- 17 5月, 2016 23 次提交
-
-
由 Matt Caswell 提交于
When RSA went opaque a bug was introduced into the dasync engine where the wrong function was being set for the rsa_priv_dec operation. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Matt Caswell 提交于
The function ssl3_get_record() can obtain multiple records in one go as long as we are set up for pipelining and all the records are app data records. The logic in the while loop which reads in each record is supposed to only continue looping if the last record we read was app data and we have an app data record waiting in the buffer to be processed. It was actually checking that the first record had app data and we have an app data record waiting. This actually amounts to the same thing so wasn't wrong - but it looks a bit odd because it uses the |rr| array without an offset. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Matt Caswell 提交于
Pipelining introduced the concept of multiple records being read in one go. Therefore we work with an array of SSL3_RECORD objects. The pipelining change erroneously made a change in ssl3_get_record() to apply the current record offset to the SSL3_BUFFER we are using for reading. This is wrong - there is only ever one read buffer. This reverts that change. In practice this should make little difference because the code block in question is only ever used when we are processing a single record. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Kurt Cancemi 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
Fix various references to s3_clnt.c and s3_srvr.c which don't exist any more. GitHub Issue #765 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
An if checks the value of |type| to see if it is V_ASN1_VISIBLESTRING twice. We only need to do it once. GitHub Issue #656 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
SSL_get_async_wait_fd() was replaced by SSL_get_all_async_fds() and SSL_get_changed_async_fds(). Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Due to short-circuiting we only need to check "cipher" for NULL once. PR#699 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Steffan Karger 提交于
CLA: none; trivial Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1070
-
由 Kurt Roeckx 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> MR: #2153
-
由 TJ Saunders 提交于
This involves providing more session ticket key data, for both the cipher and the digest Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org> GH: #515, MR: #2153
-
由 TJ Saunders 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org> GH: #515, MR: #2153
-
由 Dr. Stephen Henson 提交于
RT#4215 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
The given sizes to not include the final NUL character. RT#2622 Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
Workaround an apparent IO:Socket::IP bug where a seemingly valid server socket is being returned even though a valid connection does not exist. This causes the tests to intermittently hang. We additionally check that the peerport looks ok to verify that the returned socket looks usable. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
Document thread-safe lock creation Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
RT#2534 Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
RT#2558 Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
RT#2616 Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 16 5月, 2016 10 次提交
-
-
由 Cristian Stoica 提交于
Some setups use links inside .git directory and make clean should not remove them to avoid breaking git meta-information. Signed-off-by: NCristian Stoica <cristian.stoica@nxp.com> CLA: none; trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1078)
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1063)
-
由 Alessandro Ghedini 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Alessandro Ghedini 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
The previous commit added SSL_CTX_set_tlsext_status_type(). This one adds some documentation for it. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 jfigus 提交于
To allow OCSP stapling to work with libcurl. Github PR #200 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Kazuki Yamaguchi 提交于
Since 50932c4a "PACKETise ServerHello processing", ssl_next_proto_validate() incorrectly allows empty protocol name. draft-agl-tls-nextprotoneg-04[1] says "Implementations MUST ensure that the empty string is not included and that no byte strings are truncated." This patch restores the old correct behavior. [1] https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04Reviewed-by: NEmilia Käsper <emilia@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 FdaSilvaYY 提交于
Add a status return value instead of void. Add some sanity checks on reference counter value. Update the docs. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
- "/Ox /O2 /Ob2" get's reduced to "/O2", the reason being: /Ox = /Ob2 /Og /Oi /Ot /Oy /Gs /O2 = /Ob2 /Og /Oi /Ot /Oy /Gs /GF /Gy - apps/openssl.cnf gets installed. - always delete files quietly, as they might not be there. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1075)
-
由 FdaSilvaYY 提交于
Fix some missing OBJ_dup failure checks. Merged from https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E! Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1057)
-
- 14 5月, 2016 4 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1042)
-
由 Alessandro Ghedini 提交于
The current limit of 2^14 bytes is too low (e.g. RFC 5246 specifies the maximum size of just the extensions field to be 2^16-1), and may cause bogus failures. RT#4063 Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/413)
-
由 Kirill Marinushkin 提交于
Currently point to wrong address Signed-off-by: NKirill Marinushkin <k.marinushkin@gmail.com> Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 13 5月, 2016 3 次提交
-
-
由 Insu Yun 提交于
check source's kdf_ukm, not destination's use != NULL, instead of implicit checking don't free internal data structure like pkey_rsa_copy() Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
In some cases, perl's glob() thinks it needs to return file names with generation numbers, such as when a file name pattern includes two periods. Constructing other file names by simple appending to file names with generation numbers isn't a good idea, so for the VMS case, just peal the generation numbers if they are there. Fortunately, this is easy, as the returned generation number delimiter will always be a semi-colon. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
If the server does not send a session ticket extension, it should not then send the NewSessionTicket message. If the server sends the session ticket extension, it MUST then send the NewSessionTicket message. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-