- May 24, 2018
-
-
David Benjamin authored
TlsGetValue clears the last error even on success, so that callers may distinguish it successfully returning NULL or failing. This error-mangling behavior interferes with the caller's use of GetLastError. In particular SSL_get_error queries the error queue to determine whether the caller should look at the OS's errors. To avoid destroying state, save and restore the Windows error. Fixes #6299. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 2de108df) (Merged from https://github.com/openssl/openssl/pull/6349)
-
Matt Caswell authored
We check that the curve name associated with the point is the same as that for the curve. Fixes #6302 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6323) (cherry picked from commit b14e6015)
-
- May 23, 2018
-
-
Viktor Dukhovni authored
Only check the CN against DNS name contraints if the `X509_CHECK_FLAG_NEVER_CHECK_SUBJECT` flag is not set, and either the certificate has no DNS subject alternative names or the `X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT` flag is set. Add pertinent documentation, and touch up some stale text about name checks and DANE. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Viktor Dukhovni authored
Don't apply DNS name constraints to the subject CN when there's a least one DNS-ID subjectAlternativeName. Don't apply DNS name constraints to subject CN's that are sufficiently unlike DNS names. Checked name must have at least two labels, with all labels non-empty, no trailing '.' and all hyphens must be internal in each label. In addition to the usual LDH characters, we also allow "_", since some sites use these for hostnames despite all the standards. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- May 21, 2018
-
-
Tilman Keskinöz authored
NULL-check for cipher is redundant, instead check if cipher->name is NULL While here fix formatting of BIO_printf calls as suggested by Andy Polyakov. CLA: trivial Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6282) (cherry picked from commit d61e6040)
-
Matt Caswell authored
If the lengths of both names is 0 then don't attempt to do a memcmp. Issue reported by Simon Friedberger, Robert Merget and Juraj Somorovsky. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6291) (cherry picked from commit 511190b6)
-
- May 20, 2018
-
-
Richard Levitte authored
This adds the possibility to exclude files by regexp in util/copy.pl Partial fix for #3254 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6303) (cherry picked from commit 246bd8fd)
-
Richard Levitte authored
--quiet stops warnings of this sort: Cannot find "BIO_read_ex" in podpath: cannot find suitable replacement path, cannot resolve link We know what causes these warnings, it's perfectly innocuous, and we don't want to hear it any more. Partial fix for #3254 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6304) (cherry picked from commit 6439e343)
-
Richard Levitte authored
A previous change of this function introduced a fragility when the destination happens to be the same as the source. Such alias isn't recommended, but could still happen, for example in this kind of code: X509_NAME *subject = X509_get_issuer_name(x); /* ... some code passes ... */ X509_set_issuer_name(x, subject); Fixes #4710 Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6280) (cherry picked from commit c1c1783d)
-
- May 19, 2018
-
-
Bernd Edlinger authored
Thanks to Darovskikh Andrei for for reporting this issue. Fixes: #5785 Fixes: #6302 Cherry-picked from f91e026e (without test/bntest.c) Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6310)
-
- May 18, 2018
-
-
FdaSilvaYY authored
because there are actually 17 curves defined, but only 16 are plugged for ecdsa test. Deduce array size using OSSL_NELEM and so remove various magic numbers, which required some declarations moving. Implement OPT_PAIR list search without a null-ending element. Fix some comparison between signed and unsigned integer expressions. cherry-picking from commit 5c6a69f5 . Partial Back-port of #6133 to 1.1.0 Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6245)
-
- May 17, 2018
-
-
Matt Caswell authored
Experiments have shown that the lookup table used by BN_GF2m_mod_arr introduces sufficient timing signal to recover the private key for an attacker with access to cache timing information on the victim's host. This only affects binary curves (which are less frequently used). No CVE is considered necessary for this issue. The fix is to replace the lookup table with an on-the-fly calculation of the value from the table instead, which can be performed in constant time. Thanks to Youngjoo Shin for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6270) (cherry picked from commit b336ce57)
-
Richard Levitte authored
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6249) (cherry picked from commit 029c11c2)
-
- May 16, 2018
-
-
Richard Levitte authored
There are *roff parsers that are strict about the NAME section being one line only. The man(7) on Debian GNU/Linux suggests that this is appropriate, so we compensate our multi-line NAME sections by fixing the *roff output. Noted by Eric S. Raymond Related to #6264 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6268) (cherry picked from commit 8d483b2d)
-
- May 15, 2018
-
-
Matt Caswell authored
The TLS code marks records as read when its finished using a record. The DTLS code did not do that. However SSL_has_pending() relies on it. So we should make DTLS consistent. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6160)
-
- May 14, 2018
-
-
Richard Levitte authored
'install' depends on 'install_docs', so making the latter explicit is a waste. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6250) (cherry picked from commit 986caf9e)
