- Aug 28, 2014
-
-
Dr. Stephen Henson authored
Since sanity checks are performed for all custom extensions the serverinfo checks are no longer needed. Reviewed-by:
Emilia Käsper <emilia@openssl.org> (cherry picked from commit 707b026d) Conflicts: ssl/ssl3.h ssl/t1_lib.c
-
Dr. Stephen Henson authored
Reject attempts to use extensions handled internally. Add flags to each extension structure to indicate if an extension has been sent or received. Enforce RFC5246 compliance by rejecting duplicate extensions and unsolicited extensions and only send a server extension if we have sent the corresponding client extension. Reviewed-by:
-
Dr. Stephen Henson authored
Use the same structure for client and server custom extensions. Add utility functions in new file t1_ext.c. Use new utility functions to handle custom server and client extensions and remove a lot of code duplication. Reviewed-by:
-
Dr. Stephen Henson authored
Move custom extension structures from SSL_CTX to CERT structure. This change means the form can be revised in future without binary compatibility issues. Also since CERT is part of SSL structures so per-SSL custom extensions could be supported in future as well as per SSL_CTX. Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
-
Emilia Kasper authored
Pull constant-time methods out to a separate header, add tests. Reviewed-by:
Bodo Moeller <bodo@openssl.org> (cherry picked from commit 5a3d21c0) Conflicts: ssl/s3_cbc.c test/Makefile
-
Raphael Spreitzer authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> (cherry picked from commit f9fb43e1)
-
Rich Salz authored
Add the wrapper to all public header files (Configure generates one). Don't bother for those that are just lists of #define's that do renaming. Reviewed-by:
-
- Aug 27, 2014
-
-
Emilia Kasper authored
The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer when the buffer length is 0. Change this to verify explicitly that the ASN.1 string has positive length. Reviewed-by:Dr Stephen Henson <steve@openssl.org> (cherry picked from commit 82dc08de54ce443c2a9ac478faffe79e76157795)
-
Matt Caswell authored
When d2i_ECPrivateKey reads a private key with a missing (optional) public key, generate one automatically from the group and private key. Reviewed-by: -
Adam Langley authored
This change saves several EC routines from crashing when an EC_KEY is missing a public key. The public key is optional in the EC private key format and, without this patch, running the following through `openssl ec` causes a crash: -----BEGIN EC PRIVATE KEY----- MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH -----END EC PRIVATE KEY----- Reviewed-by: -
Mihai Militaru authored
I also removed some trailing whitespace and cleaned up the "see also" list. Reviewed-by:
-
- Aug 26, 2014
-
-
John Fitzgibbon authored
Extra SSL_get_selected_srtp_profile() declaration in ssl/srtp.h causes -Werror builds to fail. Cherry-picked from 3609b023 Reviewed-by:
-
David Gatwood authored
The description of when the server creates a DH key is confusing. This cleans it up. (rsalz: also removed trailing whitespace.) Reviewed-by:Viktor Dukhovni <viktor@openssl.org>
-
- Aug 25, 2014
-
-
Jan Schaumann authored
The EXAMPLE that used FILE and RC2 doesn't compile due to a few minor errors. Tweak to use IDEA and AES-128. Remove examples about RC2 and RC5. Reviewed-by:
-
- Aug 24, 2014
-
-
Matt Caswell authored
This patch was submitted by user "Kox" via the wiki Reviewed-by:
-
- Aug 22, 2014
-
-
Adam Langley authored
Limit the number of empty records that will be processed consecutively in order to prevent ssl3_get_record from never returning. Reported by "oftc_must_be_destroyed" and George Kadianakis. Reviewed-by: -
Adam Langley authored
Reviewed-by:
-
Emilia Kasper authored
Clarify the intended use of EVP_PKEY_sign. Make the code example compile. Reviewed-by:
-
- Aug 21, 2014
-
-
Emilia Kasper authored
In Visual Studio, inline is available in C++ only, however __inline is available for C, see http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
-
Emilia Kasper authored
Reviewed-by:
Andy Polyakov <appro@openssl.org> (cherry picked from commit da92be4d)
-
- Aug 20, 2014
-
-
Andy Polyakov authored
RT: 2835 Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
- Aug 15, 2014
-
-
Matt Caswell authored
PR#3450 Reviewed-by: -
Istvan Noszticzius authored
Reviewed-by:
-
- Aug 13, 2014
-
-
Bodo Moeller authored
group_order_tests (ectest.c). Also fix the EC_POINTs_mul documentation (ec.h). Reviewed-by:
-
- Aug 08, 2014
-
-
Dr. Stephen Henson authored
The addition of SRP authentication needs to be checked in various places to work properly. Specifically: A certificate is not sent. A certificate request must not be sent. Server key exchange message must not contain a signature. If appropriate SRP authentication ciphersuites should be chosen. Reviewed-by:Matt Caswell <matt@openssl.org> (cherry picked from commit 8f5a8805b82d1ae81168b11b7f1506db9e047dec)
-
Dr. Stephen Henson authored
Reviewed-by:
-
- Aug 07, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by:
-
- Aug 06, 2014
-
-
Dr. Stephen Henson authored
Check SRP parameters when they are received so we can send back an appropriate alert. Reviewed-by:Kurt Roeckx <kurt@openssl.org>
-
Dr. Stephen Henson authored
Invalid parameters passed to the SRP code can be overrun an internal buffer. Add sanity check that g, A, B < N to SRP code. Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC Group for reporting this issue.
-
Dr. Stephen Henson authored
If a client attempted to use an SRP ciphersuite and it had not been set up correctly it would crash with a null pointer read. A malicious server could exploit this in a DoS attack. Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon for reporting this issue. CVE-2014-2970 Reviewed-by: -
Gabor Tyukasz authored
CVE-2014-3509 Reviewed-by:
-
Emilia Kasper authored
- Upon parsing, reject OIDs with invalid base-128 encoding. - Always NUL-terminate the destination buffer in OBJ_obj2txt printing function. CVE-2014-3508 Reviewed-by:
-
Emilia Käsper authored
CVE-2014-3510 Reviewed-by: -
David Benjamin authored
CVE-2014-3511 Reviewed-by:
-
Adam Langley authored
In a couple of functions, a sequence number would be calculated twice. Additionally, in |dtls1_process_out_of_seq_message|, we know that |frag_len| <= |msg_hdr->msg_len| so the later tests for |frag_len < msg_hdr->msg_len| can be more clearly written as |frag_len != msg_hdr->msg_len|, since that's the only remaining case. Reviewed-by:
-
Matt Caswell authored
Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS fragment would cause *ok to be clear, but the return value would still be the number of bytes read. Problem identified by Emilia Käsper, based on previous issue/patch by Adam Langley. Reviewed-by: -
Adam Langley authored
Previously, a truncated DTLS fragment in |dtls1_process_out_of_seq_message| would cause *ok to be cleared, but the return value would still be the number of bytes read. This would cause |dtls1_get_message| not to consider it an error and it would continue processing as normal until the calling function noticed that *ok was zero. I can't see an exploit here because |dtls1_get_message| uses |s->init_num| as the length, which will always be zero from what I can see. Reviewed-by:
-
