- May 11, 2018
-
-
Matt Caswell authored
During a full handshake the server is the last one to "speak". The timer should continue to run until we know that the client has received our last flight (e.g. because we receive some application data). Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6196)
-
Matt Caswell authored
Otherwise we may end up in a hang when using blocking sockets Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6196)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6196)
-
Matt Caswell authored
Fixes #4929 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6196)
-
- May 08, 2018
-
-
Matt Caswell authored
The function CMS_RecipientInfo_set0_pkey() is a "set0" and therefore memory management passes to OpenSSL. If the same function is called again then we should ensure that any previous value that was set is freed first before we set it again. Fixes #5052 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6142) (cherry picked from commit 3d551b20)
-
- May 05, 2018
-
-
Emilia Kasper authored
- Reject fractional seconds - Reject offsets - Check that the date/time digits are in valid range. - Add documentation for X509_cmp_time GH issue 2620 Backported from 80770da3 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6181)
-
Todd Short authored
Earlier Apple Xcode compilers, e.g. one targeting Mac OS X 10.7, don't support dependency generation and one still has to use makedepend. It's unclear when it was fixed, but all clang-based Apple compilers seem to support -M options. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6167)
-
- May 04, 2018
-
-
Richard Levitte authored
When the input length is zero, just return zero early. Otherwise, there's a small chance that memory allocation is engaged, fails and returns -1, which is a bit confusing when nothing should be written. Fixes #4782 #4827 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/6175) (cherry picked from commit 0d94212a)
-
Richard Levitte authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6178)
-
Andy Polyakov authored
Montgomery multiplication post-conditions in some of code paths were formally non-constant time. Cache access pattern was result-neutral, but a little bit asymmetric, which might have produced a signal [if processor reordered load and stores at run-time]. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6163) (cherry picked from commit 774ff8fe) Resolved conflicts in ppc-mont.pl and x86_64-mont.pl.
-
- May 03, 2018
-
-
Dr. Matthias St. Pierre authored
Fixes #6121 Thanks to Mingtao Yang for reporting this bug. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6162)
-
Matt Caswell authored
Calculating BN_mod_inverse where n is 1 (or -1) doesn't make sense. We should return an error in that case. Instead we were returning a valid result with value 0. Fixes #6004 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6119) (cherry picked from commit b1860d6c)
-
- May 02, 2018
-
-
Matt Caswell authored
Commit 14e55560 added this function which should have taken a const argument. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6155)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6114)
-
Matt Caswell authored
The ciphers field in a session contains the stack of ciphers offered by the client. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6114)
-
Matt Caswell authored
The function SSL_get_shared_ciphers() is supposed to return ciphers shared by the client and the server. However it only ever returned the client ciphers. Fixes #5317 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6114)
-
Dr. Matthias St. Pierre authored
which is used for ASN1_STRING_print_ex*() and X509_NAME_print_ex*(). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6117)
-
- May 01, 2018
-
-
Benjamin Kaduk authored
Commit d316cdcf introduced some extra checks into the session-cache update procedure, intended to prevent the caching of sessions whose resumption would lead to a handshake failure, since if the server is authenticating the client, there needs to be an application-set "session id context" to match up to the authentication context. While that change is effective for its stated purpose, there was also some collatoral damage introduced along with the fix -- clients that set SSL_VERIFY_PEER are not expected to set an sid_ctx, and so their usage of session caching was erroneously denied. Fix the scope of the original commit by limiting it to only acting when the SSL is a server SSL. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5967) (cherry picked from commit c4fa1f7f)
-
Matt Caswell authored
Fixes #5061 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6140)
-
Matt Caswell authored
Specifically this is not supported with an even modulus and BN_FLG_CONSTTIME. Fixes #5082 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6138)
-
Matt Caswell authored
Fixes #5063 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6135)
-
- Apr 27, 2018
-
-
Matt Caswell authored
