke session tickets by failing to detect the session ticket extension in an incoming ClientHello. This commit fixes the bug. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 14 8月, 2015 6 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Process the Certificate Status message using the PACKET API Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
Enhance the PACKET code readability, and fix a stale comment. Thanks to Ben Kaduk (bkaduk@akamai.com) for pointing this out. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
The new ClientHello PACKET code is missing a return value check. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 13 8月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Use the PACKET API to process an incoming server Certificate message. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 12 8月, 2015 5 次提交
-
-
由 Rich Salz 提交于
This was obsolete in 2001. This is not the same as Gost94 digest. Thanks to Dmitry Belyavsky <beldmit@gmail.com> for review and advice. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
When config'd with "sctp" running "make test" causes a seg fault. This is actually due to the way ssltest works - it dives under the covers and frees up BIOs manually and so some BIOs are NULL when the SCTP code does not expect it. The simplest fix is just to add some sanity checks to make sure the BIOs aren't NULL before we use them. This problem occurs in master and 1.0.2. The fix has also been applied to 1.0.1 to keep the code in sync. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
There are some missing return value checks in the SCTP code. In master this was causing a compilation failure when config'd with "--strict-warnings sctp". Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Guy Leaver (guleaver) 提交于
If a client receives a ServerKeyExchange for an anon DH ciphersuite with the value of p set to 0 then a seg fault can occur. This commits adds a test to reject p, g and pub key parameters that have a 0 value (in accordance with RFC 5246) The security vulnerability only affects master and 1.0.2, but the fix is additionally applied to 1.0.1 for additional confidence. CVE-2015-1794 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
make errors wants things in a different order to the way things are currently defined in the header files. The easiest fix is to just let it reorder it. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 11 8月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Especially since after the #ifdef cleanups this is not useful. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 05 8月, 2015 2 次提交
-
-
由 Adam Eijdenberg 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Adam Eijdenberg 提交于
--strict-warnings started showing warnings for this today... Surely an error should be raised if these reads fail? Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 04 8月, 2015 4 次提交
-
-
由 Matt Caswell 提交于
Change NextProto message processing to use the PACKET API. Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
Modify CertificateVerify processing to use the new PACKET API. Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
Use the PACKET API for processing ClientCertificate messages Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Some of the PACKET functions were returning incorrect data. An unfortunate choice of test data in the unit test was masking the failure. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 03 8月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
The move of CCS into the state machine was causing make errors to fail. This fixes it. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
The move of CCS into the state machine introduced a bug in ssl3_read_bytes. The value of |recvd_type| was not being set if we are satisfying the request from handshake fragment storage. This can occur, for example, with renegotiation and causes the handshake to fail. Reviewed-by: NTim Hudson <tjh@openssl.org>
-