- 26 Jun, 2019 2 commits
-
-
Benjamin Kaduk authored
This reverts commit 524006dd1b80c1a86a20119ad988666a80d8d8f5. While this change did prevent the sigalgs from getting inadvertently clobbered by SSL_set_SSL_CTX(), it also caused the sigalgs to not be set when the cert_cb runs. This, in turn, caused significant breakage, such as SSL_check_chain() failing to find any valid chain. An alternate approach to fixing the issue from #7244 will follow. Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9157) (cherry picked from commit 6f34d7bc7d0c7fcd86c6f2772f26e42c925d8505)
-
Benjamin Kaduk authored
Augment the cert_cb sslapitest to include a run that uses SSL_check_chain() to inspect the certificate prior to installing it on the SSL object. If the check shows the certificate as not valid in that context, we do not install a certificate at all, so the handshake will fail later on in processing (tls_choose_sigalg()), exposing the indicated regression. Currently it fails, since we have not yet set the shared sigalgs by the time the cert_cb runs. Reviewed-by:
-
- 24 Jun, 2019 2 commits
-
-
Pauli authored
This feature is enabled by default outside of FIPS builds which ban such actions completely. Encryption is always disallowed and will generate an error. Reviewed-by:
Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9112) (cherry picked from commit 2c840201e57e27fa9f1b26a970270a91813e32fe)
-
Pauli authored
Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9225) (cherry picked from commit 0ccff7a7ea82a921f780a483fc91c6b90a1378d9)
-
- 21 Jun, 2019 1 commit
-
-
Bernd Edlinger authored
This is a bit annoying, if for instance "openssl genrsa -aes128" tries to read a 4+ character size password, but CTRL-C does no longer work after a RETURN key, since the flag UI_FLAG_REDOABLE is set by UI_set_result_ex, together with the error "You must type in 4 to 1023 characters". Thus remove the REDOABLE flag to allow CTRL-C to work. [extended tests] Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9170) (cherry picked from commit f8922b5107d098c78f846c8c999f96111345de8d)
-
- 19 Jun, 2019 4 commits
-
-
Miquel Ruiz authored
SSL_shutdown can fail if called during initialization, and in such case, it'll add an error to the error queue. This adds SSL_shutdown to the list of functions that should preceed the call to SSL_get_error. CLA: trivial Reviewed-by:
-
Rebecca Cran authored
CLA: trivial Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
-
Tomas Mraz authored
The BIO_FLAGS_NONCLEAR_RST flag behavior was not properly documented and it also caused the length to be incorrectly set after the reset operation. Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by:
-
Pauli authored
Reviewed-by:
-
- 18 Jun, 2019 5 commits
-
-
Matt Caswell authored
The previous 2 commits moved supported groups and ciphers out of the session object to avoid race conditions. We now also move ecpointformats for consistency. There does not seem to be a race condition with access to this data since it is only ever set in a non-resumption handshake. However, there is no reason for it to be in the session. Reviewed-by:
-
Matt Caswell authored
Similarly to the previous commit we were storing the peer offered list of ciphers in the session. In practice there is no need for this information to be avilable from one resumption to the next since this list is specific to a particular handshake. Since the session object is supposed to be immutable we should not be updating it once we have decided to resume. The solution is to remove the session list out of the session object. Reviewed-by:
-
Matt Caswell authored
In TLSv1.3 the supported groups can be negotiated each time a handshake occurs, regardless of whether we are resuming or not. We should not store the supported groups information in the session because session objects can be shared between multiple threads and we can end up with race conditions. For most users this won't be seen because, by default, we use stateless tickets in TLSv1.3 which don't get shared. However if you use SSL_OP_NO_TICKET (to get stateful tickets in TLSv1.3) then this can happen. The answer is to move the supported the supported group information into the SSL object instead. Reviewed-by:
-
Bernd Edlinger authored
When bufsize == 0, openssl_strerror_r should return 0 (if _GNU_SOURCE is defined), to be consistent with non-_GNU_SOURCE variants, which exhibit the same behavior. Fix a few cases, where the return value of openssl_strerror_r was ignored. Reviewed-by:
-
Rebecca Cran authored
This avoids the case where a UEFI build on FreeBSD tries to call the system issetugid function instead of returning 0 as it should do. CLA: trivial Reviewed-by:
-
- 15 Jun, 2019 1 commit
-
-
Paul Yang authored
Fixes: #9088 Functions documented in this commit: X509_cmp, X509_NAME_cmp, X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, X509_CRL_cmp, X509_CRL_match Reviewed-by:
-
- 13 Jun, 2019 1 commit
-
-
Matt Caswell authored
The d2i docs state that if an error occurs then |*a| is not freed. This is not correct. On error it is freed and set to NULL. We update the docs to say this, and also discuss the fact that this behaviour was inconsistent prior to OpenSSL 1.1.0. Reviewed-by:
