- 29 7月, 2016 7 次提交
-
-
由 Matt Caswell 提交于
The BIO_pop implementation assumes that the rbio still equals the next BIO in the chain. While this would normally be the case, it is possible that it could have been changed directly by the application. It also does not properly cater for the scenario where the buffering BIO is still in place for the write BIO. Most of the existing BIO_pop code for SSL BIOs can be replaced by a single call to SSL_set_bio(). This is equivalent to the existing code but additionally handles the scenario where the rbio has been changed or the buffering BIO is still in place. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
When pushing a BIO onto an SSL BIO we set the rbio and wbio for the SSL object to be the BIO that has been pushed. Therefore we need to up the ref count for that BIO. The existing code was uping the ref count on the wrong BIO. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
When setting the read bio we free up any old existing one. However this can lead to a double free if the existing one is the same as the write bio. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The SSL_set_bio() function has some complicated ownership rules. This adds a test to make sure it all works as expected. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
SSLv2 is no longer supported in 1.1.0, however we *do* still accept an SSLv2 style ClientHello, as long as we then subsequently negotiate a protocol version >= SSLv3. The record format for SSLv2 style ClientHellos is quite different to SSLv3+. We only accept this format in the first record of an initial ClientHello. Previously we checked this by confirming s->first_packet is set and s->server is true. However, this really only tells us that we are dealing with an initial ClientHello, not that it is the first record (s->first_packet is badly named...it really means this is the first message). To check this is the first record of the initial ClientHello we should also check that we've not received any data yet (s->init_num == 0), and that we've not had any empty records. GitHub Issue #1298 Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Rich Salz 提交于
Cannot nest B<> tags Document "openssl speed" command. Fix doc nits: missing NAME/SYNOPSIS stuff Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Emilia Kasper 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 27 7月, 2016 5 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 David Benjamin 提交于
8605abf1 fixed the nval leak, but it used free instead of pop_free. nval owns its contents, so it should be freed with pop_free. See the pop_free call a few lines down. This is a no-op as, in this codepath, we must have nval == NULL or sk_CONF_VALUE_num(nval) == 0. In those cases, free and pop_free are identical. However, variables should be freed consistently. Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1351)
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1324
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> GH: #1345
-
由 Jon Loeliger 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 26 7月, 2016 8 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Instead of X509_LU_FAIL, X509_LU_RETRY use 0/1 for return values. RT#4577 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
X509_LU_RETRY and X509_LU_FAIL are not X509_OBJECT types so don't include them in the enum. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Remove current_method: it was intended as a means of retrying lookups bit it was never used. Now that X509_verify_cert() is a "one shot" operation it can never work as intended. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 FdaSilvaYY 提交于
Simplify BIO init using OPENSSL_zalloc(). Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1261)
-
由 russor 提交于
Some versions of the Microsoft TLS stack have problems when the DHE public key is encoded with fewer bytes than the DHE prime. There's some public acknowledgement of the bug at these links: https://connect.microsoft.com/IE/feedback/details/1253526/tls-serverkeyexchange-with-1024-dhe-may-encode-dh-y-as-127-bytes-breaking-internet-explorer-11 https://connect.microsoft.com/IE/feedback/details/1104905/wininet-calculation-of-mac-in-tls-handshake-intermittently-fails-for-dhe-rsa-key-exchange This encoding issue also causes the same errors with 2048-bit DHE, if the public key is encoded in fewer than 256 bytes and includes the TLS stack on Windows Phone 8.x. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1320)
-
- 25 7月, 2016 20 次提交
-
-
由 Richard Levitte 提交于
This adds the functions X509_set_proxy_pathlen(), which sets the internal pc path length cache for a given X509 structure, along with X509_get_proxy_pathlen(), which retrieves it. Along with the previously added X509_set_proxy_flag(), this provides the tools needed to manipulate all the information cached on proxy certificates, allowing external code to do what's necessary to have them verified correctly by the libcrypto code. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Since there are a number of function pointers in X509_STORE that might lead to user code, it makes sense for them to be able to lock the store while they do their work. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
We only add setters for X509_STORE function pointers except for the verify callback function. The thought is that the function pointers in X509_STORE_CTX are a cache for the X509_STORE functions. Therefore, it's preferable if the user makes the changes in X509_STORE before X509_STORE_CTX_init is called, and otherwise use the verify callback to override any results from OpenSSL's internal calculations. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Steffen Nurpmeso 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Signed-off-by: NRich Salz <rsalz@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1301)
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1301)
-
由 FdaSilvaYY 提交于
Break two long messages. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1301)
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1301)
-
由 FdaSilvaYY 提交于
Old inactive inherited code, a code relic for sure. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1301)
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1301)
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
-
由 FdaSilvaYY 提交于
X509_REVOKED_get0_extensions X509_check_private_key Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
-
由 FdaSilvaYY 提交于
- X509_NAME_entry_count, X509_ATTRIBUTE_count - X509_NAME_add_entry_by_OBJ, X509_NAME_ENTRY_create_by_OBJ, X509_NAME_ENTRY_set_object Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
-
由 FdaSilvaYY 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
-