- 04 6月, 2016 2 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The ssl3_init_finished_mac() function can fail, in which case we need to propagate the error up through the stack. RT#3198 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 20 5月, 2016 3 次提交
-
-
由 Matt Caswell 提交于
In the new state machine if using nbio and we get the header of a handshake message is one record with the body in the next, with an nbio event in the middle, then the connection was failing. This is because s->init_num was getting reset. We should only reset it after we have read the whole message. RT#4394 Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 David Benjamin 提交于
ChangeCipherSpec messages have a defined value. They also may not occur in the middle of a handshake message. The current logic will accept a ChangeCipherSpec with value 2. It also would accept up to three bytes of handshake data before the ChangeCipherSpec which it would discard (because s->init_num gets reset). Instead, require that s->init_num is 0 when a ChangeCipherSpec comes in. RT#4391 Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
The write BIO for handshake messages is bufferred so that we only write out to the network when we have a complete flight. There was some complexity in the buffering logic so that we switched buffering on and off at various points through out the handshake. The only real reason to do this was historically it complicated the state machine when you wanted to flush because you had to traverse through the "flush" state (in order to cope with NBIO). Where we knew up front that there was only going to be one message in the flight we switched off buffering to avoid that. In the new state machine there is no longer a need for a flush state so it is simpler just to have buffering on for the whole handshake. This also gives us the added benefit that we can simply call flush after every flight even if it only has one message in it. This means that BIO authors can implement their own buffering strategies and not have to be aware of the state of the SSL object (previously they would have to switch off their own buffering during the handshake because they could not rely on a flush being received when they really needed to write data out). This last point addresses GitHub Issue #322. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 19 5月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot continue due to malloc failure. Also, when X509_verify_cert() returns <= 0 make sure that the verification status does not remain X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns an error without setting an appropriate value of ctx->error. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 18 5月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 17 5月, 2016 4 次提交
-
-
由 Matt Caswell 提交于
Fix various references to s3_clnt.c and s3_srvr.c which don't exist any more. GitHub Issue #765 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Kurt Roeckx 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> MR: #2153
-
由 TJ Saunders 提交于
This involves providing more session ticket key data, for both the cipher and the digest Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org> GH: #515, MR: #2153
-
由 TJ Saunders 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org> GH: #515, MR: #2153
-
- 14 5月, 2016 1 次提交
-
-
由 Alessandro Ghedini 提交于
The current limit of 2^14 bytes is too low (e.g. RFC 5246 specifies the maximum size of just the extensions field to be 2^16-1), and may cause bogus failures. RT#4063 Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/413)
-
- 13 5月, 2016 1 次提交
-
-
由 David Benjamin 提交于
Per RFC 4507, section 3.3: This message [NewSessionTicket] MUST be sent if the server included a SessionTicket extension in the ServerHello. This message MUST NOT be sent if the server did not include a SessionTicket extension in the ServerHello. The presence of the NewSessionTicket message should be determined entirely from the ServerHello without probing. RT#4389 Reviewed-by: NEmilia Käsper <emilia@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 11 5月, 2016 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 David Benjamin 提交于
The V2ClientHello code creates an empty compression list, but the compression list must explicitly contain the null compression (and later code enforces this). RT#4387 Reviewed-by: NStephen Henson <steve@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 06 5月, 2016 1 次提交
-
-
由 Sergio Garcia Murillo 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 29 4月, 2016 3 次提交
-
-
由 Matt Caswell 提交于
The tls_client_key_exchange_post_work() frees the pms on error. It also calls ssl_generate_master_secret() which also free the pms. If an error occurs after ssl_generate_master_secret() has been called then a double free can occur. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/952)
-
由 FdaSilvaYY 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/952)
-
- 27 4月, 2016 1 次提交
-
-
