aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Use _WIN32 over WIN32 for preprocessor conditionalBenjamin Kaduk2017-02-161-1/+1
| | | | | | | | | | | | | The intent seems to be that the WIN32 symbol is for things that are a direct byproduct of being a windows-variant configuration and should be used for feature en/disablement on windows systems. Use of the _WIN32 symbol is more widespread, being used to implement platform portability of more generic code. We do define WIN32 in some situations in e_os.h, but that is not included universally. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2642)
* Update CHANGES and NEWS for new releaseMatt Caswell2017-02-162-2/+19
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove an OPENSSL_assert() and replace with a soft assert and checkMatt Caswell2017-02-161-2/+3
| | | | | | | | Following on from CVE-2017-3733, this removes the OPENSSL_assert() check that failed and replaces it with a soft assert, and an explicit check of value with an error return if it fails. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Don't change the state of the ETM flags until CCS processingMatt Caswell2017-02-1611-26/+42
| | | | | | | | | | | | | | | | | | | In 1.1.0 changing the ciphersuite during a renegotiation can result in a crash leading to a DoS attack. In master this does not occur with TLS (instead you get an internal error, which is still wrong but not a security issue) - but the problem still exists in the DTLS code. The problem is caused by changing the flag indicating whether to use ETM or not immediately on negotiation of ETM, rather than at CCS. Therefore, during a renegotiation, if the ETM state is changing (usually due to a change of ciphersuite), then an error/crash will occur. Due to the fact that there are separate CCS messages for read and write we actually now need two flags to determine whether to use ETM or not. CVE-2017-3733 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Provide a test for the Encrypt-Then-Mac renegotiation crashMatt Caswell2017-02-167-51/+446
| | | | | | | | | | | | | In 1.1.0 changing the ciphersuite during a renegotiation can result in a crash leading to a DoS attack. In master this does not occur with TLS (instead you get an internal error, which is still wrong but not a security issue) - but the problem still exists in the DTLS code. This commit provides a test for the issue. CVE-2017-3733 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix warningDr. Stephen Henson2017-02-161-1/+6
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2644)
* Handle negative reply for NNTP STARTTLS in s_clientRobert Scheck2017-02-151-4/+14
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2629)
* Properly zero cipher_data for ChaCha20-Poly1305 on cleanupKazuki Yamaguchi2017-02-151-1/+1
| | | | | | | | Fix a typo. Probably this has not been found because EVP_CIPHER_CTX is smaller than EVP_CHACHA_AEAD_CTX and heap overflow does not occur. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2294)
* crypto/armcap.c: short-circuit processor capability probe in iOS builds.Andy Polyakov2017-02-151-0/+18
| | | | | | | | | Capability probing by catching SIGILL appears to be problematic on iOS. But since Apple universe is "monocultural", it's actually possible to simply set pre-defined processor capability mask. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2617)
* ARMv4 assembly pack: harmonize Thumb-ification of iOS build.Andy Polyakov2017-02-153-4/+12
| | | | | | | Three modules were left behind in a285992763f3961f69a8d86bf7dfff020a08cef9. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2617)
* Set current certificate to selected certificate.Dr. Stephen Henson2017-02-151-0/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2637)
* sha/asm/*-x86_64.pl: add CFI annotations.Andy Polyakov2017-02-153-1/+183
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Rework error handling of custom_ext_meth_add towards strong exception safety.Bernd Edlinger2017-02-151-5/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2636)
* Fix merge issueMatt Caswell2017-02-151-1/+1
| | | | | | Causes make update to fail. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2634)
* Skip curve check if sigalg doesn't specify a curve.Dr. Stephen Henson2017-02-151-2/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2623)
* Use CERT_PKEY pointer instead of indexDr. Stephen Henson2017-02-155-28/+21
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2623)
* Simplify tls_construct_server_key_exchangeDr. Stephen Henson2017-02-151-72/+58
| | | | | | | Use negotiated signature algorithm and certificate index in tls_construct_key_exchange instead of recalculating it. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2623)
* Use cert_index and sigalgDr. Stephen Henson2017-02-157-104/+23
| | | | | | | | | Now the certificate and signature algorithm is set in one place we can use it directly insetad of recalculating it. The old functions ssl_get_server_send_pkey() and ssl_get_server_cert_index() are no longer required. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2623)
* Add sigalg for earlier TLS versionsDr. Stephen Henson2017-02-152-20/+145
| | | | | | | | | | | | | | Update tls_choose_sigalg to choose a signature algorithm for all versions of TLS not just 1.3. For TLS 1.2 we choose the highest preference signature algorithm for the chosen ciphersuite. For TLS 1.1 and earlier the signature algorithm is determined by the ciphersuite alone. For RSA we use a special MD5+SHA1 signature algorithm. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2623)
