- 22 4月, 2015 5 次提交
-
-
由 Dr. Stephen Henson 提交于
Add tables to convert between SSL_CIPHER fields and indices for ciphers and MACs. Reorganise ssl_ciph.c to use tables to lookup values and load them. New functions SSL_CIPHER_get_cipher_nid and SSL_CIPHER_get_digest_nid. Add documentation. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Set config to /dev/null when doing make rehash. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Make only errors go to stderr. Print count and size before the loop, so you can see it's an 838K message that will take a few moments. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
The files removed are the ones that were symbolic links before, but aren't now, so we should not remove them any more. Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Emilia Kasper 提交于
EAP-FAST session resumption relies on handshake message lookahead to determine server intentions. Commits 980bc1ec and 7b3ba508 removed the lookahead so broke session resumption. This change partially reverts the commits and brings the lookahead back in reduced capacity for TLS + EAP-FAST only. Since EAP-FAST does not support regular session tickets, the lookahead now only checks for a Finished message. Regular handshakes are unaffected by this change. Reviewed-by: NDavid Benjamin <davidben@chromium.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 21 4月, 2015 4 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 20 4月, 2015 12 次提交
-
-
由 Andy Polyakov 提交于
This addresses - request for improvement for faster key setup in RT#3576; - clearing registers and stack in RT#3554 (this is more of a gesture to see if there will be some traction from compiler side); - more commentary around input parameters handling and stack layout (desired when RT#3553 was reviewed); - minor size and single block performance optimization (was lying around); Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 18 4月, 2015 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as negative. Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and Hanno Böck <hanno@hboeck.de> for reporting this issue. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Emilia Kasper 提交于
A 0-length ciphers list is never permitted. The old code only used to reject an empty ciphers list for connections with a session ID. It would later error out on a NULL structure, so this change just moves the alert closer to the problem source. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Emilia Kasper 提交于
The disabled set of -Weverything is hard to maintain across versions. Use -Wall -Wextra but also document other useful warnings that currently trigger. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 17 4月, 2015 2 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 16 4月, 2015 3 次提交
-
-
由 Emilia Kasper 提交于
ssl_cert_inst was removed in 2c382349Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reported by Hanno Böck <hanno@hboeck.de> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reported by Hanno Böck <hanno@hboeck.de> PR#3800 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 15 4月, 2015 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Emilia Kasper 提交于
newsig may be used (freed) uninitialized on a malloc error. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 14 4月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
If OpenSSL is configured with no-tlsext then ssl_get_prev_session can read past the end of the ClientHello message if the session_id length in the ClientHello is invalid. This should not cause any security issues since the underlying buffer is 16k in size. It should never be possible to overrun by that many bytes. This is probably made redundant by the previous commit - but you can never be too careful. With thanks to Qinghao Tang for reporting this issue. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The ClientHello processing is insufficiently rigorous in its checks to make sure that we don't read past the end of the message. This does not have security implications due to the size of the underlying buffer - but still needs to be fixed. With thanks to Qinghao Tang for reporting this issue. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 12 4月, 2015 4 次提交
-
-
由 Rich Salz 提交于
Ongoing work to skip NULL check before calling free routine. This gets: ecp_nistz256_pre_comp_free nistp224_pre_comp_free nistp256_pre_comp_free nistp521_pre_comp_free PKCS7_free PKCS7_RECIP_INFO_free PKCS7_SIGNER_INFO_free sk_PKCS7_pop_free PKCS8_PRIV_KEY_INFO_free PKCS12_free PKCS12_SAFEBAG_free PKCS12_free sk_PKCS12_SAFEBAG_pop_free SSL_CONF_CTX_free SSL_CTX_free SSL_SESSION_free SSL_free ssl_cert_free ssl_sess_cert_free Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Rich Salz 提交于
It should have freed them when != NULL, not when == NULL. Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NViktor Dukhovni <openssl-users@dukhovni.org>
-
由 Kurt Roeckx 提交于
It would set gen->d.dirn to a freed pointer in case X509V3_NAME_from_section failed. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Kurt Roeckx 提交于
Reviewed-by: NViktor Dukhovni <openssl-users@dukhovni.org>
-
- 11 4月, 2015 2 次提交
-
-
由 Rich Salz 提交于
Avoid checking for NULL before calling free functions. This gets ssl.*free: ssl_sess_cert_free ssl_free ssl_excert_free ssl_cert_free SSL_free SSL_SRP_CTX_free SSL_SESSION_free SSL_CTX_free SSL_CTX_SRP_CTX_free SSL_CONF_CTX_free Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Kurt Cancemi 提交于
PR#3790 Reviewed-by: NStephen Henson <steve@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-