- 01 2月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
OPENSSL_NO_SSL_INTERN into internal header files. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 30 1月, 2015 2 次提交
-
-
由 Richard Levitte 提交于
catch up with the Unix build. A number of new tests, among others test/tocsp.com Define INTERNAL in ssl/ssl-lib.com to allow for '#include "internal/foo.h"' Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Richard Levitte 提交于
Add new symbols that are longer than 31 chars to symhacks. VMS doesn't have <sys/un.h>, reflect that in e_os.h. MS_CALLBACK has been removed, ssl_task.c needs adjustment. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 29 1月, 2015 2 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
An expired IETF Internet-Draft (seven years old) that nobody implements, and probably just as good as NSA DRBG work. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 28 1月, 2015 5 次提交
-
-
由 Rich Salz 提交于
Not interested in helping the NSA in the slightest. And anyway, it was never implemented, #if'd out. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Remove all "#if 0" blocks from header files. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Rich Salz 提交于
Remove OPENSSL_NO_BUF_FREELISTS. This was turned on by default, so the work here is removing the 'maintain our own freelist' code. Also removed a minor old Windows-multibyte/widechar conversion flag. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Rich Salz 提交于
TLS and TLS1 are no longer optional. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Remove support for SHA0 and DSS0 (they were broken), and remove the ability to attempt to build without SHA (it didn't work). For simplicity, remove the option of not building various SHA algorithms; you could argue that SHA_224/256/384/512 should be kept, since they're like crypto algorithms, but I decided to go the other way. So these options are gone: GENUINE_DSA OPENSSL_NO_SHA0 OPENSSL_NO_SHA OPENSSL_NO_SHA1 OPENSSL_NO_SHA224 OPENSSL_NO_SHA256 OPENSSL_NO_SHA384 OPENSSL_NO_SHA512 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 27 1月, 2015 2 次提交
-
-
由 Rich Salz 提交于
The following compile options (#ifdef's) are removed: OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY This diff is big because of updating the indents on preprocessor lines. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
is ignored for DTLS. RT#3657 Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 24 1月, 2015 2 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Rich Salz 提交于
Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx Remove MS_STATIC; it's a relic from platforms <32 bits. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 22 1月, 2015 16 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
This should be a one off operation (subsequent invokation of the script should not move them) Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Conflicts: ssl/ssl_ciph.c ssl/ssl_locl.h Conflicts: ssl/s2_srvr.c ssl/ssl.h Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Conflicts: demos/tunala/tunala.h engines/e_padlock.c ssl/s2_clnt.c ssl/s2_lib.c ssl/s2_srvr.c ssl/s3_srvr.c Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Conflicts: crypto/dsa/dsa_asn1.c crypto/pem/pem_all.c fips/dh/dh_gen.c fips/dh/fips_dh_check.c fips/dh/fips_dh_gen.c ssl/ssl_ciph.c Conflicts: ssl/d1_clnt.c Conflicts: ssl/s2_pkt.c Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Conflicts: crypto/dsa/dsa_vrf.c crypto/ec/ec2_smpl.c crypto/ec/ecp_smpl.c Conflicts: demos/bio/saccept.c ssl/d1_clnt.c Conflicts: bugs/dggccbug.c demos/tunala/cb.c Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 15 1月, 2015 1 次提交
-
-
由 Rich Salz 提交于
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO Two typo's on #endif comments fixed: OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 13 1月, 2015 1 次提交
-
-
由 Rich Salz 提交于
This last one for this ticket. Removes WIN16. So long, MS_CALLBACK and MS_FAR. We won't miss you. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 12 1月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Add INSTALLDIRS variable, list of directories where things get installed. Change install_html_docs to use perl mkdir-p script. Add uninstall, uninstall_sw, uninstall_docs, uninstall_html_docs to Makefile.org. The actions of these targets were figured out by "inverting" the install target. Recurse into subdirs to do uninstall as needed. Added uninstall targets whose actions were similarly figured out by "inverting" the install target. Also remove some 'space before tab' complaints in Makefile.org Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 08 1月, 2015 5 次提交
-
-
由 Matt Caswell 提交于
ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a malloc failure, whilst the latter will fail if attempting to add a duplicate record to the queue. This should never happen because duplicate records should be detected and dropped before any attempt to add them to the queue. Unfortunately records that arrive that are for the next epoch are not being recorded correctly, and therefore replays are not being detected. Additionally, these "should not happen" failures that can occur in dtls1_buffer_record are not being treated as fatal and therefore an attacker could exploit this by sending repeated replay records for the next epoch, eventually causing a DoS through memory exhaustion. Thanks to Chris Mueller for reporting this issue and providing initial analysis and a patch. Further analysis and the final patch was performed by Matt Caswell from the OpenSSL development team. CVE-2015-0206 Reviewed-by: NDr Stephen Henson <steve@openssl.org>
-
由 Dr. Stephen Henson 提交于
Fix to prevent use of DH client certificates without sending certificate verify message. If we've used a client certificate to generate the premaster secret ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is never called. We can only skip the certificate verify message in ssl3_get_cert_verify if the client didn't send a certificate. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2015-0205 Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
of the crash due to p being NULL. Steve's fix prevents this situation from occuring - however this is by no means obvious by looking at the code for dtls1_get_record. This fix just makes things look a bit more sane. Reviewed-by: NDr Stephen Henson <steve@openssl.org>
-
由 Dr. Stephen Henson 提交于
separate reads performed - one for the header and one for the body of the handshake record. CVE-2014-3571 Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 07 1月, 2015 1 次提交
-
-
由 Emilia Kasper 提交于
context was also inherited (matches that of the existing SSL_CTX). Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 06 1月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-