- 26 Jul, 2018 1 commit
-
-
Kurt Roeckx authored
This changes the security level from 100 to 128 bit. We only have 1 define, this sets it to the highest level supported for DSA, and needed for keys larger than 3072 bit. Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by:
Paul Dale <paul.dale@oracle.com> GH: #6075
-
- 25 Jul, 2018 9 commits
-
-
Shane Lontis authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
Rich Salz authored
Thanks to Jiecheng Wu, Zuxing Gu for the report. Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6791)
-
Andy Polyakov authored
Problem was that Windows threads that were terminating before libcrypto was initialized were referencing uninitialized or possibly even unrelated thread local storage index. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
|ctx| recently became unconditionally non-NULL and is already dereferenced earlier. Reviewed-by:Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by:
-
- 24 Jul, 2018 7 commits
-
-
Richard Levitte authored
This is done by calling die again, just make sure to reset the __DIE__ handler first. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
David Benjamin authored
A number intended to treat the base as secret should not be branching on whether it is zero. Test-wise, this is covered by existing tests in bnmod.txt. Reviewed-by:
-
Richard Levitte authored
On the same note, change the 'NASM not found' message to give specific advice on how to handle the failure. Fixes #6765 Reviewed-by:
-
neighbads authored
asn1_encode : x, y => 0 | x,0 | y (because of DER encoding rules when x and y have high bit set) CLA: Trivial Reviewed-by:
-
Richard Levitte authored
If there's anything in the |biosk| stack, the first element is always the input BIO. It should never be freed in this function, so we must take careful steps not to do so inadvertently when freeing the stack. Reviewed-by:
-
- 23 Jul, 2018 3 commits
-
-
Andy Polyakov authored
Build jobs keep timing out initializing... Reviewed-by: -
Richard Levitte authored
The result is that we don't have to produce different names on different platforms, and we won't have confusion on Windows depending on if the script was built with mingw or with MSVC. Partial fix for #3254 Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6764)
-
Matt Caswell authored
In some circumstances it is possible for a client to have a session reporting a max early data value that is greater than the server will support. In such cases the client could encounter an aborted connection. Fixes #6735 Reviewed-by:
-
- 22 Jul, 2018 6 commits
-
-
Andy Polyakov authored
ecp_nistz256_set_from_affine is called when application attempts to use custom generator, i.e. rarely. Even though it was wrong, it didn't affect point operations, they were just not as fast as expected. Reviewed-by:
-
Andy Polyakov authored
The ecp_nistz256_scatter_w7 function is called when application attempts to use custom generator, i.e. rarely. Even though non-x86_64 versions were wrong, it didn't affect point operations, they were just not as fast as expected. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Richard Levitte authored
Fixes #6755 Reviewed-by:
-
Richard Levitte authored
As per RFC 7292. Fixes #6665 Reviewed-by:
-
- 20 Jul, 2018 10 commits
-
-
Benjamin Kaduk authored
The API used to set what SNI value to send in the ClientHello can also be used on server SSL objects, with undocumented and un-useful behavior. Unfortunately, when generic SSL_METHODs are used, s->server is still set, prior to the start of the handshake, so we cannot prevent this nonsensical usage at the present time. Leave a note to revisit this when ABI-breaking changes are permitted. Reviewed-by:
-
Benjamin Kaduk authored
In particular, adhere to the rule that we must not modify any property of an SSL_SESSION object once it is (or might be) in a session cache. Such modifications are thread-unsafe and have been observed to cause crashes at runtime. To effect this change, standardize on the property that SSL_SESSION->ext.hostname is set only when that SNI value has been negotiated by both parties for use with that session. For session resumption this is trivially the case, so only new handshakes are affected. On the client, the new semantics are that the SSL->ext.hostname is for storing the value configured by the caller, and this value is used when constructing the ClientHello. On the server, SSL->ext.hostname is used to hold the value received from the client. Only if the SNI negotiation is successful will the hostname be stored into the session object; the server can do this after it sends the ServerHello, and the client after it has received and processed the ServerHello. This obviates the need to remove the hostname from the session object in case of failed negotiation (a change that was introduced in commit 9fb6cb81 in order to allow TLS 1.3 early data when SNI was present in the ClientHello but not the session being resumed), which was modifying cached sessions in certain cases. (In TLS 1.3 we always produce a new SSL_SESSION object for new connections, even in the case of resumption, so no TLS 1.3 handshakes were affected.) Reviewed-by:
-
Benjamin Kaduk authored
These tiny functions only read from the input SSL, and we are about to use them from functions that only have a const SSL* available, so propagate const a bit further. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Matt Caswell authored
The spec says that a client MUST set legacy_version to TLSv1.2, and requires servers to verify that it isn't SSLv3. Fixes #6600 Reviewed-by:
-
Matt Caswell authored
Use the latest version of the test vectors available in: https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06 Reviewed-by:
-
- 19 Jul, 2018 2 commits
-
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
It is not valid to send early_data after an HRR has been received. Fixes #6734 Reviewed-by:
-
- 18 Jul, 2018 2 commits
-
-
Andy Polyakov authored
Reviewed-by:
David Benjamin <davidben@google.com> (Merged from https://github.com/openssl/openssl/pull/6664)
-
Andy Polyakov authored
Reviewed-by:
-
