- 03 12月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Remove sign/verify and required_pkey_type fields of EVP_MD: these are a legacy from when digests were linked to public key types. All signing is now handled by the corresponding EVP_PKEY_METHOD. Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms already block unsupported types. Remove now obsolete EVP_dss1() and EVP_ecdsa(). Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 02 12月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Add CRYPTO_free_ex_index (for shared libraries) Unify and complete the documentation for all "ex_data" API's and objects. Replace xxx_get_ex_new_index functions with a macro. Added an exdata test. Renamed the ex_data internal datatypes. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 30 11月, 2015 4 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dr. Stephen Henson 提交于
Don't hard code EVP_sha* etc for signature algorithms: use table indices instead. Add SHA224 and SHA512 to tables. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 28 11月, 2015 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Change handshake hash array into a single digest context simplifying the handhake hash code. Use EVP_md5_sha1() if needed for handshake hashes in TLS 1.1 and earlier. Simplify PRF code to also use a single digest and treat EVP_md5_sha1() as a special case. Modify algorithm2 field of ciphers to use a single index value for handshake hash and PRF instead of a bitmap. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
Various updates following feedback from the recent commit of the new GOST2012 code. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 26 11月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 25 11月, 2015 6 次提交
-
-
由 Pascal Cuoq 提交于
If somewhere in SSL_new() there is a memory allocation failure, ssl3_free() can get called with s->s3 still being NULL. Patch also provided by Willy Tarreau <wtarreau@haproxy.com> Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NViktor Dukhovni <openssl-users@dukhovni.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 24 11月, 2015 2 次提交
-
-
由 Rich Salz 提交于
And a scalar !x --> x==0 test Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Dmitry Belyavsky 提交于
This patch contains the necessary changes to provide GOST 2012 ciphersuites in TLS. It requires the use of an external GOST 2012 engine. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 21 11月, 2015 9 次提交
-
-
由 Viktor Dukhovni 提交于
Though the callers check the function return value and ignore the size_t output argument on failure, it is still often not ideal to store (-1) in size_t on error. That might signal an unduly large buffer. Instead set the size_t to 0, to indicate no space. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Make it clear that this function is ssl specific. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Tidy up the libssl async calls and make sure all IO functions are covered. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
0 is a valid file descriptor so SSL_get_async_wait_fd should instead return -1 on error. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The ASYNC_in_job() function is redundant. The same effect can be achieved by using ASYNC_get_current_job(). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Initial API implemented for notifying applications that an ASYNC_JOB has completed. Currently only s_server is using this. The Dummy Async engine "cheats" in that it notifies that it has completed *before* it pauses the job. A normal async engine would not do that. Only the posix version of this has been implemented so far, so it will probably fail to compile on Windows at the moment. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Removed the function ASYNC_job_is_waiting() as it was redundant. The only time user code has a handle on a job is when one is waiting, so all they need to do is check whether the job is NULL. Also did some cleanups to make sure the job really is NULL after it has been freed! Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The following entry points have been made async aware: SSL_accept SSL_read SSL_write Also added is a new mode - SSL_MODE_ASYNC. Calling the above functions with the async mode enabled will initiate a new async job. If an async pause is encountered whilst executing the job (such as for example if using SHA1/RSA with the Dummy Async engine), then the above functions return with SSL_WANT_ASYNC. Calling the functions again (with exactly the same args as per non-blocking IO), will resume the job where it left off. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The al variable could be uninitialised in an error path. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 20 11月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
There are lots of calls to EVP functions from within libssl There were various places where we should probably check the return value but don't. This adds these checks. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 19 11月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
PR#4141 Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 17 11月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
A call to X509_verify_cert() is used to build a chain of certs for the server to send back to the client. It isn't *actually* used for verifying the cert at all - just building the chain. Therefore the return value is ignored. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Matt Caswell 提交于
The |passwd| variable in the code can be NULL if it goes to the err label. Therefore we cannot call strlen on it without first checking that it is non NULL. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 14 11月, 2015 4 次提交
-
-
由 Dr. Stephen Henson 提交于
This adds a TLSv1.0 cipher alias for ciphersuites requiring at least TLSv1.0: currently only PSK ciphersuites using SHA256 or SHA384 MAC (SSLv3 only supports SHA1 and MD5 MAC). Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
This disables some ciphersuites which aren't supported in SSL v3: specifically PSK ciphersuites which use SHA256 or SHA384 for the MAC. Thanks to the Open Crypto Audit Project for identifying this issue. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 11 11月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
The new function SSL_use_certificate_chain_file was always crashing in the internal function use_certificate_chain_file because it would pass a NULL value for SSL_CTX *, but use_certificate_chain_file would unconditionally try to dereference it. Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 10 11月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
The function tls1_get_curvelist() has an explicit check to see if s->cert is NULL or not. However the check appears *after* calling the tls1_suiteb macro which derefs s->cert. In reality s->cert can never be NULL because it is created in SSL_new(). If the malloc fails then the SSL_new call fails and no SSL object is created. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
if we have a malloc |x = OPENSSL_malloc(...)| sometimes we check |x| for NULL and sometimes we treat it as a boolean |if(!x) ...|. Standardise the approach in libssl. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 09 11月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
The SSL object was being deref'd and then there was a later redundant check to see if it is NULL. We assume all SSL_foo functions pass a non NULL SSL object and do not check it. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 08 11月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-