- Jan 09, 2018
-
-
Matt Caswell authored
In the case of a protocol version alert being sent by a peer the record version number may not be what we are expecting. In DTLS records with an unexpected version number are silently discarded. This probably isn't appropriate for alerts, so we tolerate a mismatch in the minor version number. This resolves an issue reported on openssl-users where an OpenSSL server chose DTLS1.0 but the client was DTLS1.2 only and sent a protocol_version alert with a 1.2 record number. This was silently ignored by the server. Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5019)
-
- Jan 07, 2018
-
-
Rich Salz authored
Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4906) (cherry picked from commit 794bf5f7)
-
- Jan 06, 2018
-
-
Richard Levitte authored
Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5017)
-
Richard Levitte authored
Thanks to Douglas Fyfe @ VSI for making me aware of this Reviewed-by:
-
- Jan 05, 2018
-
-
Konstantin Shemyak authored
A backport of #4997. Fixes #4996. Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5020)
-
- Dec 27, 2017
-
-
Andy Polyakov authored
Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4974) (cherry picked from commit 8af7e94d)
-
- Dec 23, 2017
-
-
Viktor Dukhovni authored
Reviewed-by:
Paul Dale <paul.dale@oracle.com>
-
- Dec 13, 2017
-
-
Viktor Dukhovni authored
Also documented X509_V_FLAG_TRUSTED_FIRST Reviewed-by:
-
- Dec 11, 2017
-
-
Matt Caswell authored
SSL_trace() has a case which was inadvertently falling through. Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
-
- Dec 10, 2017
-
-
Richard Levitte authored
Looking for 'gcc' and 'clang' in the output from the C compiler is uncertain. Some versions report argv[0], which might be /usr/bin/cc (for example), and others might mention gcc without being gcc or a derivate. Better then to fetch predefined macros and checking if __GNUC__ and __clang__ are defined. Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4755)
-
- Dec 09, 2017
-
-
Richard Levitte authored
They are from the 1.1.0 or master branches Fixes #4863 Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4887)
-
- Dec 08, 2017
-
-
Rich Salz authored
Reviewed-by:
-
FdaSilvaYY authored
Pointer 'o' is set inside a local buffer, so it can't be NULL. Also fix coding style and add comments Reviewed-by:
-
Richard Levitte authored
Some compilers react badly to non-ASCII characters Fixes #4877 Reviewed-by:
-
Dr. Matthias St. Pierre authored
Fixes #2533 The call to FIPS_crypto_set_id_callback() was added in revision a43cfd7b , but there is no prototype for it in <openssl/fips.h>. Signed-off-by:
Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by:
-
- Dec 07, 2017
-
-
Matt Caswell authored
Fixes #4865 Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by:
-
- Dec 06, 2017
-
-
Matt Caswell authored
Test reading/writing to an SSL object after a fatal error has been detected. Reviewed-by: -
Matt Caswell authored
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an attacker would have to trick an application into behaving incorrectly by issuing an SSL_read()/SSL_write() after having already received a fatal error. Thanks to David Benjamin (Google) for reporting this issue and suggesting this fix. CVE-2017-3737 Reviewed-by: -
Andy Polyakov authored
Credit to OSS-Fuzz for finding this. CVE-2017-3738 Reviewed-by:
-
- Dec 04, 2017
-
-
MerQGh authored
This line will allow use private keys, which created by Crypto Pro, to sign with OpenSSL. CLA: trivial Reviewed-by:
-
- Nov 30, 2017
-
-
FdaSilvaYY authored
Fixes #4775 Reviewed-by:
-
- Nov 16, 2017
-
-
FdaSilvaYY authored
Backport of #4677 / 1687aa76 Reviewed-by:
-
- Nov 14, 2017
-
-
Richard Levitte authored
Fixes #4734 #4649 Reviewed-by:
-
- Nov 13, 2017
-
-
Andy Polyakov authored
We had /WX (treat warnings as errors) in VC-WIN32 for long time. At some point it was somehow omitted. It's argued that it allows to keep better focus on new code, which motivates the comeback... Reviewed-by:
-
Andy Polyakov authored
It's argued that /WX allows to keep better focus on new code, which motivates its comeback... Reviewed-by:
-
- Nov 11, 2017
-
-
Long Qin authored
* addressing", Proc. 6th Conference on Very Large Databases: 212–223 ^ The EN DASH ('–') in this line is one UTF-8 character (hex: e2 80 93). Under some code page setting (e.g. 936), Visual Studio may report C4819 warning: The file contains a character that cannot be represented in the current code page. Replace this character with the ASCII char '-' (Hex Code: 2D). Reviewed-by: -
Richard Levitte authored
cb_ticket2() does an exit, and should therefore not need to return anything. Some compilers don't detect that, or don't care, and warn about a non-void function without a return statement. Reviewed-by:
-
- Nov 10, 2017
-
-
Richard Levitte authored
Reviewed-by:
-
- Nov 08, 2017
-
-
Andy Polyakov authored
In earlier 5.1x Perl versions quoting globs works only if there is white space. If there is none, it's looking for names starting with ". Reviewed-by:
-
- Nov 07, 2017
-
-
Andy Polyakov authored
It's not clear if it's a feature or bug, but binutils-2.29[.1] interprets 'adr' instruction with Thumb2 code reference differently, in a way that affects calculation of addresses of constants' tables. Reviewed-by:
-
Bernd Edlinger authored
Fixes: #4590 Reviewed-by:
-
Matt Caswell authored
The man pages say that BIGNUM arithmetic operations fail with a 0 return. However some functions were returning -1 on error. In master and 1.1.0 they already return 0, so this brings 1.0.2 in line. Reviewed-by:
-
Rich Salz authored
Cherry-picked by Matt Caswell from 69795831 . Reviewed-by:
-
- Nov 03, 2017
-
-
Pavel Kopyl authored
CLA: trivial Reviewed-by:
-
Pavel Kopyl authored
CLA: trivial Reviewed-by:
-
