- 10 May, 2017 2 commits
-
-
Matt Caswell authored
The function SSL_set_SSL_CTX() can be used to swap the SSL_CTX used for a connection as part of an SNI callback. One result of this is that the s->cert structure is replaced. However this structure contains information about any custom extensions that have been loaded. In particular flags are set indicating whether a particular extension has been received in the ClientHello. By replacing the s->cert structure we lose the custom extension flag values, and it appears as if a client has not sent those extensions. SSL_set_SSL_CTX() should copy any flags for custom extensions that appear in both the old and the new cert structure. Fixes #2180 Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3426)
-
Richard Levitte authored
TAP:Harness came along in perl 5.10.1, and since we claim to support perl 5.10.0 in configuration and testing, we can only load it conditionally. The main reason to use TAP::Harness rather than Test::Harness is its capability to merge stdout and stderr output from the test recipes, which Test::Harness can't. The merge gives much more comprehensible output when testing verbosely. Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3424) (cherry picked from commit 76e0d0b2)
-
- 09 May, 2017 1 commit
-
-
Matt Caswell authored
This trace option does not appear in Configure as a separate option and is undocumented. It can be switched on using "-DOPENSSL_SSL_TRACE_CRYPTO", however this does not compile in master or in any 1.1.0 released version. (cherry picked from commit eee2750b ) Reviewed-by:
-
- 08 May, 2017 1 commit
-
-
Meena Vyas authored
Fixed compilation warning in file aesgcm.c Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3406) (cherry picked from commit d396da33)
-
- 05 May, 2017 2 commits
-
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Perl, multiple versions, for some reason occasionally takes issue with letter b[?] in ox([0-9a-f]+) regex. As result some constants, such as 0xb1 came out wrong when generating code for MASM. Fixes GH#3241. Reviewed-by:
-
- 04 May, 2017 2 commits
-
-
Rich Salz authored
Reviewed-by:
-
Matt Caswell authored
The init code uses DSO_dsobyaddr() to leak a reference to ourselves to ensure we remain loaded until atexit() time. In some circumstances that can fail and leave stale errors on the error queue. Fixes #3372 Reviewed-by:
-
- 02 May, 2017 4 commits
-
-
Rich Salz authored
Fixes #2360 Reviewed-by:
-
Matt Caswell authored
Fixes #1653 reported by Guido Vranken Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
Todd Short authored
ASN1_GENERALIZEDTIME and ASN1_UTCTIME may be specified using offsets, even though that's not supported within certificates. To convert the offset time back to GMT, the offsets are supposed to be subtracted, not added. e.g. 1759-0500 == 2359+0100 == 2259Z. Reviewed-by:
-
- 30 Apr, 2017 1 commit
-
-
Andy Polyakov authored
"Next" refers to negative minimum "next" to one presentable by given number of bytes. For example, -128 is negative minimum presentable by one byte, and -256 is "next" one. Thanks to Kazuki Yamaguchi for report, GH#3339 Reviewed-by:
-
- 28 Apr, 2017 3 commits
-
-
Rich Salz authored
Bug found and fix suggested by Julian Rüth. Push error if fflush fails Reviewed-by:
-
Rich Salz authored
Also add a comment describing the file format. Reviewed-by:
-
Richard Levitte authored
When you want to debug a test that goes wrong, it's useful to know exactly what subprocess commands are run. Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
-
- 27 Apr, 2017 2 commits
-
-
Rich Salz authored
Reviewed-by:
-
Bernd Edlinger authored
It is not necessary to remove leading zeros here because RSA_padding_check_PKCS1_OAEP_mgf1 appends them again. As this was not done in constant time, this might have leaked timing information. Reviewed-by:
-
- 26 Apr, 2017 3 commits
-
-
Rob Percival authored
This resulted in the SCT timestamp check always failing, because the timestamp appeared to be in the future. Reviewed-by:
-
Rob Percival authored
The only SSL tests prior to this tested using certificates with no embedded Signed Certificate Timestamps (SCTs), which meant they couldn't confirm whether Certificate Transparency checks in "strict" mode were working. These tests reveal a bug in the validation of SCT timestamps, which is fixed by the next commit. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
- 25 Apr, 2017 9 commits
-
-
Andy Polyakov authored
