- Jan 25, 2017
-
-
Matt Caswell authored
Lots of references to 16 replaced by AES_BLOCK_SIZE. Also a few other style tweaks in that function Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2275) (cherry picked from commit 0ba5a9ea)
-
- Jan 24, 2017
-
-
Richard Levitte authored
Instead of looking for "200" and "established" (and failing all other 2xx responses or "Established"), let's look for a line that's not a header (i.e. doesn't contain a ':') and where the first space is followed by a '2'. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1664) (cherry picked from commit ec2a0e60)
-
Andy Polyakov authored
This is 1.1.0-specific 8f77fab8 redux. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Todd Short authored
Remove duplicate defines from EVP source files. Most of them were in evp.h, which is always included. Add new ones evp_int.h EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK is now always defined in evp.h, so remove conditionals on it Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2201) (cherry picked from commit 9d6fcd42)
-
Bernd Edlinger authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2132) (cherry picked from commit 7928ee4d)
-
Benjamin Kaduk authored
Well, not as much, at least. Commit 07afdf3c changed things so that for SSLv2 format ClientHellos we store the cipher list in the TLS format, i.e., with two bytes per cipher, to be consistent with historical behavior. However, the space allocated for the array still performed the computation with three bytes per cipher, a needless over-allocation (though a relatively small one, all things considered). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2281) (cherry picked from commit f1429b85)
-
Matt Caswell authored
SSL_get0_raw_cipherlist() was a little too "raw" in the case of an SSLv2 compat ClientHello. In 1.0.2 and below, during version negotiation, if we received an SSLv2 compat ClientHello but actually wanted to do SSLv3+ then we would construct a "fake" SSLv3+ ClientHello. This "fake" ClientHello would have its ciphersuite list converted to the SSLv3+ format. It was this "fake" raw list that got saved away to later be returned by a call to SSL_get0_raw_cipherlist(). In 1.1.0+ version negotiation works differently and we process an SSLv2 compat ClientHello directly without the need for an intermediary "fake" ClientHello. This meant that the raw ciphersuite list being saved was in the SSLv2 format. Any caller of this function would not expect that and potentially overread the returned buffer by one byte. Fixes #2189 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2280) (cherry picked from commit 07afdf3c)
-
Kazuki Yamaguchi authored
ChaCha20 code uses its own custom cipher_data. Add EVP_CIPH_CUSTOM_IV and EVP_CIPH_ALWAYS_CALL_INIT so that the key and the iv can be set by different calls of EVP_CipherInit_ex(). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2156) (cherry picked from commit c83680a0)
-
Bernd Edlinger authored
- s == NULL can mean c is a new session *or* lh_insert was unable to create a hash entry. - use lh_SSL_SESSION_retrieve to check for this error condition. - If it happens simply remove the extra reference again. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2138) (cherry picked from commit 38088ce9)
-
ganesh authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1886) (cherry picked from commit c2114afc)
-
ganesh authored
According to the documentation, the return code should be -1 when RAND_status does not return 1. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1886) (cherry picked from commit 3ed93c86)
-
ganesh authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1886) (cherry picked from commit 1381684d)
-
- Jan 23, 2017
-
-
FdaSilvaYY authored
it was getting the SerialNumber of a previous cert. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2272) (cherry picked from commit 0db1fb3f)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1983)
-
Matt Caswell authored
In a non client-auth renegotiation where the original handshake *was* client auth, then the server will expect the client to send a Certificate message anyway resulting in a connection failure. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1983)
-
Matt Caswell authored
In a non client-auth renegotiation where the original handshake *was* client auth, then the client will send a Certificate message anyway resulting in a connection failure. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1983)
-
Matt Caswell authored
The flag SSL_VERIFY_CLIENT_ONCE is documented as follows: B<Server mode:> only request a client certificate on the initial TLS/SSL handshake. Do not ask for a client certificate again in case of a renegotiation. This flag must be used together with SSL_VERIFY_PEER. B<Client mode:> ignored But the implementation actually did nothing. After the server sends its ServerKeyExchange message, the code was checking s->session->peer to see if it is NULL. If it was set then it did not ask for another client certificate. However s->session->peer will only be set in the event of a resumption, but a ServerKeyExchange message is only sent in the event of a full handshake (i.e. no resumption). The documentation suggests that the original intention was for this to have an effect on renegotiation, and resumption doesn't come into it. The fix is to properly check for renegotiation, not whether there is already a client certificate in the session. As far as I can tell this has been broken for a *long* time. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1983)
-
Matt Caswell authored
Repeat for various handshake types Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1983)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1983)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1983)
-
Bernd Edlinger authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2164) (cherry picked from commit a6fd7c1d)
-
Bernd Edlinger authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2205) (cherry picked from commit 57a19206)
-
- Jan 20, 2017
-
-
Richard Levitte authored
When setting the digest parameter for DSA parameter generation, the signature MD was set instead of the parameter generation one. Fortunately, that's also the one that was used for parameter generation, but it ultimately meant the parameter generator MD and the signature MD would always be the same. Fixes github issue #2016 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2250) (cherry picked from commit 8a05c4d3)
-
- Jan 19, 2017
-
-
Markus Triska authored
CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2257) (cherry picked from commit 424baabd)
-
- Jan 18, 2017
-
-
Rich Salz authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1597) (cherry picked from commit 4f326dd8)
-
Rich Salz authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1597) (cherry picked from commit 3e373518)
-
FdaSilvaYY authored
... mostly related to some old discarded modules . Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1906) (cherry picked from commit 31a51151)
-
FdaSilvaYY authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1906) (cherry picked from commit 2191dc84)
-
Markus Triska authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> CLA: trivial (Merged from https://github.com/openssl/openssl/pull/2247) (cherry picked from commit 1f164c6f)
-
- Jan 17, 2017
-
-
EasySec authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2241) (cherry picked from commit 487d3a72)
-
- Jan 16, 2017
-
-
xemdetia authored
CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2238) (cherry picked from commit ef3f621e)
-
Kurt Roeckx authored
Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #2234 (cherry picked from commit c4a60150)
-
- Jan 15, 2017
-
-
Kurt Roeckx authored
Found by oss-fuzz Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #2231 (cherry picked from commit c2ce477f)
-
Kurt Roeckx authored
Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #2230 (cherry picked from commit 68d4bcfd)
-
Kurt Roeckx authored
Found by afl Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #2230 (cherry picked from commit 244d7b28)
-
- Jan 13, 2017
-
-
Richard Levitte authored
RUN_ONCE really just returns 0 on failure or whatever the init function returned. By convention, however, the init function must return 0 on failure and 1 on success. This needed to be clarified. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2225) (cherry picked from commit 37b8f1e2)
-
Richard Levitte authored
The use of EXFLAG_SET requires the inclusion of openssl/x509v3.h. openssl/ocsp.h does that, except when OCSP is disabled. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2227) (cherry picked from commit d62210af)
-
- Jan 12, 2017
-
-
Rich Salz authored
Also, if want SHA1 then use the pre-computed value if there. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2223) (cherry picked from commit 3e5d9da5)
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2208) (cherry picked from commit 329f2f4a)
-
- Jan 10, 2017
-
-
Rich Salz authored
Fixes GitHub issue 2169. Reviewed-by: Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2207) (cherry picked from commit e043e882395c6104ce2a84f7ced0dc01b09791ad)
-