- Sep 27, 2017
-
-
Samuel Weiser authored
Fixed error in propagating BN_FLG_CONSTTIME flag through BN_MONT_CTX_set, which could lead to information disclosure on RSA primes p and q. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4377)
-
- Sep 26, 2017
-
-
David Benjamin authored
The pub_key field for DH isn't actually used in DH_compute_key at all. (Note the peer public key is passed in as as BIGNUM.) It's mostly there so the caller may extract it from DH_generate_key. It doesn't particularly need to be present if filling in a DH from external parameters. The check in DH_set0_key conflicts with adding OpenSSL 1.1.0 to Node. Their public API is a thin wrapper over the old OpenSSL one: https://nodejs.org/api/crypto.html#crypto_class_diffiehellman They have separate setPrivateKey and setPublicKey methods, so the public key may be set last or not at all. In 1.0.2, either worked fine since operations on DH objects generally didn't use the public key. (Like with OpenSSL, Node's setPublicKey method is also largely a no-op, but so it goes.) In 1.1.0, DH_set0_key prevents create a private-key-only DH object. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4384)
-
Dr. Stephen Henson authored
[extended tests] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/=4412)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/=4412)
-
Dr. Stephen Henson authored
Rename tls1_get_curvelist to tls1_get_grouplist, change to void as it can never fail and remove unnecessary return value checks. Clean up the code. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/=4412)
-
Dr. Stephen Henson authored
Replace existing compression and groups check with two functions. tls1_check_pkey_comp() checks a keys compression algorithms is consistent with extensions. tls1_check_group_id() checks is a group is consistent with extensions and preferences. Rename tls1_ec_nid2curve_id() to tls1_nid2group_id() and make it static. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/=4412)
-
Dr. Stephen Henson authored
Setup EVP_PKEY structure from a group ID in ssl_generate_param_group, replace duplicate code with this function. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/=4412)
-
Dr. Stephen Henson authored
Replace tls1_ec_curve_id2nid() with tls_group_id_lookup() which returns the TLS_GROUP_INFO for the group. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/=4412)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/=4412)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/=4412)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/=4412)
-
Richard Levitte authored
Fixes #4419 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4420)
-
- Sep 24, 2017
-
-
Saagar Jha authored
CLA: trivial Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4407)
-
- Sep 23, 2017
-
-
Kurt Roeckx authored
Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #4410
-
Kurt Roeckx authored
Found by OSS-Fuzz and the tests Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #4410
-
Dr. Stephen Henson authored
Avoid duplicate assertion by removing dhparam from SSL_CONF parameter list: dhparam is handled manually by s_server. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4408)
-
Pichulin Dmitrii authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4405)
-
- Sep 22, 2017
-
-
Dr. Stephen Henson authored
Instead of storing supported groups in on-the-wire format store them as parsed uint16_t values. This simplifies handling of groups as the values can be directly used instead of being converted. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4406)
-
Andy Polyakov authored
The warning flag in question was added in GCC version 6, hence addition has to be conditional. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4401)
-
David Benjamin authored
This guards against the name constraints check consuming large amounts of CPU time when certificates in the presented chain contain an excessive number of names (specifically subject email names or subject alternative DNS names) and/or name constraints. Name constraints checking compares the names presented in a certificate against the name constraints included in a certificate higher up in the chain using two nested for loops. Move the name constraints check so that it happens after signature verification so peers cannot exploit this using a chain with invalid signatures. Also impose a hard limit on the number of name constraints check loop iterations to further mitigate the issue. Thanks to NCC for finding this issue. Fix written by Martin Kreichgauer. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4393)
-
- Sep 21, 2017
-
-
Dr. Matthias St. Pierre authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4383)
-
Patrick Steuer authored
Compilation failed due to -Werror=misleading-indentation. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4395)
-
Andy Polyakov authored
Detect clang even if it's disguised, e.g. cross-compiler or invoked by explicit path name, and add the option based on that. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4383)
-
Benjamin Kaduk authored
This option was lost when converting to a table-driven option parser in commit 7e1b7485 . Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4398)
-
- Sep 20, 2017
-
-
Dr. Stephen Henson authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)
-
Dr. Stephen Henson authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)
-
Dr. Stephen Henson authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)
-
Dr. Stephen Henson authored
Allo RSA certificate to be used for RSA-PSS signatures: this needs to be explicit because RSA and RSA-PSS certificates are now distinct types. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)
-
Dr. Stephen Henson authored
Recognise RSA-PSS certificate algorithm and add a new certificate type. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)
-
- Sep 19, 2017
-
-
David Benjamin authored
c2i_ASN1_BIT_STRING takes length as a long but uses it as an int. Check bounds before doing so. Previously, excessively large inputs to the function could write a single byte outside the target buffer. (This is unreachable as asn1_ex_c2i already uses int for the length.) Thanks to NCC for finding this issue. Fix written by Martin Kreichgauer. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4385)
-
- Sep 18, 2017
-
-
Pauli authored
Use the defined typechecking stack method to sort the compression methods stack rather than using the generic function and apply type casts. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4382)
-
- Sep 17, 2017
-
-
Pauli authored
Address coverity report of null pointer being dereferenced. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4381)
-
- Sep 15, 2017
-
-
Christian Heimes authored
OpenSSL 1.1.0 made SSL_CTX and SSL structs opaque and introduced a new API to set the minimum and maximum protocol version for SSL_CTX with TLS_method(). Add getters to introspect the configured versions: int SSL_CTX_get_min_proto_version(SSL_CTX *ctx); int SSL_CTX_get_max_proto_version(SSL_CTX *ctx); int SSL_get_min_proto_version(SSL *ssl); int SSL_get_max_proto_version(SSL *ssl); NOTE: The getters do not resolv the version in case when the minimum or maxium version are configured as '0' (meaning auto-select lowest and highst version number). Signed-off-by: Christian Heimes <christian@python.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4364)
-
- Sep 14, 2017
-
-
Pauli authored
Introduced by #4372 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4374)
-
Pauli authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4373)
-
Pauli authored
Also use strndup instead of a malloc/memcpy pair. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4372)
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4371)
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4371)
-
Benjamin Kaduk authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4369)
-
Paul Yang authored
[to be squashed] [skip ci] Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4356)
-