- Jan 26, 2017
-
-
Richard Levitte authored
When the client reads DH parameters from the TLS stream, we only checked that they all are non-zero. This change updates the check as follows: check that p is odd check that 1 < g < p - 1 Reviewed-by:Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
CVE-2017-3732 Reviewed-by:Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Originally a crash in 32-bit build was reported CHACHA20-POLY1305 cipher. The crash is triggered by truncated packet and is result of excessive hashing to the edge of accessible memory (or bogus MAC value is produced if x86 MD5 assembly module is involved). Since hash operation is read-only it is not considered to be exploitable beyond a DoS condition. Thanks to Robert Święcki for report. CVE-2017-3731 Reviewed-by:
-
- Jan 24, 2017
-
-
Bernd Edlinger authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2132) (cherry picked from commit 7928ee4d)
-
Bernd Edlinger authored
- s == NULL can mean c is a new session *or* lh_insert was unable to create a hash entry. - use lh_SSL_SESSION_retrieve to check for this error condition. - If it happens simply remove the extra reference again. Reviewed-by:
-
- Jan 23, 2017
-
-
Matt Caswell authored
The flag SSL_VERIFY_CLIENT_ONCE is documented as follows: B<Server mode:> only request a client certificate on the initial TLS/SSL handshake. Do not ask for a client certificate again in case of a renegotiation. This flag must be used together with SSL_VERIFY_PEER. B<Client mode:> ignored But the implementation actually did nothing. After the server sends its ServerKeyExchange message, the code was checking s->session->peer to see if it is NULL. If it was set then it did not ask for another client certificate. However s->session->peer will only be set in the event of a resumption, but a ServerKeyExchange message is only sent in the event of a full handshake (i.e. no resumption). The documentation suggests that the original intention was for this to have an effect on renegotiation, and resumption doesn't come into it. The fix is to properly check for renegotiation, not whether there is already a client certificate in the session. As far as I can tell this has been broken for a *long* time. Reviewed-by:
-
- Jan 20, 2017
-
-
Rich Salz authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2267)
-
Richard Levitte authored
When setting the digest parameter for DSA parameter generation, the signature MD was set instead of the parameter generation one. Fortunately, that's also the one that was used for parameter generation, but it ultimately meant the parameter generator MD and the signature MD would always be the same. Fixes github issue #2016 Reviewed-by:
-
- Jan 18, 2017
-
-
FdaSilvaYY authored
Reviewed-by:
-
- Jan 11, 2017
-
-
Rich Salz authored
Reviewed-by:
-
- Jan 10, 2017
-
-
Bernd Edlinger authored
Dont free rbuf_freelist here, SSL_CTX_free will do that. Signed-off-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
- Jan 09, 2017
-
-
Bernd Edlinger authored
Signed-off-by:
-
- Dec 29, 2016
-
-
Markus Triska authored
Reviewed-by:
-
- Dec 20, 2016
-
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
For now, checking that the size is non-zero will suffice. Reviewed-by:
-
- Dec 18, 2016
-
-
Finn Hakansson authored
Reviewed-by:
Kurt Roeckx <kurt@openssl.org> Reviewed-by:
-
- Dec 14, 2016
-
-
russor authored
Some versions of the Microsoft TLS stack have problems when the DHE public key is encoded with fewer bytes than the DHE prime. (Backported from master) Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
- Dec 13, 2016
-
-
Benjamin Kaduk authored
- Always process ALPN (previously there was an early return in the certificate status handling) 1.0.2 did not have the double-alert issue from master, but it seems cleanest to pull in the structural change to alert handling anyway and jump to f_err instead of err to send the alert in the caller. (cherry picked from commit 70c22888 ) Reviewed-by:
Emilia Käsper <emilia@openssl.org> Reviewed-by:
-
- Dec 12, 2016
-
-
Andy Polyakov authored
$1<<32>>32 worked fine with either 32- or 64-bit perl for a good while, relying on quirk that [pure] 32-bit perl performed it as $1<<0>>0. But this apparently changed in some version past minimally required 5.10, and operation result became 0. Yet, it went unnoticed for another while, because most perl package providers configure their packages with -Duse64bitint option. Reviewed-by:
-
- Dec 10, 2016
-
-
Richard Levitte authored
If on a non-tty stdin, TTY_get() will fail with errno == ENODEV. We didn't catch that. Reviewed-by:
-
Richard Levitte authored
On all platforms, if the controlling tty isn't an actual tty, this is flagged by setting is_a_tty to zero... except on VMS, where this was treated as an error. Change this to behave like the other platforms. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
- Dec 08, 2016
-
-
Richard Levitte authored
A bang (!) slipped through in the recent UI cleanup Reviewed-by:
-
Richard Levitte authored
Mostly condition check changes. Reviewed-by:
-
- Nov 29, 2016
-
-
Matt Caswell authored
Commit fa4c3745 got reverted, so this one also needs to be reverted as a result. This reverts commit ad69a303 . Reviewed-by:
-
- Nov 27, 2016
-
-
Vitezslav Cizek authored
Move rsa_key initialization in front of load_config(). If loading the config fails, rsa_key isn't initialized and may cause invalid free() in the end: cleanup. Remove superfluous memset. Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
-
- Nov 26, 2016
-
-
Andy Polyakov authored
This is 1.0.2-specific reformat of 5ae5dc96 . Reviewed-by:
-
- Nov 25, 2016
-
-
Andy Polyakov authored
GH issue #1916 affects only big-endian platforms. TLS is not affected, because TLS fragment is never big enough. Reviewed-by:
-
- Nov 22, 2016
-
-
Richard Levitte authored
Reviewed-by:
-
- Nov 21, 2016
-
-
Kurt Roeckx authored
Backport of beacb0f0, revert of fa4c3745 Fixes: #1903 Reviewed-by:
-
- Nov 18, 2016
-
-
Beat Bolli authored
In the X509_NAME_get_index_by_NID.pod example, the initialized variable is called "loc", but the one used in the for loop is called "lastpos". Make the names match. CLA: trivial Reviewed-by:
-
- Nov 16, 2016
-
-
Orgad Shaneh authored
also on systems with makedepend that does not report its version, or that its version does not contain "gcc" or "clang". Some versions of makedepends just overwrite Makefile. Preserve the timestamp of the previous Makefile, and copy it back if it is unchanged. Reviewed-by:
-
Orgad Shaneh authored
... on systems with symlinks. Creating or overwriting a symlink sets the file ctime to the current time. This causes needless rebuilds because the time of all the headers is changed, and apparently make considers the link's time rather than the time of the target. Reviewed-by:
-
Orgad Shaneh authored
Reviewed-by:
-
Orgad Shaneh authored
... on systems without symlinks. Overwriting all the headers on each Configure causes full rebuild even if nothing has changed. Reviewed-by:
-
Orgad Shaneh authored
When Makefile/opensslconf.h is unchanged, don't write it at all. Currently every time Configure is executed, these files are overwritten. Makefile leads to regeneration of buildinf.h, and opensslconf.h is itself a central header. As a result, Configure triggers full rebuild, even if nothing is changed. Reviewed-by:
-
Rich Salz authored
Factorise multiple bn_get_top(group->field) calls Add missing checks on some conditional BN_copy return value Add missing checks on some BN_copy return value Add missing checks on a few bn_wexpand return value Reviewed-by:
-
- Nov 13, 2016
-
-
Matthias Kraft authored
Avoid a memory alignment issue. Signed-off-by:
Matthias Kraft <Matthias.Kraft@softwareag.com> CLA: trivial Reviewed-by:
-
