- Aug 09, 2018
-
-
Matt Caswell authored
A client that has fallen back could detect an inappropriate fallback if the TLSv1.3 downgrade protection sentinels are present. Fixes #6756 Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6894)
-
- Aug 08, 2018
-
-
Matt Caswell authored
Test that a server can handle an unecrypted alert when normally the next message is encrypted. Reviewed-by:
-
Matt Caswell authored
At certain points in the handshake we could receive either a plaintext or an encrypted alert from the client. We should tolerate both where appropriate. Reviewed-by:
-
Matt Caswell authored
If we sent early_data and then received back an HRR, the enc_write_ctx was stale resulting in errors if an alert needed to be sent. Thanks to Quarkslab for reporting this. In any case it makes little sense to encrypt alerts using the client_early_traffic_secret, so we add special handling for alerts sent after early_data. All such alerts are sent in plaintext. Reviewed-by:
-
Matt Caswell authored
Under certain error conditions a call to SSLfatal could accidently be missed. Reviewed-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6872)
-
- Aug 07, 2018
-
-
Dr. Matthias St. Pierre authored
In 38eca7fe a new check for the pem_str member of the entries of the ASN1 method table was introduced. Because the test condition was split into two TEST_true(...) conditions, the test outputs error diagnostics for all entries which have pem_str != NULL. This commit joins the two test conditions into a single condition. Reviewed-by:
-
Rich Salz authored
Also add build-time errors to keep them in sync. Thanks to GitHub user YuDudysheva for reporting this. Reviewed-by:
-
Rich Salz authored
Thanks to GitHub user zsergey105 for reporting this. Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6875)
-
Richard Levitte authored
Reviewed-by:
-
Patrick Steuer authored
Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
-
Andy Polyakov authored
Rationale is that it wasn't providing accurate statistics anyway. For statistics to be accurate CRYPTO_get_alloc_counts should acquire a lock and lock-free additions should not be an option. Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Goal here is to facilitate writing "thread-opportunistic" code that withstands Thread Sanitizer's scrutiny. "Thread-opportunistic" is when exact result is not required, e.g. some statistics, or execution flow doesn't have to be unambiguous. Reviewed-by:
-
Andy Polyakov authored
Checks are left in OPENSSL_sk_shift, OPENSSL_sk_pop and OPENSSL_sk_num. This is because these are used as "opportunistic" readers, pulling whatever datai, if any, set by somebody else. All calls that add data don't check for stack being NULL, because caller should have checked if stack was actually created. Reviewed-by:
-
Andy Polyakov authored
In some cases it's about redundant check for return value, in some cases it's about replacing check for -1 with comparison to 0. Otherwise compiler might generate redundant check for <-1. [Even formatting and readability fixes.] Reviewed-by:
-
Andy Polyakov authored
Documentation says "at most B<len> bytes will be written", which formally doesn't prohibit zero. But if zero B<len> was passed, the call to memcpy was bound to crash. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6880)
-
Pauli authored
The CRYPTO_memcmp test isn't testing the test framework. It would seem to better belong in the sanity tests. Reviewed-by:
-
- Aug 06, 2018
-
-
Matt Caswell authored
In some scenarios the connection could fail without an alert being sent. This causes a later assertion failure. Thanks to Quarkslab for reporting this. Reviewed-by:
-
Patrick Steuer authored
Signed-off-by:
-
- Aug 03, 2018
-
-
Dr. Matthias St. Pierre authored
Fixes #6800 Replaces #5418 This commit reverts commit 7876dbff and moves the check for a zero-length input down the callstack into sha3_update(). Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
-
- Aug 02, 2018
-
-
Bernd Edlinger authored
Fixes: #6826 [extended tests] Reviewed-by:
-
- Aug 01, 2018
-
-
Andy Polyakov authored
CRYPTO_atomic_add was assumed to return negative value on error, while it returns 0. Reviewed-by: -
Pauli authored
Reviewed-by:
-
- Jul 31, 2018
-
-
Richard Levitte authored
There are symbols we've marked for deprecation in OpenSSL 1.2.0. We must ensure that they don't actually become deprecated before that. Fixes #6814 Reviewed-by:
-
Rich Salz authored
Clarify docs to list that some protocol flags might not be available depending on how OpenSSL was build. Reviewed-by:
-
Matt Caswell authored
Ensure that the certificate required alert actually gets sent (and doesn't get translated into handshake failure in TLSv1.3). Ensure that proper reason codes are given for the new TLSv1.3 alerts. Remove an out of date macro for TLS13_AD_END_OF_EARLY_DATA. This is a left over from an earlier TLSv1.3 draft that is no longer used. Fixes #6804 Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Fixes #6646 Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Some EC functions exist in *_GFp and *_GF2m forms, in spite of the implementations between the two curve types being identical. This commit provides equivalent generic functions with the *_GFp and *_GF2m forms just calling the generic functions. Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Also streamline the code by relying on ASN1_INTEGER_to_BN to allocate the BN instead of doing it separately. Reviewed-by:
-
- Jul 29, 2018
-
-
Beat Bolli authored
into an existing source file: the function is static, and the code doesn't include dsa.h. Match the generated C source style of dsaparam. Adjust apps/dhparam.c to match, and rename the BIGNUMs to their more usual single-letter names. Add an error return in the generated C source. both: simplify the callback function Signed-off-by:
Beat Bolli <dev@drbeat.li> Reviewed-by:
-