Trouble was that integer negation wasn't producing *formally* correct result in platform-neutral sense. Formally correct thing to do is -(int64_t)u, but this triggers undefined behaviour for one value that would still be representable in ASN.1. The trigger was masked with (int64_t)(0-u), but this is formally inappropriate for values other than the problematic one. [Also reorder branches to favour most-likely paths and harmonize asn1_string_set_int64 with asn1_get_int64].] Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
i.e. reduce amount of branches and favour likely ones. Reviewed-by:
-
Matt Caswell authored
We were incorrectly using "res" when we meant "ai" Reviewed-by:
-
Matt Caswell authored
In SCTP the code was only allowing a send of a close_notify alert if the socket is dry. If the socket isn't dry then it was attempting to save away the close_notify alert to resend later when it is dry and then it returned success. However because the application then thinks that the close_notify alert has been successfully sent it never re-enters the DTLS code to actually resend the alert. A much simpler solution is to just fail with a retryable error in the event that the socket isn't dry. That way the application knows to retry sending the close_notify alert. Reviewed-by:
-
Matt Caswell authored
We were allocating the write buffer based on the size of max_send_fragment, but ignoring it when writing data. We should fragment handshake messages if they exceed max_send_fragment and reject application data writes that are too large. Reviewed-by:
-
Matt Caswell authored
There was code existing which attempted to handle the case where application data is received after a reneg handshake has started in SCTP. In normal DTLS we just fail the connection if this occurs, so there doesn't seem any reason to try and work around it for SCTP. In practice it didn't work properly anyway and is probably a bad idea to start with. Fixes #3251 Reviewed-by:
-
Bernard Spil authored
- unbuffer causes single-byte reads from stdin and poor performance Fixes #3281 CLA: trivial Reviewed-by:
-
- 24 Apr, 2017 3 commits
-
-
Rich Salz authored
Reviewed-by:
-
Richard Levitte authored
... on the theme "I could have sworn I saved that fix!" Reviewed-by:
-
Alex Gaynor authored
EV Guidelines section 9.2.5 says jurisdictionCountryName follows the same ASN.1 encoding rules as countryName. Reviewed-by:
-
- 23 Apr, 2017 2 commits
-
-
Richard Levitte authored
As far as I know, there is no MMS / MMK with parallellism today. However, it might be added in the future (perhaps in MMK at least), so we may as well prepare for it now. Reviewed-by:
-
Richard Levitte authored
jom is an nmake clone that does parallell building, via the same -j argument as GNU make. To make it work, we need to apply the same dependeency build up as done in 27c40a93 Fixes #3272 Reviewed-by:
-
- 22 Apr, 2017 2 commits
-
-
Camille Guérin authored
'X509_XTORE_CTX_cleanup' -> 'X509_STORE_CTX_cleanup' Reviewed-by:
Kurt Roeckx <kurt@openssl.org> Reviewed-by:
-
David Benjamin authored
BN_is_prime_fasttest_ex begins by rejecting if a <= 1. Then it goes to set A := abs(a), but a cannot be negative at this point. Reviewed-by:
-
- 19 Apr, 2017 1 commit
-
-
Rich Salz authored
Add callback function prototypes, fix description Reviewed-by:
-
- 18 Apr, 2017 1 commit
-
-
Thiago Arrais authored
Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> Reviewed-by:
-
- 17 Apr, 2017 1 commit
-
-
Rich Salz authored
If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an hint to an unsupported algorithm/curve (e.g. if binary EC support is disabled). Before this commit the issue arise for example if binary EC keys are added in evptests.txt, and the test is run when EC is enabled but EC2m is disabled. E.g. adding these lines to evptests.txt would reproduce the issue: ~~~ PrivateKey=KAS-ECC-CDH_K-163_C0 -----BEGIN PRIVATE KEY----- MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUAZlO2B3OY+tx79eYBWBcB SMPcRSehLgMsAAQHH4sod9YCfZwa3kJE8t6hJpLvI9UFwV7ndiIccrhLNHzjg/OA Z7icPpo= -----END PRIVATE KEY----- PublicKey=KAS-ECC-CDH_K-163_C0-PUBLIC -----BEGIN PUBLIC KEY----- MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBx+LKHfWAn2cGt5CRPLeoSaS7yPVBcFe 53YiHHK4SzR844PzgGe4nD6a -----END PUBLIC KEY----- PublicKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC -----BEGIN PUBLIC KEY----- MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBXQjbxQoxDITCUZ4Ols6q7bCfqXWB5CM JRuNoCHLrCgfEj969PrFs9u4 -----END PUBLIC KEY----- Derive=KAS-ECC-CDH_K-163_C0 PeerKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC Ctrl=ecdh_cofactor_mode:1 SharedSecret=04325bff38f1b0c83c27f554a6c972a80f14bc23bc ~~~ Reviewed-by:
-