Make it clear that you should not attempt to get the version before the first handshake is complete. Fixes #2893 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6014)
-
Richard Levitte authored
Fixes #6098 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6104) (cherry picked from commit ff25dd1a)
-
Billy Brumley authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6101)
-
- Apr 26, 2018
-
-
Bernd Edlinger authored
Fixes: #5950 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6038) (cherry picked from commit 74a8acbd)
-
Matt Caswell authored
Note that calling the *use_certificate* functions will replace any existing certificate of the same type. The same thing applies for private keys. Fixes #2147 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6093)
-
Richard Levitte authored
In a recent commit, a OPENSSL_NO_UI guard was dropped by mistake in PEM_def_callback(), so this puts it back. At the same time, that previous commit got rid of the necessity to have a OPENSSL_NO_STDIO guard, so we drop that instead. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6096)
-
Richard Levitte authored
get_last_sys_error() already exists, so there's no need for yet another macro that fulfills the same purpose. Fixes #4120 Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6088) (cherry picked from commit b4c35656)
-
Richard Levitte authored
Add a bit more commentary to explain what's going on. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6080) (cherry picked from commit d6d94d33)
-
Richard Levitte authored
That error is already caught by EVP_read_pw_string_min, and causes this function to return -1, so the code detecting too short passwords in this function is practically dead. Fixes #5465 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6080) (cherry picked from commit 4977b4e9)
-
- Apr 25, 2018
-
-
Richard Levitte authored
Fixes #6083 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6084) (cherry picked from commit e6a833cb)
-
Richard Levitte authored
Fixes #5656 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6079) (cherry picked from commit 3625f6c9)
-
Matt Caswell authored
This option shows the certificates as sent by the server. It is not the full verified chain. Fixes #4933 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6068)
-
Matt Caswell authored
The MAX_CURVELIST macro defines the total number of in-built SSL/TLS curves that we support. However it has not been updated as new curves are added. Fixes #5232 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/6065) (cherry picked from commit ca50cd91)
-
- Apr 24, 2018
-
-
Matt Caswell authored
In 1.0.2 and below we always send the same client_version in a reneg ClientHello that we sent the first time around, regardless of what version eventually gets negotiated. According to a comment in statem_clnt.c this is a workaround for some buggy servers that choked if we changed the version used in the RSA encrypted premaster secret. In 1.1.0+ this behaviour no longer occurs. This restores the original behaviour. Fixes #1651 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6060)
-
Matt Caswell authored
Document the fact that if a session is not closed down cleanly then the session gets removed from the cache and marked as non-resumable. Fixes #4720 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6054)
-
Matt Caswell authored
In 1.1.0 and above we check the digest algorithm used to create signatures in intermediate CA certs. If it is not sufficiently strong then we reject the cert. To work out what digest was used we look at the OID for the signature. This works for most signatures, but not for RSA PSS where the digest is stored as parameter of the SignatureAlgorithmIdentifier. This results in the digest look up routines failing and the cert being rejected. PR #3301 added support for doing this properly in master. So in that branch this all works as expected. It also works properly in 1.0.2 where we don't have the digest checks at all. So the only branch where this fails is 1.1.0. PR #3301 seems too significant to backport to 1.1.0. Instead we simply skip the signature digest algorithm strength checks if we detect RSA PSS. Fixes #3558. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/6052)
-
Matt Caswell authored
In 1.0.2 you could configure automatic ecdh params by using the ECDHParameters config directive and setting it to the value "+Automatic" or just "Automatic". This is no longer required in 1.1.0+ but we still recognise the "+Automatic" keyword for backwards compatibility. However we did not recognise just "Automatic" without the leading "+" which is equally valid. This commit fixes that omission. Fixes #4113 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6036)
-
- Apr 23, 2018
-
-
Billy Brumley authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6009) (cherry picked from commit 39df5152)
-
Nicola Tuveri authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6009) (cherry picked from commit 736b31e5)
-