Revision tags: OpenSSL_1_1_0 |
|
#
a230b26e |
| 05-Aug-2016 |
Emilia Kasper |
Indent ssl/ Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: Rich Salz <
Indent ssl/ Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0-pre6, OpenSSL-fips-2_0_13 |
|
#
d166ed8c |
| 18-Jun-2016 |
Dr. Stephen Henson |
check return values for EVP_Digest*() APIs Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
d356dc56 |
| 10-Jun-2016 |
Matt Caswell |
Add some missing return value checks Some misc return value checks Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
2c4a056f |
| 03-Jun-2016 |
Matt Caswell |
Handle a memory allocation failure in ssl3_init_finished_mac() The ssl3_init_finished_mac() function can fail, in which case we need to propagate the error up through the stack.
Handle a memory allocation failure in ssl3_init_finished_mac() The ssl3_init_finished_mac() function can fail, in which case we need to propagate the error up through the stack. RT#3198 Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
ea32151f |
| 26-May-2016 |
Matt Caswell |
The ssl3_digest_cached_records() function does not handle errors properly The ssl3_digest_cached_records() function was failing to handle errors that might be returned from EVP_DigestSig
The ssl3_digest_cached_records() function does not handle errors properly The ssl3_digest_cached_records() function was failing to handle errors that might be returned from EVP_DigestSignInit() and EVP_DigestSignUpdate(). RT#4180 Reviewed-by: Stephen Henson <steve@openssl.org>
show more ...
|
#
846e33c7 |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 01/10 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5, OpenSSL_1_1_0-pre4 |
|
#
8483a003 |
| 10-Mar-2016 |
FdaSilvaYY |
various spelling fixes Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/952)
|
#
e771eea6 |
| 04-Apr-2016 |
Rich Salz |
Revert "various spelling fixes" This reverts commit 620d540bd47a96fb6905fbbdd8ea5167a8841a3e. It wasn't reviewed. Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
620d540b |
| 10-Mar-2016 |
FdaSilvaYY |
various spelling fixes Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
|
Revision tags: OpenSSL_1_0_1s, OpenSSL_1_0_2g, OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12, OpenSSL_1_0_1r, OpenSSL_1_0_2f, OpenSSL_1_1_0-pre2 |
|
#
0220fee4 |
| 13-Jan-2016 |
Matt Caswell |
Lazily initialise the compression buffer With read pipelining we use multiple SSL3_RECORD structures for reading. There are SSL_MAX_PIPELINES (32) of them defined (typically not all of t
Lazily initialise the compression buffer With read pipelining we use multiple SSL3_RECORD structures for reading. There are SSL_MAX_PIPELINES (32) of them defined (typically not all of these would be used). Each one has a 16k compression buffer allocated! This results in a significant amount of memory being consumed which, most of the time, is not needed. This change swaps the allocation of the compression buffer to be lazy so that it is only done immediately before it is actually used. Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0-pre1, OpenSSL_0_9_8zh, OpenSSL_1_0_0t, OpenSSL_1_0_1q, OpenSSL_1_0_2e |
|
#
06217867 |
| 22-Sep-2015 |
Emilia Kasper |
Refactor ClientHello extension parsing 1) Simplify code with better PACKET methods. 2) Make broken SNI parsing explicit. SNI was intended to be extensible to new name types but
Refactor ClientHello extension parsing 1) Simplify code with better PACKET methods. 2) Make broken SNI parsing explicit. SNI was intended to be extensible to new name types but RFC 4366 defined the syntax inextensibly, and OpenSSL has never parsed SNI in a way that would allow adding a new name type. RFC 6066 fixed the definition but due to broken implementations being widespread, it appears impossible to ever extend SNI. 3) Annotate resumption behaviour. OpenSSL doesn't currently handle all extensions correctly upon resumption. Annotate for further clean-up. 4) Send an alert on ALPN protocol mismatch. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
show more ...
|
#
34980760 |
| 18-Dec-2015 |
Rich Salz |
Remove /* foo.c */ comments This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1
Remove /* foo.c */ comments This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
show more ...
