- Feb 17, 2017
-
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
-
Matt Caswell authored
Too many KeyUpdate message could be inicative of a problem (e.g. an infinite KeyUpdate loop if the peer always responds to a KeyUpdate message with an "update_requested" KeyUpdate response), or (conceivably) an attack. Either way we limit the number of KeyUpdate messages we are prepared to handle. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
-
Matt Caswell authored
This just receives the message. It doesn't actually update any keys yet. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
-
Matt Caswell authored
This implements the server side KeyUpdate sending capability as well. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2609)
-
David Benjamin authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2655)
-
- Feb 16, 2017
-
-
Richard Levitte authored
Fortunately, "openssl verify" makes good use of that API Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2652)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2652)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2650)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2643)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2643)
-
Dr. Stephen Henson authored
For client auth call tls_choose_sigalg to select the certificate and signature algorithm. Use the selected algorithm in tls_construct_cert_verify. Remove obsolete tls12_get_sigandhash. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2643)
-
Dr. Stephen Henson authored
Select appropriate signature algorithm and certificate for client authentication using tls_choose_sigalg. A lot of selection logic is very similar except not finding a certificate is not a fatal error: we just do not present a certificate. For TLS 1.2 and earlier we only check the current certificate is suitable (for compatibility with previous logic) for TLS 1.3 (where there are no compatibility issues) we support multiple client certificates for different algorithms. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2643)
-
lrns authored
Change req_check_len error message, it also accepts 20 bytes, but states 'less than' in the error message Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2648)
-
Benjamin Kaduk authored
The intent seems to be that the WIN32 symbol is for things that are a direct byproduct of being a windows-variant configuration and should be used for feature en/disablement on windows systems. Use of the _WIN32 symbol is more widespread, being used to implement platform portability of more generic code. We do define WIN32 in some situations in e_os.h, but that is not included universally. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2642)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Following on from CVE-2017-3733, this removes the OPENSSL_assert() check that failed and replaces it with a soft assert, and an explicit check of value with an error return if it fails. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
In 1.1.0 changing the ciphersuite during a renegotiation can result in a crash leading to a DoS attack. In master this does not occur with TLS (instead you get an internal error, which is still wrong but not a security issue) - but the problem still exists in the DTLS code. The problem is caused by changing the flag indicating whether to use ETM or not immediately on negotiation of ETM, rather than at CCS. Therefore, during a renegotiation, if the ETM state is changing (usually due to a change of ciphersuite), then an error/crash will occur. Due to the fact that there are separate CCS messages for read and write we actually now need two flags to determine whether to use ETM or not. CVE-2017-3733 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
In 1.1.0 changing the ciphersuite during a renegotiation can result in a crash leading to a DoS attack. In master this does not occur with TLS (instead you get an internal error, which is still wrong but not a security issue) - but the problem still exists in the DTLS code. This commit provides a test for the issue. CVE-2017-3733 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2644)
-
Robert Scheck authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2629)
-
Kazuki Yamaguchi authored
Fix a typo. Probably this has not been found because EVP_CIPHER_CTX is smaller than EVP_CHACHA_AEAD_CTX and heap overflow does not occur. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2294)
-
- Feb 15, 2017
-
-
Andy Polyakov authored
Capability probing by catching SIGILL appears to be problematic on iOS. But since Apple universe is "monocultural", it's actually possible to simply set pre-defined processor capability mask. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2617)
-
Andy Polyakov authored
Three modules were left behind in a2859927 . Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2617)
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2637)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Bernd Edlinger authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2636)
-
Matt Caswell authored
Causes make update to fail. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2634)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2623)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2623)
-
Dr. Stephen Henson authored
Use negotiated signature algorithm and certificate index in tls_construct_key_exchange instead of recalculating it. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2623)
-
Dr. Stephen Henson authored
Now the certificate and signature algorithm is set in one place we can use it directly insetad of recalculating it. The old functions ssl_get_server_send_pkey() and ssl_get_server_cert_index() are no longer required. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2623)
-