1. 15 5月, 2014 1 次提交
  2. 13 5月, 2014 5 次提交
  3. 12 5月, 2014 6 次提交
  4. 11 5月, 2014 2 次提交
  5. 10 5月, 2014 1 次提交
  6. 09 5月, 2014 4 次提交
    • D
      Return an error if no recipient type matches. · 0bcb17a7
      Dr. Stephen Henson 提交于
      If the key type does not match any CMS recipient type return
      an error instead of using a random key (MMA mitigation). This
      does not leak any useful information to an attacker.
      
      PR#3348
      0bcb17a7
    • G
      s_client/s_server: support unix domain sockets · a9351320
      Geoff Thorpe 提交于
      The "-unix <path>" argument allows s_server and s_client to use a unix
      domain socket in the filesystem instead of IPv4 ("-connect", "-port",
      "-accept", etc). If s_server exits gracefully, such as when "-naccept"
      is used and the requested number of SSL/TLS connections have occurred,
      then the domain socket file is removed. On ctrl-C, it is likely that
      the stale socket file will be left over, such that s_server would
      normally fail to restart with the same arguments. For this reason,
      s_server also supports an "-unlink" option, which will clean up any
      stale socket file before starting.
      
      If you have any reason to want encrypted IPC within an O/S instance,
      this concept might come in handy. Otherwise it just demonstrates that
      there is nothing about SSL/TLS that limits it to TCP/IP in any way.
      
      (There might also be benchmarking and profiling use in this path, as
      unix domain sockets are much lower overhead than connecting over local
      IP addresses).
      Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
      a9351320
    • T
      coverity 966576 - close socket in error path · b6e69d28
      Tim Hudson 提交于
      b6e69d28
    • T
      PR#3342 fix resource leak coverity issue 966577 · 8e94fadd
      Tim Hudson 提交于
      8e94fadd
  7. 08 5月, 2014 2 次提交
  8. 07 5月, 2014 2 次提交
    • G
      evp: prevent underflow in base64 decoding · fce38211
      Geoff Thorpe 提交于
      This patch resolves RT ticket #2608.
      
      Thanks to Robert Dugal for originally spotting this, and to David
      Ramos for noticing that the ball had been dropped.
      Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
      fce38211
    • G
      bignum: allow concurrent BN_MONT_CTX_set_locked() · 12e9f627
      Geoff Thorpe 提交于
      The lazy-initialisation of BN_MONT_CTX was serialising all threads, as
      noted by Daniel Sands and co at Sandia. This was to handle the case that
      2 or more threads race to lazy-init the same context, but stunted all
      scalability in the case where 2 or more threads are doing unrelated
      things! We favour the latter case by punishing the former. The init work
      gets done by each thread that finds the context to be uninitialised, and
      we then lock the "set" logic after that work is done - the winning
      thread's work gets used, the losing threads throw away what they've done.
      Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
      12e9f627
  9. 06 5月, 2014 3 次提交
  10. 05 5月, 2014 1 次提交
  11. 04 5月, 2014 6 次提交
  12. 02 5月, 2014 1 次提交
  13. 01 5月, 2014 2 次提交
  14. 30 4月, 2014 2 次提交
    • G
      bignum: fix boundary condition in montgomery logic · a5292618
      Geoff Thorpe 提交于
      It's not clear whether this inconsistency could lead to an actual
      computation error, but it involved a BIGNUM being passed around the
      montgomery logic in an inconsistent state. This was found using flags
      -DBN_DEBUG -DBN_DEBUG_RAND, and working backwards from this assertion
      in 'ectest';
      
      ectest: bn_mul.c:960: BN_mul: Assertion `(_bnum2->top == 0) ||
      (_bnum2->d[_bnum2->top - 1] != 0)' failed
      Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
      a5292618
    • B
      More warnings. · 9cabf6bb
      Ben Laurie 提交于
      9cabf6bb
  15. 28 4月, 2014 1 次提交
  16. 27 4月, 2014 1 次提交