-
Richard Levitte authored
The Console UI method always set echo on after prompting without echo. However, echo might not have been on originally, so just restore the original TTY settings. Fixes #2373 Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6157)
-
- May 12, 2018
-
-
Pavel Kopyl authored
(cherry picked from commit aebd0e5c ) Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6237)
-
Matt Caswell authored
In DTLS if we have buffered a fragment for a zero length message (e.g. ServerHelloDone) then, when we unbuffered the fragment, we were attempting to memcpy the contents of the fragment which is zero length and a NULL pointer. This is undefined behaviour. We should check first whether we have a zero length fragment. Fixes a travis issue. [extended tests] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6224)
-
Richard Levitte authored
Fixes #4716 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6173) (cherry picked from commit c82c3462)
-
- May 11, 2018
-
-
Dr. Matthias St. Pierre authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6230)
-
Matt Caswell authored
During a full handshake the server is the last one to "speak". The timer should continue to run until we know that the client has received our last flight (e.g. because we receive some application data). Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6196)
-
Matt Caswell authored
Otherwise we may end up in a hang when using blocking sockets Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6196)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6196)
-
Matt Caswell authored
Fixes #4929 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6196)
-
- May 08, 2018
-
-
Matt Caswell authored
The function CMS_RecipientInfo_set0_pkey() is a "set0" and therefore memory management passes to OpenSSL. If the same function is called again then we should ensure that any previous value that was set is freed first before we set it again. Fixes #5052 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6142) (cherry picked from commit 3d551b20)
-
- May 05, 2018
-
-
Emilia Kasper authored
- Reject fractional seconds - Reject offsets - Check that the date/time digits are in valid range. - Add documentation for X509_cmp_time GH issue 2620 Backported from 80770da3 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6181)
-
Todd Short authored
Earlier Apple Xcode compilers, e.g. one targeting Mac OS X 10.7, don't support dependency generation and one still has to use makedepend. It's unclear when it was fixed, but all clang-based Apple compilers seem to support -M options. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6167)
-
- May 04, 2018
-
-
Richard Levitte authored
When the input length is zero, just return zero early. Otherwise, there's a small chance that memory allocation is engaged, fails and returns -1, which is a bit confusing when nothing should be written. Fixes #4782 #4827 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/6175) (cherry picked from commit 0d94212a)
-
Richard Levitte authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6178)
-
Andy Polyakov authored
Montgomery multiplication post-conditions in some of code paths were formally non-constant time. Cache access pattern was result-neutral, but a little bit asymmetric, which might have produced a signal [if processor reordered load and stores at run-time]. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6163) (cherry picked from commit 774ff8fe) Resolved conflicts in ppc-mont.pl and x86_64-mont.pl.
-
- May 03, 2018
-
-
Dr. Matthias St. Pierre authored
Fixes #6121 Thanks to Mingtao Yang for reporting this bug. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6162)
-
Matt Caswell authored
Calculating BN_mod_inverse where n is 1 (or -1) doesn't make sense. We should return an error in that case. Instead we were returning a valid result with value 0. Fixes #6004 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6119) (cherry picked from commit b1860d6c)
-
- May 02, 2018
-
-
Matt Caswell authored
Commit 14e55560 added this function which should have taken a const argument. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6155)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6114)
-
Matt Caswell authored
The ciphers field in a session contains the stack of ciphers offered by the client. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6114)
-
Matt Caswell authored
The function SSL_get_shared_ciphers() is supposed to return ciphers shared by the client and the server. However it only ever returned the client ciphers. Fixes #5317 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6114)
-
Dr. Matthias St. Pierre authored
which is used for ASN1_STRING_print_ex*() and X509_NAME_print_ex*(). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6117)
-
- May 01, 2018
-
-
Benjamin Kaduk authored
Commit d316cdcf introduced some extra checks into the session-cache update procedure, intended to prevent the caching of sessions whose resumption would lead to a handshake failure, since if the server is authenticating the client, there needs to be an application-set "session id context" to match up to the authentication context. While that change is effective for its stated purpose, there was also some collatoral damage introduced along with the fix -- clients that set SSL_VERIFY_PEER are not expected to set an sid_ctx, and so their usage of session caching was erroneously denied. Fix the scope of the original commit by limiting it to only acting when the SSL is a server SSL. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5967) (cherry picked from commit c4fa1f7f)
-
Matt Caswell authored
Fixes #5061 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6140)
-