- Jul 25, 2017
-
-
Simon Richter authored
Commit b8326569 fixed whitespace handling in the copy script, which exposes bugs in the install routine for nmake Makefiles. This corrects the quoting around the copy invocation for the openssl.exe binary. CLA: trivial Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3942)
-
- Jul 24, 2017
-
-
Xiaoyin Liu authored
Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/3898) (cherry picked from commit d0f6eb1d)
-
- Jul 22, 2017
-
-
Dr. Stephen Henson authored
Fixes #2718 Reviewed-by:
-
- Jul 20, 2017
-
-
Richard Levitte authored
When an error occurs during the starttls handskake, s_client gets stuck looping around zero bytes reads, because the server won't sent anything more after its error tag. Shutting down on the first zero byte read fixes this. Fixes #3980 Reviewed-by:
-
- Jul 19, 2017
-
-
Matt Caswell authored
The intention of the removed code was to check if the previous operation carried. However this does not work. The "mask" value always ends up being a constant and is all ones - thus it has no effect. This check is no longer required because of the previous commit. Reviewed-by:
-
Matt Caswell authored
In TLS mode of operation the padding value "pad" is obtained along with the maximum possible padding value "maxpad". If pad > maxpad then the data is invalid. However we must continue anyway because this is constant time code. We calculate the payload length like this: inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); However if pad is invalid then inp_len ends up -ve (actually large +ve because it is a size_t). Later we do this: /* verify HMAC */ out += inp_len; len -= inp_len; This ends up with "out" pointing before the buffer which is undefined behaviour. Next we calculate "p" like this: unsigned char *p = out + len - 1 - maxpad - SHA256_DIGEST_LENGTH; Because of the "out + len" term the -ve inp_len value is cancelled out so "p" points to valid memory (although technically the pointer arithmetic is undefined behaviour again). We only ever then dereference "p" and never "out" directly so there is never an invalid read based on the bad pointer - so there is no security issue. This commit fixes the undefined behaviour by ensuring we use maxpad in place of pad, if the supplied pad is invalid. With thanks to Brian Carpenter for reporting this issue. Reviewed-by:
-
- Jul 18, 2017
-
-
Emilia Kasper authored
This is an inherent weakness of the padding mode. We can't make the implementation constant time (see the comments in rsa_pk1.c), so add a warning to the docs. Reviewed-by:
-
- Jul 16, 2017
-
-
Bernd Edlinger authored
Make RSA key exchange code actually constant-time. Reviewed-by:
-
- Jul 15, 2017
-
-
simon-p-r authored
From https://github.com/openssl/openssl/pull/1023 CLA: trivial Reviewed-by:
-
- Jul 06, 2017
-
-
Richard Levitte authored
When tree_calculate_user_set() fails, a jump to error failed to deallocate a possibly allocated |auth_nodes|. Reviewed-by:
-
- Jul 05, 2017
-
-
Bernd Edlinger authored
Fixes #3349 Reviewed-by:
-
Richard Levitte authored
Undoing: > - in UI_process(), |state| was never made NULL, which means an error > when closing the session wouldn't be accurately reported. This was a faulty cherry-pick from master Reviewed-by:
-
Richard Levitte authored
- in EVP_read_pw_string_min(), the return value from UI_add_* wasn't properly checked - in UI_process(), |state| was never made NULL, which means an error when closing the session wouldn't be accurately reported. Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3849) (cherry picked from commit b96dba9e)
-
- Jul 04, 2017
-
-
Rich Salz authored
Port of GH#3842 to 1.0.2 Reviewed-by:
-
- Jul 02, 2017
-
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
- Jun 25, 2017
-
-
Richard Levitte authored
This function is undocumented, but similarly named functions (such as 'curl_global_cleanup') are documented as internals that should not be called by scripts. Fixes #3765 Reviewed-by:
-
- Jun 21, 2017
-
-
Benjamin Kaduk authored
Commit 201015ee added some generated files that were not part of the intended functionality; remove them. (Only the 1.0.2 branch version of the commit was affected, probably due to a smaller .gitignore on that branch.) Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
- Jun 17, 2017
-
-
Bernd Edlinger authored
Reviewed-by:
-
- Jun 14, 2017
-
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
return value is now checked at the callers. Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3678)
-
Bernd Edlinger authored
Reviewed-by:
-
- Jun 10, 2017
-
-
Rich Salz authored
CLA: trivial Reviewed-by:
Kurt Roeckx <kurt@openssl.org> Reviewed-by:
-
Paul Yang authored
Check return value of NETSCAPE_SPKI_new() and NETSCAPE_SPKI_b64_encode(), and also clean up coding style incidentally. Signed-off-by:
Paul Yang <paulyang.inf@gmail.com> Reviewed-by:
-
- Jun 09, 2017
-
-
Jonathan Protzenko authored
CLA: trivial Reviewed-by:
-
- Jun 08, 2017
-
-
Benjamin Kaduk authored
Modern browsers are now, well, pretty modern. Reviewed-by:
-
Rich Salz authored
when building with OPENSSL_SMALL_FOOTPRINT defined. Reviewed-by:
-
- Jun 05, 2017
-
-
Rich Salz authored
Document that -psk is required to use PSK cipher Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3607) (cherry picked from commit 9d772829) (cherry picked from commit c1abfde7)
-
Andy Polyakov authored
Drop some redundant instructions in reduction in ecp_nistz256_sqr_montx. Reviewed-by:
-
- Jun 02, 2017
-
-
Rich Salz authored
Reviewed-by:
-
- Jun 01, 2017
-
-
Todd Short authored
Code was added in commit 62f488d3 that overwrite the last ex_data valye using CRYPTO_dup_ex_data() causing a memory leak and potentially confusing the ex_data dup() callback. In ssl_session_dup(), new-up the ex_data before calling CRYPTO_dup_ex_data(); all the other structures that dup ex_data have the destination ex_data new'd before the dup. Reviewed-by:
-
Diego Santa Cruz authored
The password_callback() function does not necessarily NULL terminate the password buffer, the caller must use the returned length but the srp app uses this function as if it was doing NULL termination. This made the -passin and -passout options of "openssl srp" fail inexpicably and randomly or even crash. Fixed by enlarging the buffer by one, so that the maximum password length remains unchanged, and adding NULL termination upon return. [Rearrange code for coding style compliance in process.] This backport of 0e83981d . Reviewed-by:
-
Matt Caswell authored
If we fail to negotiate a version then we should send a protocol version alert. Fixes #3595 Reviewed-by:
-
- May 26, 2017
-
-
Todd Short authored
The check for SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is inconsistent. Most places check SSL->options, one place is checking SSL_CTX->options; fix that. Reviewed-by:
-
- May 25, 2017
-
-
Matt Caswell authored
Fixes #3541 Reviewed-by:
-
Matt Caswell authored
Reviewed-by:Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by:
-