* Change tls_choose_sigalg so it can set errors and alerts.Dr. Stephen Henson2017-02-155-7/+7
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2623)
* add ssl_has_certDr. Stephen Henson2017-02-152-13/+13
| | | | | | | Add inline function ssl_has_cert which checks to see if a certificate and private key for a given index are not NULL. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2623)
* Fix a few typosFdaSilvaYY2017-02-142-5/+5
| | | | | | | [skip ci] Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2571)
* Remove obsolete commentGuido Vranken2017-02-141-4/+0
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1613)
* Prevents that OPENSSL_gmtime incorrectly signals success if gmtime_r fails, ↵Guido Vranken2017-02-141-1/+2
| | | | | | | and that struct* tm result's possibly uninitialized content is used Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1613)
* Use TLSEXT_KEYNAME_LENGTH in tls_decrypt_ticket.Bernd Edlinger2017-02-141-2/+2
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2618)
* Prevent allocations of size 0 in sh_init, which are not possible with the ↵Guido Vranken2017-02-141-0/+4
| | | | | | | default OPENSSL_zalloc, but are possible if the user has installed their own allocator using CRYPTO_set_mem_functions. If the 0-allocations succeeds, the secure heap code will later access (at least) the first byte of that space, which is technically an OOB access. This could lead to problems with some custom allocators that only return a valid pointer for subsequent free()-ing, and do not expect that the pointer is actually dereferenced. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2605)
* Add Sieve support (RFC 5804) to s_client ("-starttls sieve")Robert Scheck2017-02-145-14/+82
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2300)
* Add no-ec buildRich Salz2017-02-141-0/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2626)
* Make -xcert work again.Dr. Stephen Henson2017-02-141-0/+1
| | | | | | When a certificate is prepended update the list pointer. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2628)
* Fix no-ec compilationMatt Caswell2017-02-142-1/+8
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2624)
* Remove a double call to ssl3_send_alert()Matt Caswell2017-02-141-2/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2341)
* Fix a bogus uninit variable warningMatt Caswell2017-02-141-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2341)
* Add a bytestogroup macroMatt Caswell2017-02-143-3/+6
| | | | | | For converting the 2 byte group id into an unsigned int. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2341)
* Various style fixes following review feedbackMatt Caswell2017-02-143-11/+11
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2341)
* Update the tls13messages test to add some HRR scenariosMatt Caswell2017-02-141-4/+53
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2341)
* Update the kex modes tests to check various HRR scenariosMatt Caswell2017-02-142-6/+113
| | | | | | Make sure we get an HRR in the right circumstances based on kex mode. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2341)
* Update TLSProxy to know about HelloRetryRequest messagesMatt Caswell2017-02-143-0/+145
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2341)
* Update test counting in checkhandshake.pmMatt Caswell2017-02-141-24/+32
| | | | | | | | | Previously counting the number of tests in checkhandshake.pm took an initial guess and then modified it based on various known special cases. That is becoming increasingly untenable, so this changes it to properly calculate the number of tests we expect to run. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2341)
* Update the key_share tests for HelloRetryRequestMatt Caswell2017-02-142-31/+45
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2341)
* Add trace support for HelloRetryRequestMatt Caswell2017-02-141-10/+38
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2341)
* Implement support for resumption with a HelloRetryRequestMatt Caswell2017-02-145-99/+160
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2341)
* Add client side support for parsing Hello Retry RequestMatt Caswell2017-02-146-53/+203
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2341)
* Add server side support for creating the Hello Retry Request messageMatt Caswell2017-02-149-24/+170
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2341)
* Make the context available to the extensions parse and construction funcsMatt Caswell2017-02-144-218/+259
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2341)
* mem leak on error path and error propagation fixYuchi2017-02-143-3/+11
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2559)
* aes/asm/*-x86_64.pl: add CFI annotations.Andy Polyakov2017-02-136-1/+446
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* perlasm/x86_64-xlate.pl: recognize even offset(%reg) in cfa_expression.Andy Polyakov2017-02-131-0/+2
| | | | | | This is handy when "offset(%reg)" is a perl variable. Reviewed-by: Rich Salz <rsalz@openssl.org>
* ec/asm/ecp_nistz256-x86_64.pl: add CFI directives.Andy Polyakov2017-02-131-0/+133
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* ec/asm/ecp_nistz256-x86_64.pl: fix typo-bug in Win64 SE handler.Andy Polyakov2017-02-131-2/+2
| | | | | | Thanks to Jun Sun for spotting this. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Further improvements to ASYNC_WAIT_CTX_clear_fdAndrea Grandi2017-02-131-16/+7
| | | | | | | | Remove call to cleanup function Use only one loop to find previous element Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2581)
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-25 22:22:39 +0000