#
76ad9ae6 |
| 29-Jul-2022 |
Pauli |
Coverity 1507484: dereference before null check Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/ope
Coverity 1507484: dereference before null check Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18907)
show more ...
|
#
38b051a1 |
| 20-Jun-2022 |
Tomas Mraz |
SSL object refactoring using SSL_CONNECTION object Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented
SSL object refactoring using SSL_CONNECTION object Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented a QUIC stream. It requires adding if after every SSL_CONNECTION_FROM_SSL() call which itself has to be added to almost every public SSL_ API call. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18612)
show more ...
|
#
12e48836 |
| 01-Jul-2022 |
Jiasheng Jiang |
ssl/tls_srp.c: Add check for BN_dup As the potential failure of the BN_dup, it should be better to check the return value in order to guarantee the success. Signed-off-by: J
ssl/tls_srp.c: Add check for BN_dup As the potential failure of the BN_dup, it should be better to check the return value in order to guarantee the success. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/18699)
show more ...
|
#
639e5760 |
| 21-May-2022 |
Peiwei Hu |
Fix check of dtls1_process_record Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18369)
|
#
0f8815aa |
| 28-May-2021 |
Pauli |
ssl: add zero strenght arguments to BN and RAND RNG calls Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15513)
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12 |
|
#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
Revision tags: OpenSSL_1_1_1j |
|
#
76cb077f |
| 08-Feb-2021 |
Matt Caswell |
Deprecate the libssl level SRP APIs The low level SRP implementation has been deprecated with no replacement. Therefore the libssl level APIs need to be similarly deprecated. Re
Deprecate the libssl level SRP APIs The low level SRP implementation has been deprecated with no replacement. Therefore the libssl level APIs need to be similarly deprecated. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14132)
show more ...
|
#
6d2a1eff |
| 05-Feb-2021 |
Matt Caswell |
Deprecate the low level SRP APIs The OTC decided that all low level APIs should be deprecated. This extends to SRP, even though at the current time there is no "EVP" interface to it.
Deprecate the low level SRP APIs The OTC decided that all low level APIs should be deprecated. This extends to SRP, even though at the current time there is no "EVP" interface to it. This could be added in a future release. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14132)
show more ...
|
Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8 |
|
#
c48ffbcc |
| 04-Nov-2020 |
Richard Levitte |
SSL: refactor all SSLfatal() calls Since SSLfatal() doesn't take a function code any more, we drop that argument everywhere. Also, we convert all combinations of SSLfatal() and ERR_
SSL: refactor all SSLfatal() calls Since SSLfatal() doesn't take a function code any more, we drop that argument everywhere. Also, we convert all combinations of SSLfatal() and ERR_add_data() to an SSLfatal_data() call. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13316)
show more ...
|
#
6849b73c |
| 04-Nov-2020 |
Richard Levitte |
Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://
Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13316)
show more ...
|
Revision tags: openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1 |
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
Revision tags: OpenSSL_1_1_1g, OpenSSL_1_1_1f |
|
#
1744b6d3 |
| 20-Mar-2020 |
Matt Caswell |
Update libssl to use the new library context aware SRP functions Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11410)
|
Revision tags: OpenSSL_1_1_1e, OpenSSL_1_0_2u |
|
#
3d484574 |
| 17-Oct-2019 |
Rich Salz |
Replace BUF_ string function calls with OPENSSL_ ones Deprecate the BUF_ string macros Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Richard Levitte <levitte@o
Replace BUF_ string function calls with OPENSSL_ ones Deprecate the BUF_ string macros Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10207)
show more ...
|
#
706457b7 |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source direc
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
2c18d164 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in ssl/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7768)
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n |
|
#
4cffafe9 |
| 03-Nov-2017 |
Kurt Roeckx |
Use the private RNG for data that is not public Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Fixes: #4641 G
Use the private RNG for data that is not public Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Fixes: #4641 GH: #4665
show more ...
|
#
16cfc2c9 |
| 08-Mar-2018 |
Kurt Roeckx |
Don't use a ssl specific DRBG anymore Since the public and private DRBG are per thread we don't need one per ssl object anymore. It could also try to get entropy from a DRBG that's r
Don't use a ssl specific DRBG anymore Since the public and private DRBG are per thread we don't need one per ssl object anymore. It could also try to get entropy from a DRBG that's really from an other thread because the SSL object moved to an other thread. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5547)
show more ...
|
#
3b855b1f |
| 13-Mar-2018 |
Tim Hudson |
update SRP copyright notice As per discussion with Peter Sylvester Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5603)
|
#
a2c2e000 |
| 22-Nov-2017 |
Matt Caswell |
Convert remaining functions in statem_clnt.c to use SSLfatal() Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
|
#
f63a17d6 |
| 21-Nov-2017 |
Matt Caswell |
Convert the state machine code to use SSLfatal() Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
|
Revision tags: OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
#
26a7d938 |
| 17-Oct-2017 |
KaoruToda |
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4541)
show more ...
|
#
208fb891 |
| 09-Oct-2017 |
KaoruToda |
Since return is inconsistent, I removed unnecessary parentheses and unified them. - return (0); -> return 0; - return (1); -> return 1; - return (-1); -> return -1; Reviewed-
Since return is inconsistent, I removed unnecessary parentheses and unified them. - return (0); -> return 0; - return (1); -> return 1; - return (-1); -> return -1; Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4500)
show more ...
|
#
ae3947de |
| 03-Aug-2017 |
Rich Salz |
Add a DRBG to each SSL object Give each SSL object it's own DRBG, chained to the parent global DRBG which is used only as a source of randomness into the per-SSL DRBG. This is used
Add a DRBG to each SSL object Give each SSL object it's own DRBG, chained to the parent global DRBG which is used only as a source of randomness into the per-SSL DRBG. This is used for all session, ticket, and pre-master secret keys. It is NOT used for ECDH key generation which use only the global DRBG. (Doing that without changing the API is tricky, if not impossible.) Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4050)
show more ...
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f |
|
#
135976b3 |
| 16-May-2017 |
Diego Santa Cruz |
Use memset to clear SRP_CTX instead of NULL and zero assignments This uses memset() to clear all of the SRP_CTX when free'ing or initializing it as well as in error paths instead of havi
Use memset to clear SRP_CTX instead of NULL and zero assignments This uses memset() to clear all of the SRP_CTX when free'ing or initializing it as well as in error paths instead of having a series of NULL and zero assignments as it is safer. It also changes SSL_SRP_CTX_init() to reset all the SRP_CTX to zero in case or error, previously it could retain pointers to freed memory, potentially leading to a double free. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3467)
show more ...
|
#
e655f549 |
| 15-May-2017 |
Diego Santa Cruz |
Make SRP_CTX.info ownership and lifetime be the same as SRP_CTX.login. Ownership and lifetime rules of SRP_CTX.info are confusing and different from those of SRP_CTX.login, making it dif
Make SRP_CTX.info ownership and lifetime be the same as SRP_CTX.login. Ownership and lifetime rules of SRP_CTX.info are confusing and different from those of SRP_CTX.login, making it difficult to use correctly. This makes the ownership and lifetime be the same as those of SRP_CTX.login, thet is a copy is made when setting it and is freed when SRP_CTX is freed. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3467)
show more ...
|