|
#
846ec07d |
| 13-Dec-2015 |
Richard Levitte |
Adapt all EVP_CIPHER_CTX users for it becoming opaque Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
bfb0641f |
| 01-Dec-2015 |
Richard Levitte |
Cleanup: fix all sources that used EVP_MD_CTX_(create|init|destroy) Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
eda34e4b |
| 30-Nov-2015 |
Richard Levitte |
Adapt the rest of the source to the removal of (EVP_MD_CTX|HMAC_CTX)_cleanup Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
6e59a892 |
| 27-Nov-2015 |
Richard Levitte |
Adjust all accesses to EVP_MD_CTX to use accessor functions. Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
361a1191 |
| 05-Dec-2015 |
Kurt Roeckx |
Remove support for all 40 and 56 bit ciphers. Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #364
|
#
600fdc71 |
| 27-Nov-2015 |
Dr. Stephen Henson |
fix function code discrepancy Reviewed-by: Matt Caswell <matt@openssl.org>
|
#
28ba2541 |
| 25-Nov-2015 |
Dr. Stephen Henson |
PRF and handshake hash revision. Change handshake hash array into a single digest context simplifying the handhake hash code. Use EVP_md5_sha1() if needed for handshake hashes in TLS
PRF and handshake hash revision. Change handshake hash array into a single digest context simplifying the handhake hash code. Use EVP_md5_sha1() if needed for handshake hashes in TLS 1.1 and earlier. Simplify PRF code to also use a single digest and treat EVP_md5_sha1() as a special case. Modify algorithm2 field of ciphers to use a single index value for handshake hash and PRF instead of a bitmap. Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
#
6938c954 |
| 25-Nov-2015 |
Dr. Stephen Henson |
Remove unused cert_verify_mac code Reviewed-by: Andy Polyakov <appro@openssl.org>
|
#
5f3d93e4 |
| 06-Nov-2015 |
Matt Caswell |
Ensure all EVP calls have their returns checked where appropriate There are lots of calls to EVP functions from within libssl There were various places where we should probably check the
Ensure all EVP calls have their returns checked where appropriate There are lots of calls to EVP functions from within libssl There were various places where we should probably check the return value but don't. This adds these checks. Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_0_1p, OpenSSL_1_0_2d, OpenSSL-fips-2_0_11 |
|
#
c7238204 |
| 20-Jun-2015 |
Dr. Stephen Henson |
Avoid duplication. We always free the handshake buffer when digests are freed so move it into ssl_free_digest_list() Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by:
Avoid duplication. We always free the handshake buffer when digests are freed so move it into ssl_free_digest_list() Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
#
124037fd |
| 16-Jun-2015 |
Dr. Stephen Henson |
Tidy up ssl3_digest_cached_records logic. Rewrite ssl3_digest_cached_records handling. Only digest cached records if digest array is NULL: this means it is safe to call ssl3_digest_c
Tidy up ssl3_digest_cached_records logic. Rewrite ssl3_digest_cached_records handling. Only digest cached records if digest array is NULL: this means it is safe to call ssl3_digest_cached_records multiple times (subsequent calls are no op). Remove flag TLS1_FLAGS_KEEP_HANDSHAKE instead only update handshake buffer if digest array is NULL. Add additional "keep" parameter to ssl3_digest_cached_records to indicate if the handshake buffer should be retained after digesting cached records (needed for TLS 1.2 client authentication). Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
#
f6a10313 |
| 21-Jun-2015 |
Dr. Stephen Henson |
Revert "Avoid duplication." This reverts commit d480e182fe20fcaeca7817a4693eeaf594bb1a32. Commit broke TLS handshakes due to fragility of digest caching: that will be fixed sepa
Revert "Avoid duplication." This reverts commit d480e182fe20fcaeca7817a4693eeaf594bb1a32. Commit broke TLS handshakes due to fragility of digest caching: that will be fixed separately. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
d480e182 |
| 20-Jun-2015 |
Dr. Stephen Henson |
Avoid duplication. We always free the handshake buffer when digests are freed so move it into ssl_free_digest_list() Reviewed-by: Rich Salz <rsalz@openssl.org>
|