- May 26, 2015
-
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
Also add more ciphersuite test coverage, and a negative test for 512-bit DHE. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
The size of the SRP extension can never be negative (the variable |size| is unsigned). Therefore don't check if it is less than zero. RT#3862 Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 9c89d290)
-
Matt Caswell authored
The return value of i2d functions can be negative if an error occurs. Therefore don't assign the return value to an unsigned type and *then* check if it is negative. RT#3862 Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 90e7cdff)
-
Matt Caswell authored
The members of struct timeval on OpenVMS are unsigned. The logic for calculating timeouts needs adjusting to deal with this. RT#3862 Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit fc52ac90)
-
Andy Polyakov authored
RT#3860 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit aa1e4221)
-
Billy Brumley authored
RT#3858 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 71f6130b)
-
Andy Polyakov authored
RT#3859 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 60c268b2)
-
Andy Polyakov authored
RT#3843 Reviewed-by: Matt Caswell <matt@openssl.org>
-
- May 25, 2015
-
-
Matt Caswell authored
If the record received is for a version that we don't support, previously we were sending an alert back. However if the incoming record already looks like an alert then probably we shouldn't do that. So suppress an outgoing alert if it looks like we've got one incoming. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
- May 23, 2015
-
-
Richard Levitte authored
The update: target in engines/ didn't recurse into engines/ccgost. The update: and depend: targets in engines/ccgost needed a fixup. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 8b822d25)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 6f45032f) Conflicts: apps/Makefile
-
Richard Levitte authored
We had updates of certain header files in both Makefile.org and the Makefile in the directory the header file lived in. This is error prone and also sometimes generates slightly different results (usually just a comment that differs) depending on which way the update was done. This removes the file update targets from the top level Makefile, adds an update: target in all Makefiles and has it depend on the depend: or local_depend: targets, whichever is appropriate, so we don't get a double run through the whole file tree. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 0f539dc1) Conflicts: Makefile.org apps/Makefile test/Makefile
-
- May 22, 2015
-
-
Matt Caswell authored
If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte buffer overflow can occur. There are no such instances within the OpenSSL at the moment. Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for discovering and reporting this issue. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Matt Caswell authored
The functions BN_rshift and BN_lshift shift their arguments to the right or left by a specified number of bits. Unpredicatable results (including crashes) can occur if a negative number is supplied for the shift value. Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 7cc18d81) Conflicts: crypto/bn/bn.h crypto/bn/bn_err.c
-
Lubom authored
If a client receives a bad hello request in DTLS then the alert is not sent correctly. RT#2801 Signed-off-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 4dc1aa04)
-
- May 20, 2015
-
-
Matt Caswell authored
Add documentation for the -no_alt_chains option for various apps, as well as the X509_V_FLAG_NO_ALT_CHAINS flag. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Conflicts: doc/apps/cms.pod doc/apps/ocsp.pod doc/apps/s_client.pod doc/apps/s_server.pod doc/apps/smime.pod doc/apps/verify.pod
-
Matt Caswell authored
Add -no_alt_chains option to apps to implement the new X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building certificate chains, the first chain found will be the one used. Without this flag, if the first chain found is not trusted then we will keep looking to see if we can build an alternative chain instead. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Conflicts: apps/cms.c apps/ocsp.c apps/s_client.c apps/s_server.c apps/smime.c apps/verify.c
-
Matt Caswell authored
Add flag to inhibit checking for alternate certificate chains. Setting this behaviour will force behaviour as per previous versions of OpenSSL Reviewed-by: Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
-
Matt Caswell authored
In certain situations the server provided certificate chain may no longer be valid. However the issuer of the leaf, or some intermediate cert is in fact in the trust store. When building a trust chain if the first attempt fails, then try to see if alternate chains could be constructed that are trusted. RT3637 RT3621 Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
-
Kurt Roeckx authored
40 bit ciphers are limited to 512 bit RSA, 56 bit ciphers to 1024 bit. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit ac38115c)
-
Emilia Kasper authored
Since the client has no way of communicating her supported parameter range to the server, connections to servers that choose weak DH will simply fail. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Emilia Kasper authored
- Do not advise generation of DH parameters with dsaparam to save computation time. - Promote use of custom parameters more, and explicitly forbid use of built-in parameters weaker than 2048 bits. - Advise the callback to ignore <keylength> - it is currently called with 1024 bits, but this value can and should be safely ignored by servers. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
