- Oct 04, 2017
-
-
Todd Short authored
When an SSL's context is swtiched from a ticket-enabled context to a ticket-disabled context in the servername callback, no session-id is generated, so the session can't be resumed. If a servername callback changes the SSL_OP_NO_TICKET option, check to see if it's changed to disable, and whether a session ticket is expected (i.e. the client indicated ticket support and the SSL had tickets enabled at the time), and whether we already have a previous session (i.e. s->hit is set). In this case, clear the ticket-expected flag, remove any ticket data and generate a session-id in the session. If the SSL hit (resumed) and switched to a ticket-disabled context, assume that the resumption was via session-id, and don't bother to update the session. Before this fix, the updated unit-tests in 06-sni-ticket.conf would fail test #4 (server1 = SNI, server2 = no SNI). Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/1529)
-
- Oct 03, 2017
-
-
FdaSilvaYY authored
Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
-
FdaSilvaYY authored
insert() or an explicit call to OPENSSL_sk_reserve Factorise STACK item deletion code Reviewed-by:
-
- Oct 02, 2017
-
-
Adam Langley authored
This change adds a comment to the exceptional case in point_add that handles the case of a doubling, which explains when this case may occur during normal processing. Thanks go to Antonio Sanso for noting this. Reviewed-by:
Emilia Käsper <emilia@openssl.org> Reviewed-by:
-
Bernd Edlinger authored
Change argument type of xxxelem_is_zero_int to const void* to avoid the need of type casts. Fixes #4413 Reviewed-by:
-
- Sep 29, 2017
-
-
Samuel Weiser authored
Reviewed-by:
-
Hubert Kario authored
BN_new() and BN_secure_new() not only allocate memory, but also initialise it to deterministic value - 0. Document that behaviour to make it explicit Reviewed-by:
-
- Sep 28, 2017
-
-
Pauli authored
the latter includes the former. Reviewed-by:
-
Pauli authored
Reviewed-by:
-
Pauli authored
Remove all stack headers from some includes that don't use them. Avoid a genearic untyped stack use. Update stack POD file to include the OPENSSL_sk_ API functions in the notes section. They were mentioned in the name section but not defined anywhere. Reviewed-by:
-
- Sep 27, 2017
-
-
Pauli authored
Reviewed-by:
-
Pauli authored
This allows the caller to guarantee that there is sufficient space for a number of insertions without reallocation. The expansion ratio when reallocating the array is reduced to 1.5 rather than 2. Change bounds testing to use a single size rather than both INT_MAX and SIZE_MAX. This simplifies some of the tests. Switch the stack pointers to data from char * to void * Reviewed-by:
-
Samuel Weiser authored
Reviewed-by:
-
Samuel Weiser authored
Fixed error in propagating BN_FLG_CONSTTIME flag through BN_MONT_CTX_set, which could lead to information disclosure on RSA primes p and q. Reviewed-by:
-
- Sep 26, 2017
-
-
David Benjamin authored
The pub_key field for DH isn't actually used in DH_compute_key at all. (Note the peer public key is passed in as as BIGNUM.) It's mostly there so the caller may extract it from DH_generate_key. It doesn't particularly need to be present if filling in a DH from external parameters. The check in DH_set0_key conflicts with adding OpenSSL 1.1.0 to Node. Their public API is a thin wrapper over the old OpenSSL one: https://nodejs.org/api/crypto.html#crypto_class_diffiehellman They have separate setPrivateKey and setPublicKey methods, so the public key may be set last or not at all. In 1.0.2, either worked fine since operations on DH objects generally didn't use the public key. (Like with OpenSSL, Node's setPublicKey method is also largely a no-op, but so it goes.) In 1.1.0, DH_set0_key prevents create a private-key-only DH object. Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotm...>
-
Dr. Stephen Henson authored
[extended tests] Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Rename tls1_get_curvelist to tls1_get_grouplist, change to void as it can never fail and remove unnecessary return value checks. Clean up the code. Reviewed-by:
-
Dr. Stephen Henson authored
Replace existing compression and groups check with two functions. tls1_check_pkey_comp() checks a keys compression algorithms is consistent with extensions. tls1_check_group_id() checks is a group is consistent with extensions and preferences. Rename tls1_ec_nid2curve_id() to tls1_nid2group_id() and make it static. Reviewed-by:
-
Dr. Stephen Henson authored
Setup EVP_PKEY structure from a group ID in ssl_generate_param_group, replace duplicate code with this function. Reviewed-by:
-
Dr. Stephen Henson authored
Replace tls1_ec_curve_id2nid() with tls_group_id_lookup() which returns the TLS_GROUP_INFO for the group. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Richard Levitte authored
Fixes #4419 Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4420)
-
- Sep 24, 2017
-
-
Saagar Jha authored
CLA: trivial Reviewed-by:
-
- Sep 23, 2017
-
-
Kurt Roeckx authored
Reviewed-by: -
Kurt Roeckx authored
Found by OSS-Fuzz and the tests Reviewed-by: -
Dr. Stephen Henson authored
Avoid duplicate assertion by removing dhparam from SSL_CONF parameter list: dhparam is handled manually by s_server. Reviewed-by:
-
Pichulin Dmitrii authored
Reviewed-by:
Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4405)
-
- Sep 22, 2017
-
-
Dr. Stephen Henson authored
Instead of storing supported groups in on-the-wire format store them as parsed uint16_t values. This simplifies handling of groups as the values can be directly used instead of being converted. Reviewed-by:
-
Andy Polyakov authored
The warning flag in question was added in GCC version 6, hence addition has to be conditional. Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4401)
-
David Benjamin authored
This guards against the name constraints check consuming large amounts of CPU time when certificates in the presented chain contain an excessive number of names (specifically subject email names or subject alternative DNS names) and/or name constraints. Name constraints checking compares the names presented in a certificate against the name constraints included in a certificate higher up in the chain using two nested for loops. Move the name constraints check so that it happens after signature verification so peers cannot exploit this using a chain with invalid signatures. Also impose a hard limit on the number of name constraints check loop iterations to further mitigate the issue. Thanks to NCC for finding this issue. Fix written by Martin Kreichgauer. Reviewed-by:
-
- Sep 21, 2017
-
-
Dr. Matthias St. Pierre authored
Reviewed-by:
-
Patrick Steuer authored
Compilation failed due to -Werror=misleading-indentation. Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
-
Andy Polyakov authored
Detect clang even if it's disguised, e.g. cross-compiler or invoked by explicit path name, and add the option based on that. Reviewed-by:
-
Benjamin Kaduk authored
This option was lost when converting to a table-driven option parser in commit 7e1b7485 . Reviewed-by:
-
- Sep 20, 2017
-
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
