1. 20 5月, 2014 7 次提交
    • J
      Fix a wrong parameter count ERR_add_error_data · ff626ba5
      Janpopan 提交于
      ff626ba5
    • B
      Merge branch 'mbland-heartbeat-test' · 814972e1
      Ben Laurie 提交于
      814972e1
    • B
      Fixup for ancient compilers. · 2ec52dc3
      Ben Laurie 提交于
      2ec52dc3
    • M
      Zero-initialize heartbeat test write buffer · 39dd6f45
      Mike Bland 提交于
      The previous calls to memset() were added to tear_down() when I noticed the
      test spuriously failing in opt mode, with different results each time. This
      appeared to be because the allocator zeros out memory in debug mode, but not
      in opt mode. Since the heartbeat functions silently drop the request on error
      without modifying the contents of the write buffer, whatever random contents
      were in memory before being reallocated to the write buffer used in the test
      would cause nondeterministic test failures in the Heartbleed regression cases.
      Adding these calls allowed the test to pass in both debug and opt modes.
      
      Ben Laurie notified me offline that the test was aborting in
      debug-ben-debug-64-clang mode, configured with GitConfigure and built with
      GitMake. Looking into this, I realized the first memset() call was zeroing out
      a reference count used by SSL_free() that was checked in
      debug-ben-debug-64-clang mode but not in the normal debug mode.
      
      Removing the memset() calls from tear_down() and adding a memset() for the
      write buffer in set_up() addresses the issue and allows the test to
      successfully execute in debug, opt, and debug-ben-debug-64-clang modes.
      39dd6f45
    • M
      More through error checks in set_up · f5ad068b
      Mike Bland 提交于
      Checks the return values of ssl_init_wbio_buffer() and ssl3_setup_buffers().
      f5ad068b
    • B
      Make it build/run. · f41231d6
      Ben Laurie 提交于
      f41231d6
    • M
      Unit/regression test for TLS heartbeats. · 6af080ac
      Mike Bland 提交于
      Regression test against CVE-2014-0160 (Heartbleed).
      
      More info: http://mike-bland.com/tags/heartbleed.html
      6af080ac
  2. 19 5月, 2014 1 次提交
  3. 16 5月, 2014 1 次提交
  4. 15 5月, 2014 4 次提交
  5. 13 5月, 2014 5 次提交
  6. 12 5月, 2014 6 次提交
  7. 11 5月, 2014 2 次提交
  8. 10 5月, 2014 1 次提交
  9. 09 5月, 2014 4 次提交
    • D
      Return an error if no recipient type matches. · 0bcb17a7
      Dr. Stephen Henson 提交于
      If the key type does not match any CMS recipient type return
      an error instead of using a random key (MMA mitigation). This
      does not leak any useful information to an attacker.
      
      PR#3348
      0bcb17a7
    • G
      s_client/s_server: support unix domain sockets · a9351320
      Geoff Thorpe 提交于
      The "-unix <path>" argument allows s_server and s_client to use a unix
      domain socket in the filesystem instead of IPv4 ("-connect", "-port",
      "-accept", etc). If s_server exits gracefully, such as when "-naccept"
      is used and the requested number of SSL/TLS connections have occurred,
      then the domain socket file is removed. On ctrl-C, it is likely that
      the stale socket file will be left over, such that s_server would
      normally fail to restart with the same arguments. For this reason,
      s_server also supports an "-unlink" option, which will clean up any
      stale socket file before starting.
      
      If you have any reason to want encrypted IPC within an O/S instance,
      this concept might come in handy. Otherwise it just demonstrates that
      there is nothing about SSL/TLS that limits it to TCP/IP in any way.
      
      (There might also be benchmarking and profiling use in this path, as
      unix domain sockets are much lower overhead than connecting over local
      IP addresses).
      Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
      a9351320
    • T
      coverity 966576 - close socket in error path · b6e69d28
      Tim Hudson 提交于
      b6e69d28
    • T
      PR#3342 fix resource leak coverity issue 966577 · 8e94fadd
      Tim Hudson 提交于
      8e94fadd
  10. 08 5月, 2014 2 次提交
  11. 07 5月, 2014 2 次提交
    • G
      evp: prevent underflow in base64 decoding · fce38211
      Geoff Thorpe 提交于
      This patch resolves RT ticket #2608.
      
      Thanks to Robert Dugal for originally spotting this, and to David
      Ramos for noticing that the ball had been dropped.
      Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
      fce38211
    • G
      bignum: allow concurrent BN_MONT_CTX_set_locked() · 12e9f627
      Geoff Thorpe 提交于
      The lazy-initialisation of BN_MONT_CTX was serialising all threads, as
      noted by Daniel Sands and co at Sandia. This was to handle the case that
      2 or more threads race to lazy-init the same context, but stunted all
      scalability in the case where 2 or more threads are doing unrelated
      things! We favour the latter case by punishing the former. The init work
      gets done by each thread that finds the context to be uninitialised, and
      we then lock the "set" logic after that work is done - the winning
      thread's work gets used, the losing threads throw away what they've done.
      Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
      12e9f627
  12. 06 5月, 2014 3 次提交
  13. 05 5月, 2014 1 次提交
  14. 04 5月, 2014 1 次提交