-
- 12 Jun, 2019 2 commits
-
-
raja-ashok authored
Reviewed-by:
-
Acheev Bhagat authored
Reviewed-by:
-
- 11 Jun, 2019 3 commits
-
-
Matt Caswell authored
When compiling with --strict-warnings using gcc 7.4.0 the compiler complains that a case falls through, even though there is an explicit comment stating this. Moving the comment outside of the conditional compilation section resolves this. Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9123) (cherry picked from commit e98e586b31386af2b2212729da85561a207e7af3)
-
Shigeki Ohtsu authored
ae3947de changed the callback arg not to have a const parameter. CLA: trivial Reviewed-by:
-
- 10 Jun, 2019 2 commits
-
-
Richard Levitte authored
So say the docs Fixes #8055 Reviewed-by:
-
Tomas Mraz authored
The lookup for ::1 with getaddrinfo() might return error even if the ::1 would work if AI_ADDRCONFIG flag is used. Fixes: #9053 Reviewed-by:
-
- 09 Jun, 2019 2 commits
-
-
Dr. Matthias St. Pierre authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9118)
-
Dr. Matthias St. Pierre authored
The DEVRANDOM_WAIT feature added a select() call to wait for the `/dev/random` device to become readable before reading from the `/dev/urandom` device. It was introduced in commit 38023b87f037 in order to mitigate the fact that the `/dev/urandom` device does not block until the initial seeding of the kernel CSPRNG has completed, contrary to the behaviour of the `getrandom()` system call. It turned out that this change had negative side effects on performance which were not acceptable. After some discussion it was decided to revert this feature and leave it up to the OS resp. the platform maintainer to ensure a proper initialization during early boot time. Fixes #9078 This partially reverts commit 38023b87f037. Reviewed-by:
-
- 07 Jun, 2019 2 commits
-
-
Acheev Bhagat authored
Reviewed-by:
-
David Makepeace authored
[skip ci] Reviewed-by:
-
- 06 Jun, 2019 1 commit
-
-
Dr. Matthias St. Pierre authored
Fixes #9092 Reviewed-by:
-
- 04 Jun, 2019 3 commits
-
-
Dr. Matthias St. Pierre authored
In commit 2b8fa1d5 the version-specific SSL/TLS methods were deprecated. This patch improves the documentation of that change by stating the deprecation more prominently in the manual page and explaining the reason for the deprecation. Fixes #8989 Reviewed-by:
-
Vitezslav Cizek authored
The 4 kB SPACE_SYS_STR_REASONS in crypto/err/err.c isn't enough for some locales. The Russian locales consume 6856 bytes, Ukrainian even 7000. build_SYS_str_reasons() contains an overflow check: if (cnt > sizeof(strerror_pool)) cnt = sizeof(strerror_pool); But since commit 9f15e5b911ba6053e09578f190354568e01c07d7 it no longer works as cnt is incremented once more after the condition. cnt greater than sizeof(strerror_pool) results in an unbounded OPENSSL_strlcpy() in openssl_strerror_r(), eventually causing a crash. When the first received error string was empty or contained only spaces, cur would move in front of the start of the strerror_pool. Also don't call openssl_strerror_r when the pool is full. Reviewed-by: -
Dr. Matthias St. Pierre authored
The DEBUG_SAFESTACK preprocessor define is obsolete since 2008 when the non-safestack code was removed by commit 985de863 . Reviewed-by:
-
- 03 Jun, 2019 3 commits
-
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
If we receive a KeyUpdate message (update requested) from the peer while we are in the middle of a write, we should defer sending the responding KeyUpdate message until after the current write is complete. We do this by waiting to send the KeyUpdate until the next time we write and there is no pending write data. This does imply a subtle change in behaviour. Firstly the responding KeyUpdate message won't be sent straight away as it is now. Secondly if the peer sends multiple KeyUpdates without us doing any writing then we will only send one response, as opposed to previously where we sent a response for each KeyUpdate received. Fixes #8677 Reviewed-by:
-
Shane Lontis authored
Fixes #8923 Found using the openssl cms -resign option. This uses an alternate path to do the signing which was not adding the required signed attribute content type. The content type attribute should always exist since it is required is there are any signed attributes. As the signing time attribute is always added in code, the content type attribute is also required. The CMS_si_check_attributes() method adds validity checks for signed and unsigned attributes e.g. The message digest attribute is a signed attribute that must exist if any signed attributes exist, it cannot be an unsigned attribute and there must only be one instance containing a single value. Reviewed-by:
-
- 31 May, 2019 4 commits
-
-
David Benjamin authored
Reviewed-by:
Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by:
-
Retropotenza authored
CLA: trivial Fixes #8911 Reviewed-by:
-
Sambit Kumar Dash authored
Minor typo. CLA: trivial Reviewed-by:
-
Sambit Kumar Dash authored
Method name correction. CLA: trivial Reviewed-by:
-
- 30 May, 2019 2 commits
-
-
agnosticdev authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
-
