Skip to content
  1. May 25, 2017
  2. May 17, 2017
  3. May 11, 2017
  4. May 10, 2017
    • Matt Caswell's avatar
      Copy custom extension flags in a call to SSL_set_SSL_CTX() · ea3fc601
      Matt Caswell authored
      
      
      The function SSL_set_SSL_CTX() can be used to swap the SSL_CTX used for
      a connection as part of an SNI callback. One result of this is that the
      s->cert structure is replaced. However this structure contains information
      about any custom extensions that have been loaded. In particular flags are
      set indicating whether a particular extension has been received in the
      ClientHello. By replacing the s->cert structure we lose the custom
      extension flag values, and it appears as if a client has not sent those
      extensions.
      
      SSL_set_SSL_CTX() should copy any flags for custom extensions that appear
      in both the old and the new cert structure.
      
      Fixes #2180
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/3427)
      ea3fc601
  5. May 05, 2017
  6. May 02, 2017
  7. Apr 30, 2017
  8. Apr 27, 2017
  9. Apr 24, 2017
  10. Apr 22, 2017
  11. Apr 13, 2017
  12. Apr 11, 2017
  13. Apr 04, 2017
  14. Apr 03, 2017
  15. Mar 31, 2017
  16. Mar 29, 2017
  17. Mar 26, 2017
    • Andy Polyakov's avatar
      aes/asm/bsaes-armv7.pl: relax stack alignment requirement. · 72c0482d
      Andy Polyakov authored
      
      
      Even though Apple refers to Procedure Call Standard for ARM Architecture
      (AAPCS), they apparently adhere to custom version that doesn't follow
      stack alignment constraints in the said standard. [Why or why? If it's
      vendor lock-in thing, then it would be like worst spot ever.] And since
      bsaes-armv7 relied on standard alignment, it became problematic to
      execute the code on iOS.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit 0822d41b)
      72c0482d
  18. Mar 25, 2017
  19. Mar 24, 2017
  20. Mar 23, 2017
  21. Mar 22, 2017
  22. Mar 21, 2017
  23. Mar 20, 2017
    • Richard Levitte's avatar
      Fix decoding of ASN.1 LONG and ZLONG items · 2e5adeb2
      Richard Levitte authored
      
      
      LONG and ZLONG items (which are OpenSSL private special cases of
      ASN1_INTEGER) are encoded into DER with padding if the leading octet
      has the high bit set, where the padding can be 0x00 (for positive
      numbers) or 0xff (for negative ones).
      
      When decoding DER to LONG or ZLONG, the padding wasn't taken in
      account at all, which means that if the encoded size with padding
      is one byte more than the size of long, decoding fails.  This change
      fixes that issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/3000)
      (cherry picked from commit ca2045dc)
      2e5adeb2