由 Ben Laurie 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 22 4月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
If we fail halfway through constructing the peer_tmp EVP_PKEY but we have already stored it in s->s3->peer_tmp then if anything tries to use it then it will likely fail. This was causing s_client to core dump in the sslskewith0p test. s_client was trying to print out the connection parameters that it had negotiated so far. Arguably s_client should not do that if the connection has failed...but given it is existing functionality it's easier to fix libssl. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 09 4月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Move the dh_st structure into an internal header file and provide relevant accessors for the internal fields. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 08 4月, 2016 3 次提交
-
-
由 Viktor Dukhovni 提交于
Suppress CT callbacks with aNULL or PSK ciphersuites that involve no certificates. Ditto when the certificate chain is validated via DANE-TA(2) or DANE-EE(3) TLSA records. Also skip SCT processing when the chain is fails verification. Move and consolidate CT callbacks from libcrypto to libssl. We also simplify the interface to SSL_{,CTX_}_enable_ct() which can specify either a permissive mode that just collects information or a strict mode that requires at least one valid SCT or else asks to abort the connection. Simplified SCT processing and options in s_client(1) which now has just a simple pair of "-noct" vs. "-ct" options, the latter enables the permissive callback so that we can complete the handshake and report all relevant information. When printing SCTs, print the validation status if set and not valid. Signed-off-by: NRob Percival <robpercival@google.com> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Viktor Dukhovni 提交于
The original check for != SSL_VERIFY_NONE can give surprising results when flags SSL_VERIFY_PEER is not set, but other flags are. Note that SSL_VERIFY_NONE (0) is not a flag bit, it is rather the absense of all other flag bits. Signed-off-by: NRob Percival <robpercival@google.com> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 David Benjamin 提交于
Free up parsed X509_NAME structure if the CertificateRequest message contains excess data. The security impact is considered insignificant. This is a client side only leak and a large number of connections to malicious servers would be needed to have a significant impact. This was found by libFuzzer. Reviewed-by: NEmilia Käsper <emilia@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 05 4月, 2016 4 次提交
-
-
由 Rich Salz 提交于
This reverts commit 620d540b. It wasn't reviewed. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
This reverts commit 2b0bcfaf. It wasn't reviewed. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 28 3月, 2016 2 次提交
-
-
由 David Benjamin 提交于
Session resumption involves a version check, so version negotiation must happen first. Currently, the DTLS implementation cannot do session resumption in DTLS 1.0 because the ssl_version check always checks against 1.2. Switching the order also removes the need to fixup ssl_version in DTLS version negotiation. Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NViktor Dukhovni <viktor@openssl.org> RT: #4392, MR: #2452
-
由 Fedor Indutny 提交于
We now send the highest supported version by the client, even if the session uses an older version. This fixes 2 problems: - When you try to reuse a session but the other side doesn't reuse it and uses a different protocol version the connection will fail. - When you're trying to reuse a session with an old version you might be stuck trying to reuse the old version while both sides support a newer version Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NViktor Dukhovni <viktor@openssl.org> GH: #852, MR: #2452
-
- 22 3月, 2016 1 次提交
-
-
由 Ben Laurie 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 21 3月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Don't have #error statements in header files, but instead wrap the contents of that file in #ifndef OPENSSL_NO_xxx This means it is now always safe to include the header file. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 10 3月, 2016 3 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> MR: #1824
-
由 Kurt Roeckx 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> MR: #1595
-
由 Kurt Roeckx 提交于
Adjust ssl_set_client_hello_version to get both the minimum and maximum and then make ssl_set_client_hello_version use the maximum version. Reviewed-by: NViktor Dukhovni <viktor@openssl.org> MR: #1595
-
- 08 3月, 2016 1 次提交
-
-
由 Rob Percival 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 04 3月, 2016 1 次提交
-
-
由 Rob Percival 提交于
Disabled by default, but can be enabled by setting the ct_validation_callback on a SSL or SSL_CTX. Reviewed-by: NBen Laurie <ben@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 25 2月, 2016 1 次提交
-
-
由 J Mohan Rao Arisankala 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 23 2月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-