- Sep 05, 2018
-
-
Nicola Tuveri authored
`RSA_free()` and friends are called in case of error from `RSA_new_method(ENGINE *e)` (or the respective equivalent functions). For the rest of the description I'll talk about `RSA_*`, but the same applies for the equivalent `DSA_free()`, `DH_free()`, `EC_KEY_free()`. If `RSA_new_method()` fails because the engine does not implement the required method, when `RSA_free(RSA *r)` is called, `r->meth == NULL` and a segfault happens while checking if `r->meth->finish` is defined. This commit fixes this issue by ensuring that `r->meth` is not NULL before dereferencing it to check for `r->meth->finish`. Fixes #7102 . Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7121)
-
- Sep 04, 2018
-
-
Eric Curtin authored
-subj 'subject=C = US, ST = A, L = root, O = Hewlett Packard Enterprise Company, OU = Remote Device Access, CN = Hewlett Packard Enterprise Remote Device Access Test Local CA, emailAddress = rda@hpe.com' was a valid subject in openssl 1.0. Error received in 1.1 is: problems making Certificate Request Not very informative, I only figured this out because I compiled the code and added logging. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7098)
-
Shane Lontis authored
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7106)
-
Shane Lontis authored
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7109)
-
Shane Lontis authored
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7107)
-
Shane Lontis authored
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7110)
-
Richard Levitte authored
With the introduction of -pkeyopt, the number of bits may change without |newkey| being updated. Unfortunately, there is no API to retrieve the information from a EVP_PKEY_CTX either, so chances are that we report incorrect information. For the moment, it's better not to try to report the number of bits at all. Fixes #7086 Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7096)
-
Matt Caswell authored
The SSL_client_version() function returns the value held in the legacy_version field of the ClientHello. This is never greater than TLSv1.2, even if TLSv1.3 later gets negotiated. Fixes #7079 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7095)
-
Matt Caswell authored
Check that we use an RSA certificate if an RSA key exchange ciphersuite is being used and we have both RSA and RSA-PSS certificates configured. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7099)
-
Matt Caswell authored
If we have selected a ciphersuite using RSA key exchange then we must not attempt to use an RSA-PSS cert for that. Fixes #7059 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7099)
-
Matt Caswell authored
Add a test to check that we create the correct number of tickets after a TLSv1.3 PSK. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7097)
-
Matt Caswell authored
Treat a connection using an external PSK like we would a resumption and send a single NewSessionTicket afterwards. Fixes #6941 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7097)
-
Matt Caswell authored
They did not make it clear how the memory management works for the |pctx| parameter. Fixes #7037 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7042)
-
Matt Caswell authored
If a client sends data to a server and then immediately closes without waiting to read the NewSessionTickets then the server can receive EPIPE when trying to write the tickets and never gets the opportunity to read the data that was sent. Therefore we ignore EPIPE when writing out the tickets in TLSv1.3 Fixes #6904 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6944)
-
Jakub Wilk authored
The default input format is PEM, so explicit "-inform DER" is needed to read DER-encoded CRL. CLA: trivial Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7094)
-
- Sep 03, 2018
-
-
Alex Gaynor authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7100)
-
Pauli authored
Added NIST test cases for these two as well. Additionally deprecate the public definiton of HMAC_MAX_MD_CBLOCK in 1.2.0. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6972)
-
Paulo Flabiano Smorigo authored
Add make clean for evp demos and remove whitespace from a line. CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7072)
-
Pauli authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7089)
-
Shane Lontis authored
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7092)
-
Billy Brumley authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7028)
-
Billy Brumley authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7028)
-
wzhang authored
Add one more unit test case Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/6892)
-
Richard Levitte authored
They add a single item, so the names give a false impression of what they do, making them hard to remember. Better to give them a somewhat better name. Fixes #6930 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6931)
-
Paul Kehrer authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7082)
-
Paul Kehrer authored
fixes #7081 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7082)
-
Pauli authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7088)
-
- Sep 02, 2018
-
-
Pauli authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7087)
-
Eric Brown authored
This trivial patch removes a duplicated call to ASN1_INTEGER_set. Fixes Issue #6977 Signed-off-by: Eric Brown <browne@vmware.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6984)
-
- Sep 01, 2018
-
-
Matt Caswell authored
Fixes #6490 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7044)
-
Erik Forsberg authored
Fixes #6994 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7009)
-
Hubert Kario authored
Add or update the documentation of the different man pages in relation to TLSv1.3 behaviour. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/6939)
-
- Aug 31, 2018
-
-
Andy Polyakov authored
IBM POWER Open Source Ecosystem division asserts commitment to providing more reliable service. GH#7016. This reverts commit 275bfc56 . Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Aug 30, 2018
-
-
Matt Caswell authored
Thanks to @fangang190 for reporting this Fixes #7061 Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7065)
-
Matt Caswell authored
Thanks to @fangang190 for reporting this issue. Fixes #7060 Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7065)
-
- Aug 29, 2018
-
-
ymlbright authored
asn1_encode has two form length octets: short form(1 byte), long form(1+n byte). CLA: Trivial Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7027)
-
- Aug 26, 2018
-
-
Andy Polyakov authored
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6996)
-
Andy Polyakov authored
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6996)
-
- Aug 24, 2018
-
-
Andy Polyakov authored
-path is non-portable extension, fortunately it's possible to express .git subdirectory exclusion with -prune. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7004)
-
Paul Yang authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7041)
-