- 03 Apr, 2018 8 commits
-
-
Matt Caswell authored
Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5795)
-
Matt Caswell authored
Where a CMS detached signature is used with text content the text goes through a canonicalisation process first prior to signing or verifying a signature. This process strips trailing space at the end of lines, converts line terminators to CRLF and removes additional trailing line terminators at the end of a file. A bug in the canonicalisation process meant that some characters, such as form-feed, were incorrectly treated as whitespace and removed. This is contrary to the specification (RFC5485). This fix could mean that detached text data signed with an earlier version of OpenSSL 1.1.0 may fail to verify using the fixed version, or text data signed with a fixed OpenSSL may fail to verify with an earlier version of OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data and use the "-binary" flag (for the "cms" command line application) or set the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()). Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5791)
-
Bernd Edlinger authored
Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5826) (cherry picked from commit 1518c55a)
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Thanks to Sem Voigtländer for reporting this issue. Reviewed-by:
-
- 02 Apr, 2018 1 commit
-
-
FdaSilvaYY authored
in methods : - EVP_PBE_scrypt - EVP_PKEY_meth_add0 - EVP_PKEY_meth_new - EVP_PKEY_CTX_dup Backport of 3484236d Reviewed-by:
-
- 01 Apr, 2018 2 commits
-
-
Daniel Bevenius authored
It looks like the usage of these functions were removed in in commit 0a4edb93 ("Unified - adapt the generation of cpuid, uplink and buildinf to use GENERATE"). This commit removes the import/use of File::Spec::Functions module as it is no longer needed by crypto/build.info. Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
-
Richard Levitte authored
Because many of our test programs use internal headers, we need to make sure they know how, exactly, to mangle the symbols. So far, we've done so by specifying it in the affected test programs, but as things change, that will develop into a goose chase. Better then to declare once and for all how symbols belonging in our libraries are meant to be treated, internally as well as publically. Reviewed-by:
-
- 31 Mar, 2018 1 commit
-
-
Richard Levitte authored
test/cipherlist_test.c is an internal consistency check, and therefore requires that the shared library it runs against matches what it was built for. test/recipes/test_cipherlist.t is made to refuse running unless library version and build version match. This adds a helper program test/versions.c, that simply displays the library and the build version. Partially fixes #5751 Reviewed-by:
-
- 29 Mar, 2018 3 commits
-
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Instead of invoking the fuzz test programs once for every corpora file, we invoke them once for each directory of corpora files. This dramatically reduces the number of program invokations, as well as the time 90-test_fuzz.t takes to complete. fuzz/test-corpus.c was enhanced to handle directories as well as regular files. Reviewed-by:
-
Richard Levitte authored
This wasn't a good solution, too many things depend on the quotes being there consistently. This reverts commit 49cd47ea . Fixes #5772 Reviewed-by:
-
- 28 Mar, 2018 1 commit
-
-
Matt Caswell authored
If a server has been configured to use an ECDSA certificate, we should allow it regardless of whether the server's own supported groups list includes the certificate's group. Fixes #2033 Reviewed-by:
-
- 27 Mar, 2018 12 commits
-
-
Philippe Antoine authored
Reviewed-by:
-
Miroslav Suk authored
ts/ts_rsp_sign.c: change to OPENSSL_gmtime. Reviewed-by:
-
Rich Salz authored
CLA: trivial Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
-
Matt Caswell authored
If we don't have OID data for an object then we should fail if we are asked to encode the ASN.1 for that OID. Fixes #5723 Reviewed-by:
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Andy Polyakov authored
Comparison was effectively reduced to least significant bits. CVE-2018-0733 Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Constructed types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. Therefore we limit the stack depth. CVE-2018-0739 Credit to OSSFuzz for finding this issue. Reviewed-by: -
Richard Levitte authored
Reviewed-by:
-
- 26 Mar, 2018 2 commits
-
-
Bernd Edlinger authored
openssl x509 -in server.pem -signkey privkey.pem -out server.pem Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
- 25 Mar, 2018 1 commit
-
-
Bernd Edlinger authored
Reviewed-by:
-
- 22 Mar, 2018 1 commit
-
-
Bernd Edlinger authored
Reviewed-by:
-
- 21 Mar, 2018 8 commits
-
-
Matt Caswell authored
Fixes #5711 Reviewed-by:
-
Samuel Weiser authored
Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
Samuel Weiser authored
Reviewed-by:
-
Samuel Weiser authored
Replaced variable-time GCD with consttime inversion to avoid side-channel attacks on RSA key generation Reviewed-by:
-
Bernd Edlinger authored
Various code-cleanups. Use SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY) insead of handling SSL_ERROR_WANT_READ everywhere. Turn off the linger option on connected sockets to avoid failure. Add BIO_set_conn_mode(conn, BIO_SOCK_NODELAY) to improve thruput. Continue test even without -cipher option as in 1.0.2. Reviewed-by:
-
Matt Caswell authored
For DTLS/SCTP we were waiting for a dry event during the call to tls_finish_handshake(). This function just tidies up various internal things, and after it completes the handshake is over. I can find no good reason for waiting for a dry event here, and nothing in RFC6083 suggests to me that we should need to. More importantly though it seems to be wrong. It is perfectly possible for a peer to send app data/alerts/new handshake while we are still cleaning up our handshake. If this happens then we will never get the dry event and so we cannot continue. Reviewed-by:
-
Matt Caswell authored
At a couple of points in a DTLS/SCTP handshake we need to wait for a dry event before continuing. However if an alert has been sent by the peer then we will never receive that dry event and an infinite loop results. This commit changes things so that we attempt to read a message if we are waiting for a dry event but haven't got one yet. This should never succeed, but any alerts will be processed. Fixes #4763 Reviewed-by:
-
Benjamin Kaduk authored
The sid_ctx is something of a "certificate request context" or a "session ID context" -- something from the application that gives extra indication of what sort of thing this session is/was for/from. Without a sid_ctx, we only know that there is a session that we issued, but it could have come from a number of things, especially with an external (shared) session cache. Accordingly, when resuming, we will hard-error the handshake when presented with a session with zero-length sid_ctx and SSL_VERIFY_PEER is set -- we simply have no information about the peer to verify, so the verification must fail. In order to prevent these future handshake failures, proactively decline to add the problematic sessions to the session cache. Reviewed-by:
-