The default bitlength is now 2048. Also clarify that either the number of bits or the generator must be present: $ openssl dhparam -2 and $ openssl dhparam 2048 generate parameters but $ openssl dhparam does not. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
StudioEtrange authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- May 19, 2015
-
-
Robert Swiecki authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 00d565cf)
-
- May 15, 2015
-
-
Andy Polyakov authored
Backport old patch to make it work in mixture of perls for Windows. Reviewed-by: Richard Levitte <levitte@openssl.org> Cherry-picked from 7bb98eee (cherry picked from commit 051b41df)
-
- May 13, 2015
-
-
Rich Salz authored
The big "don't check for NULL" cleanup requires backporting some of the lowest-level functions to actually do nothing if NULL is given. This will make it easier to backport fixes to release branches, where master assumes those lower-level functions are "safe" This commit addresses those tickets: 3798 3799 3801. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit f34b095f)
-
Hanno Böck authored
The function obj_cmp() (file crypto/objects/obj_dat.c) can in some situations call memcmp() with a null pointer and a zero length. This is invalid behaviour. When compiling openssl with undefined behaviour sanitizer (add -fsanitize=undefined to compile flags) this can be seen. One example that triggers this behaviour is the pkcs7 command (but there are others, e.g. I've seen it with the timestamp function): apps/openssl pkcs7 -in test/testp7.pem What happens is that obj_cmp takes objects of the type ASN1_OBJECT and passes their ->data pointer to memcmp. Zero-sized ASN1_OBJECT structures can have a null pointer as data. RT#3816 Signed-off-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 2b8dc08b)
-
Matt Caswell authored
Currently we set change_cipher_spec_ok to 1 before calling ssl3_get_cert_verify(). This is because this message is optional and if it is not sent then the next thing we would expect to get is the CCS. However, although it is optional, we do actually know whether we should be receiving one in advance. If we have received a client cert then we should expect a CertificateVerify message. By the time we get to this point we will already have bombed out if we didn't get a Certificate when we should have done, so it is safe just to check whether |peer| is NULL or not. If it is we won't get a CertificateVerify, otherwise we will. Therefore we should change the logic so that we only attempt to get the CertificateVerify if we are expecting one, and not allow a CCS in this scenario. Whilst this is good practice for TLS it is even more important for DTLS. In DTLS messages can be lost. Therefore we may be in a situation where a CertificateVerify message does not arrive even though one was sent. In that case the next message the server will receive will be the CCS. This could also happen if messages get re-ordered in-flight. In DTLS if |change_cipher_spec_ok| is not set and a CCS is received it is ignored. However if |change_cipher_spec_ok| *is* set then a CCS arrival will immediately move the server into the next epoch. Any messages arriving for the previous epoch will be ignored. This means that, in this scenario, the handshake can never complete. The client will attempt to retransmit missing messages, but the server will ignore them because they are the wrong epoch. The server meanwhile will still be waiting for the CertificateVerify which is never going to arrive. RT#2958 Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit a0bd6493)
-
- May 11, 2015
-
-
Kurt Cancemi authored
Matt's note: I added a call to X509V3err to Kurt's original patch. RT#3840 Signed-off-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 344c271e)
-
Bjoern D. Rasmussen authored
clang says: "s_cb.c:958:9: error: implicitly declaring library function 'memcpy'" Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 8f744cce) Conflicts: apps/s_cb.c
-
Matt Caswell authored
If sk_SSL_CIPHER_new_null() returns NULL then ssl_bytes_to_cipher_list() should also return NULL. Based on an original patch by mrpre <mrpre@163.com>. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 14def5f5)
-
- May 05, 2015
-
-
Matt Caswell authored
Ensure all fatal errors transition into the new error state for DTLS. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit cefc9391) Conflicts: ssl/d1_srvr.c Conflicts: ssl/d1_srvr.c
-
Matt Caswell authored
Ensure all fatal errors transition into the new error state on the client side. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit cc273a93) Conflicts: ssl/s3_clnt.c Conflicts: ssl/s3_clnt.c
-
Matt Caswell authored
Ensure all fatal errors transition into the new error state on the server side. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit cf9b0b6f) Conflicts: ssl/s3_srvr.c
-
Matt Caswell authored
Reusing an SSL object when it has encountered a fatal error can have bad consequences. This is a bug in application code not libssl but libssl should be more forgiving and not crash. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit a89db885) Conflicts: ssl/s3_srvr.c ssl/ssl_stat.c
-
- May 04, 2015
-
-
Richard Levitte authored
RT2943 only complains about the incorrect check of -K argument size, we might as well do the same thing with the -iv argument. Before this, we only checked that the given argument wouldn't give a bitstring larger than EVP_MAX_KEY_LENGTH. we can be more precise and check against the size of the actual cipher used. (cherry picked from commit 8920a7cd ) Reviewed-by: Rich Salz <rsalz@openssl.org>
-