- 20 5月, 2014 6 次提交
-
-
由 Ben Laurie 提交于
-
由 Ben Laurie 提交于
-
由 Mike Bland 提交于
The previous calls to memset() were added to tear_down() when I noticed the test spuriously failing in opt mode, with different results each time. This appeared to be because the allocator zeros out memory in debug mode, but not in opt mode. Since the heartbeat functions silently drop the request on error without modifying the contents of the write buffer, whatever random contents were in memory before being reallocated to the write buffer used in the test would cause nondeterministic test failures in the Heartbleed regression cases. Adding these calls allowed the test to pass in both debug and opt modes. Ben Laurie notified me offline that the test was aborting in debug-ben-debug-64-clang mode, configured with GitConfigure and built with GitMake. Looking into this, I realized the first memset() call was zeroing out a reference count used by SSL_free() that was checked in debug-ben-debug-64-clang mode but not in the normal debug mode. Removing the memset() calls from tear_down() and adding a memset() for the write buffer in set_up() addresses the issue and allows the test to successfully execute in debug, opt, and debug-ben-debug-64-clang modes.
-
由 Mike Bland 提交于
Checks the return values of ssl_init_wbio_buffer() and ssl3_setup_buffers().
-
由 Ben Laurie 提交于
-
由 Mike Bland 提交于
Regression test against CVE-2014-0160 (Heartbleed). More info: http://mike-bland.com/tags/heartbleed.html
-
- 19 5月, 2014 1 次提交
-
-
由 Andy Polyakov 提交于
"Teaser" means that it's initial proof-of-concept to build EVP module upon.
-
- 16 5月, 2014 1 次提交
-
-
由 Matt Caswell 提交于
Moved note about lack of support for AEAD modes out of BUGS section to SUPPORTED CIPHERS section (bug has been fixed, but still no support for AEAD)
-
- 15 5月, 2014 4 次提交
-
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit 09184dddead165901700b31eb39d540ba30f93c5)
-
由 Jeffrey Walton 提交于
-
由 Jeffrey Walton 提交于
-
由 Michal Bozon 提交于
-
- 13 5月, 2014 5 次提交
-
-
由 Mike Frysinger 提交于
various link settings. PR#3332
-
由 Kurt Roeckx 提交于
-
由 Jean-Paul Calderone 提交于
-
由 Serguei E. Leontiev 提交于
Replace manual ASN.1 decoder with ASN1_get object. This will decode the tag and length properly and check against it does not exceed the supplied buffer length. PR#3335
-
由 Dr. Stephen Henson 提交于
-
- 12 5月, 2014 6 次提交
-
-
由 Andy Polyakov 提交于
"Teaser" means that it's not integrated yet and purpose of this commit is primarily informational, to exhibit design choices, such as how to handle alignment and endianness. In other words it's proof-of-concept code that EVP module will build upon.
-
由 Matt Caswell 提交于
-
由 Kurt Roeckx 提交于
-
由 Martin Brejcha 提交于
PR: 3327
-
由 Günther Noack 提交于
PR: 3317
-
由 Viktor Dukhovni 提交于
-
- 11 5月, 2014 2 次提交
-
-
由 Matt Caswell 提交于
-
由 Tim Hudson 提交于
-
- 10 5月, 2014 1 次提交
-
-
由 Matt Caswell 提交于
-
- 09 5月, 2014 4 次提交
-
-
由 Dr. Stephen Henson 提交于
If the key type does not match any CMS recipient type return an error instead of using a random key (MMA mitigation). This does not leak any useful information to an attacker. PR#3348
-
由 Geoff Thorpe 提交于
The "-unix <path>" argument allows s_server and s_client to use a unix domain socket in the filesystem instead of IPv4 ("-connect", "-port", "-accept", etc). If s_server exits gracefully, such as when "-naccept" is used and the requested number of SSL/TLS connections have occurred, then the domain socket file is removed. On ctrl-C, it is likely that the stale socket file will be left over, such that s_server would normally fail to restart with the same arguments. For this reason, s_server also supports an "-unlink" option, which will clean up any stale socket file before starting. If you have any reason to want encrypted IPC within an O/S instance, this concept might come in handy. Otherwise it just demonstrates that there is nothing about SSL/TLS that limits it to TCP/IP in any way. (There might also be benchmarking and profiling use in this path, as unix domain sockets are much lower overhead than connecting over local IP addresses). Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
-
由 Tim Hudson 提交于
-
由 Tim Hudson 提交于
-
- 08 5月, 2014 2 次提交
-
-
由 Tim Hudson 提交于
-
由 Matt Caswell 提交于
-
- 07 5月, 2014 2 次提交
-
-
由 Geoff Thorpe 提交于
This patch resolves RT ticket #2608. Thanks to Robert Dugal for originally spotting this, and to David Ramos for noticing that the ball had been dropped. Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
-
由 Geoff Thorpe 提交于
The lazy-initialisation of BN_MONT_CTX was serialising all threads, as noted by Daniel Sands and co at Sandia. This was to handle the case that 2 or more threads race to lazy-init the same context, but stunted all scalability in the case where 2 or more threads are doing unrelated things! We favour the latter case by punishing the former. The init work gets done by each thread that finds the context to be uninitialised, and we then lock the "set" logic after that work is done - the winning thread's work gets used, the losing threads throw away what they've done. Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
-
- 06 5月, 2014 3 次提交
-
-
由 Dr. Stephen Henson 提交于
PR#3289 PR#3345
-
由 Dr. Stephen Henson 提交于
-
由 Tim Hudson 提交于
-
- 05 5月, 2014 1 次提交
-
-
由 Geoff Thorpe 提交于
Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
-
- 04 5月, 2014 2 次提交
-
-
由 Andy Polyakov 提交于
[MD5 is hardly relevant, just cleaning up repository]
-
由 Andy Polyakov 提交于
-