Skip to content
  1. Jul 29, 2016
    • Matt Caswell's avatar
      Fix BIO_push ref counting for SSL BIO · eddef305
      Matt Caswell authored
      
      
      When pushing a BIO onto an SSL BIO we set the rbio and wbio for the SSL
      object to be the BIO that has been pushed. Therefore we need to up the ref
      count for that BIO. The existing code was uping the ref count on the wrong
      BIO.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      eddef305
    • Matt Caswell's avatar
      Don't double free the write bio · 8e3854ac
      Matt Caswell authored
      
      
      When setting the read bio we free up any old existing one. However this can
      lead to a double free if the existing one is the same as the write bio.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      8e3854ac
    • Matt Caswell's avatar
      Add a test for SSL_set_bio() · 7fb4c820
      Matt Caswell authored
      
      
      The SSL_set_bio() function has some complicated ownership rules. This adds a
      test to make sure it all works as expected.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      7fb4c820
    • Matt Caswell's avatar
      Make the checks for an SSLv2 style record stricter · 0647719d
      Matt Caswell authored
      
      
      SSLv2 is no longer supported in 1.1.0, however we *do* still accept an SSLv2
      style ClientHello, as long as we then subsequently negotiate a protocol
      version >= SSLv3. The record format for SSLv2 style ClientHellos is quite
      different to SSLv3+. We only accept this format in the first record of an
      initial ClientHello. Previously we checked this by confirming
      s->first_packet is set and s->server is true. However, this really only
      tells us that we are dealing with an initial ClientHello, not that it is
      the first record (s->first_packet is badly named...it really means this is
      the first message). To check this is the first record of the initial
      ClientHello we should also check that we've not received any data yet
      (s->init_num == 0), and that we've not had any empty records.
      
      GitHub Issue #1298
      
      Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      0647719d
  2. Jul 28, 2016
  3. Jul 26, 2016
  4. Jul 25, 2016