- Aug 15, 2017
-
-
FdaSilvaYY authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4167)
-
Benjamin Kaduk authored
The existing function SSL_get_current_cipher() queries the current session for the ciphersuite in use, but there is no way for application code to determine what ciphersuite has been negotiated and will be used in the future, prior to ChangeCipherState (or the TLS 1.3 equivalent) causing the new cipher to take effect and become visible in the session information. Expose this information to appropriate application callbacks to use during the handshake. The name SSL_get_pending_cipher() was chosen for compatibility with BoringSSL's routine of that name. Improve the note on macro implementations in SSL_get_current_cipher.pod while here. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4070)
-
Benjamin Kaduk authored
Commit 02f0274e moved ALPN processing into an extension finalization function, as the only documented ordering requirement from previous commits was that ALPN processing occur after SNI processing, and SNI processing is performed before the extension finalization step. However, it is useful for applications' alpn_select callbacks to run after ciphersuite selection as well -- at least one application protocol specification (HTTP/2) imposes restrictions on which ciphersuites are usable with that protocol. Since it is generally more preferrable to have a successful TLS connection with a default application protocol than to fail the TLS connection and not be able to have the preferred application protocol, it is good to give the alpn_select callback information about the ciphersuite to be used, so that appropriate restrctions can be enforced in application code. Accordingly, split the ALPN handling out into a separate tls_handl_alpn() function akin to tls_handle_status_request(), called from tls_post_process_client_hello(). This is an alternative to resuscitating ssl_check_clienthello_tlsext_late(), something of an awkwward name itself. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4070)
-
Rich Salz authored
This reverts commit c4d2e483 . Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4160)
-
Paul Yang authored
Although this piece of code will not be compiled at current stage, but there seems a plan to re-open the 'no-rsa' option in the future so this should be fixed. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4161)
-
Richard Levitte authored
Since OSSL_STORE_open() tries with the 'file' scheme loader first, and then on the loader implied by the URI if the former fails, the former leaves an error on the error stack. This is confusing, so let's clear the error stack on success. The implementation uses ERR_set_mark, ERR_pop_to_mark and ERR_clear_last_mark to make sure caller errors are preserved as much as possible. Fixes #4089 Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4094)
-
Richard Levitte authored
This allows callers to set a mark, and then clear it without removing the errors. Useful in case an error is encountered that should be returned up the call stack. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4094)
-
Richard Levitte authored
There already is a scrypt.c in crypto/kdf/, both becoming script.o or script.obj. With some linkers, the same object files name more than once means one of them is dropped, either when building shared libraries or when building executables from static libraries. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4164)
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4069)
-
Richard Levitte authored
Instead of having perl modules under test/testlib, util and util/perl, consolidate them all to be inside util/perl. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4069)
-
- Aug 14, 2017
-
-
Rich Salz authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4160)
-
Rich Salz authored
Write missing prime.pod and srp.pod Implement -c in find-doc-nits (for command options) Other fixes to some manpages Use B<-I<digest|cipher>> notation Split up multiple flags into a single entry in the synopsis. Add -1 and missing-help to list command. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4144)
-
- Aug 13, 2017
-
-
Rich Salz authored
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4150)
-
- Aug 12, 2017
-
-
FdaSilvaYY authored
[skip ci] Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4149)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4137)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4137)
-
- Aug 11, 2017
-
-
Johannes Bauer authored
This fixes issue #3043, which ultimately was reported because documentation was not clear on the meaning of the "-ignore_err" option. Update both command line documentation and add this option to manpage. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4143)
-
FdaSilvaYY authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4108)
-
Rich Salz authored
Use an inline rand.inc; this fixes Google's OSS-Fuzz builds. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4141)
-
Jon Spillett authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4139)
-
Jon Spillett authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4139)
-
- Aug 10, 2017
-
-
Dr. Stephen Henson authored
Fix warning and don't use binary field certificate for ECDH CMS key only test. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4134)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4134)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4134)
-
David von Oheimb authored
Discussion is in https://github.com/openssl/openssl/issues/4127 Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4131)
-
- Aug 09, 2017
-
-
Benjamin Kaduk authored
If s->hit is set, s->session corresponds to a session created on a previous connection, and is a data structure that is potentially shared across other SSL objects. As such, there are thread-safety issues with modifying the structure without taking its lock (and of course all corresponding read accesses would also need to take the lock as well), which have been observed to cause double-frees. Regardless of thread-safety, the resumed session object is intended to reflect parameters of the connection that created the session, and modifying it to reflect the parameters from the current connection is confusing. So, modifications to the session object during ClientHello processing should only be performed on new connections, i.e., those where s->hit is not set. The code mostly got this right, providing such checks when processing SNI and EC point formats, but the supported groups (formerly supported curves) extension was missing it, which is fixed by this commit. However, TLS 1.3 makes the suppported_groups extension mandatory (when using (EC)DHE, which is the normal case), checking for the group list in the key_share extension processing. But, TLS 1.3 only [0] supports session tickets for session resumption, so the session object in question is the output of d2i_SSL_SESSION(), and will not be shared across SSL objects. Thus, it is safe to modify s->session for TLS 1.3 connections. [0] A psk_find_session callback can also be used, but the restriction that each callback execution must produce a distinct SSL_SESSION structure can be documented when the psk_find_session callback documentation is completed. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4123)
-
Tomas Mraz authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4122)
-
Benjamin Kaduk authored
When we are using the internal cache we have to make a copy of the session before removing it from the parent context's cache, since we want our copy to still be resumable. However, SSL_CTX_remove_session() just detaches the session from the SSL_CTX; it does not free the session. So, we must call SSL_SESSION_free() ourselves before overwriting the variable that we dup'd from. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4126)
-
Rich Salz authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4125)
-
Xiaoyin Liu authored
In the generated HTML document, the `<pre>` tag is not closed. This patch also has a trivial code-style improvement, unrelated to the bug fix. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4088)
-
Paul Yang authored
Code Health (Tuesday?): Parameters' names are not correct. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4117)
-
Paul Yang authored
This is a 'code health' commit to respond to this round of code health Tuesday... Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4099)
-
Matt Caswell authored
In particular this covers the scenario mentioned in #4014 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4072)
-
Matt Caswell authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4072)
-
- Aug 08, 2017
-
-
Johannes Bauer authored
Building without the scrypt KDF is now possible, the OPENSSL_NO_SCRYPT define is honored in code. Previous this lead to undefined references. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4116)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4115)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4115)
-
Johannes Bauer authored
Added manpage for the new scrypt EVP_PKEY_METHOD KDF interface. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4026)
-
Johannes Bauer authored
Added the pkey_meth_kdf_test tests which test the PKEY_METHOD macros (at the moment, of HKDF and scrypt). Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4026)
-