- 06 2月, 2015 1 次提交
-
-
由 Rich Salz 提交于
A few minor cleanups to remove pre-processor "#if 1" stuff. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 28 1月, 2015 1 次提交
-
-
由 Rich Salz 提交于
TLS and TLS1 are no longer optional. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 27 1月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
is ignored for DTLS. RT#3657 Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 22 1月, 2015 4 次提交
-
-
由 Matt Caswell 提交于
This should be a one off operation (subsequent invokation of the script should not move them) Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 08 1月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
separate reads performed - one for the header and one for the body of the handshake record. CVE-2014-3571 Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 31 12月, 2014 1 次提交
-
-
由 Tim Hudson 提交于
indent will not alter them when reformatting comments Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 28 11月, 2014 1 次提交
-
-
由 Matt Caswell 提交于
PR#1767 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 22 8月, 2014 1 次提交
-
-
由 Emilia Kasper 提交于
Use existing error code SSL_R_RECORD_TOO_SMALL for too many empty records. For ease of backporting the patch to release branches. Reviewed-by: NBodo Moeller <bodo@openssl.org>
-
- 09 8月, 2014 1 次提交
-
-
由 Matthieu Crapet 提交于
Use SSL3_AL_FATAL instead of the literal constant "2" Every bit of cleanup helps. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 06 7月, 2014 1 次提交
-
-
由 Andy Polyakov 提交于
-
- 05 7月, 2014 1 次提交
-
-
由 Ben Laurie 提交于
-
- 28 6月, 2014 1 次提交
-
-
由 Ken Ballou 提交于
PR#3174
-
- 23 6月, 2014 1 次提交
-
-
由 Matt Caswell 提交于
-
- 18 6月, 2014 1 次提交
-
-
- 13 6月, 2014 1 次提交
-
-
由 Matt Caswell 提交于
-
- 05 6月, 2014 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Only accept change cipher spec when it is expected instead of at any time. This prevents premature setting of session keys before the master secret is determined which an attacker could use as a MITM attack. Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue and providing the initial fix this patch is based on. (cherry picked from commit bc8923b1ec9c467755cd86f7848c50ee8812e441)
-
由 Dr. Stephen Henson 提交于
Return a fatal error if an attempt is made to use a zero length master secret. (cherry picked from commit 006cd7083f76ed5cb0d9a914857e9231ef1bc317)
-
- 12 5月, 2014 1 次提交
-
-
由 Matt Caswell 提交于
-
- 11 5月, 2014 2 次提交
-
-
由 Matt Caswell 提交于
-
由 Tim Hudson 提交于
-
- 23 4月, 2014 1 次提交
-
-
由 Ben Laurie 提交于
-
- 15 2月, 2014 1 次提交
-
-
由 Andy Polyakov 提交于
-
- 06 2月, 2014 1 次提交
-
-
由 Ben Laurie 提交于
-
- 05 2月, 2014 2 次提交
-
-
由 Andy Polyakov 提交于
This allows to process multiple fragmets of maximum fragment size, as opposite to chopping maximum-sized fragments to multiple smaller ones. This approach relies on dynamic allocation of larger buffers, which we trade for performance improvement, for several *times* in some situations.
-
由 Andy Polyakov 提交于
If application has more data than maximum fragment, hold to buffer for whole write, as opposite to per-fragment strategy.
-
- 02 1月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
When sending an invalid version number alert don't change the version number to the client version if a session is already established. Thanks to Marek Majkowski for additional analysis of this issue. PR#3191
-
- 18 12月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Partial mitigation of PR#3200 (cherry picked from commit 0294b2be5f4c11e60620c0018674ff0e17b14238)
-
- 09 10月, 2013 1 次提交
-
-
由 Andy Polyakov 提交于
-
- 08 9月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Experimental support for encrypt then mac from draft-gutmann-tls-encrypt-then-mac-02.txt To enable it set the appropriate extension number (0x10 for the test server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10 For non-compliant peers (i.e. just about everything) this should have no effect.
-
- 06 9月, 2013 1 次提交
-
-
- 14 6月, 2013 1 次提交
-
-
由 Adam Langley 提交于
in order to prevent ssl3_get_record from never returning. Reported by "oftc_must_be_destroyed" and George Kadianakis.
-
- 18 3月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Use the enc_flags field to determine whether we should use explicit IV, signature algorithms or SHA256 default PRF instead of hard coding which versions support each requirement.
-
- 27 2月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 08 2月, 2013 1 次提交
-
-
由 Andy Polyakov 提交于
Revert is appropriate because binary compatibility is not an issue in 1.1.
-
- 06 2月, 2013 3 次提交
-
-
由 Andy Polyakov 提交于
Kludge alert. This is arranged by passing padding length in unused bits of SSL3_RECORD->type, so that orig_len can be reconstructed. (cherry picked from commit 8bfd4c659f180a6ce34f21c0e62956b362067fba)
-
由 Ben Laurie 提交于
This change updates the DTLS code to match the constant-time CBC behaviour in the TLS. (cherry picked from commit 9f27de170d1b7bef3d46d41382dc4dafde8b3900)
-
由 Ben Laurie 提交于
The previous CBC patch was bugged in that there was a path through enc() in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left at the previous value which could suggest that the packet was a sufficient length when it wasn't. (cherry picked from commit 6cb19b7681f600b2f165e4adc57547b097b475fd)
-