#
ca001524 |
| 15-Jul-2021 |
Matt Caswell |
Fix some minor record layer issues Various comments referred to s->packet and s->packet_length instead of s->rlayer.packet and s->rlayer.packet_length. Also fixed is a spot where REC
Fix some minor record layer issues Various comments referred to s->packet and s->packet_length instead of s->rlayer.packet and s->rlayer.packet_length. Also fixed is a spot where RECORD_LAYER_write_pending() should have been used. Based on the review comments in #16077. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/16086)
show more ...
|
#
3bec4851 |
| 13-Jul-2021 |
Matt Caswell |
Disallow SSL_key_update() if there are writes pending If an application is halfway through writing application data it should not be allowed to attempt an SSL_key_update() operation. Ins
Disallow SSL_key_update() if there are writes pending If an application is halfway through writing application data it should not be allowed to attempt an SSL_key_update() operation. Instead the SSL_write() operation should be completed. Fixes #12485 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16077)
show more ...
|
#
407820c0 |
| 31-May-2021 |
Pauli |
tls: remove TODOs Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15539)
|
#
147ed5f9 |
| 28-May-2021 |
Trev Larock |
Modify ssl_handshake_hash to call SSLfatal When EVP_MD_CTX_new fails call SSLfatal before the goto err. This resolves a state machine issue on the out of memory condition. Fixes
Modify ssl_handshake_hash to call SSLfatal When EVP_MD_CTX_new fails call SSLfatal before the goto err. This resolves a state machine issue on the out of memory condition. Fixes #15491. CLA: trivial Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15520)
show more ...
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
#
0f8815aa |
| 28-May-2021 |
Pauli |
ssl: add zero strenght arguments to BN and RAND RNG calls Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15513)
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14 |
|
#
7c73fefe |
| 02-Apr-2021 |
Benjamin Kaduk |
Let SSL_new_session_ticket() enter init immediately The initial implementation always deferred the generation of the requested ticket(s) until the next application write, but this is
Let SSL_new_session_ticket() enter init immediately The initial implementation always deferred the generation of the requested ticket(s) until the next application write, but this is not a great fit for what it actually does, architecturally wise. A request to send a session ticket means entering back into the handshake state machine (or "in init", as it's known in the implementation). The state machine transition is not something that only occurs at an application-data write, and in general could occur at any time. The only constraint is that we can't enter "init" while in the middle of writing application data. In such cases we will need to wait until the next TLS record boundary to enter the state machine, as is currently done. However, there is no reason why we cannot enter the handshake state machine immediately in SSL_new_session_ticket() if there are no application writes pending. Doing so provides a cleaner API surface to the application, as then calling SSL_do_handshake() suffices to drive the actual ticket generation. In the previous state of affairs a dummy zero-length SSL_write() would be needed to trigger the ticket generation, which is a logical mismatch in the type of operation being performed. This commit should only change whether SSL_do_handshake() vs zero-length SSL_write() is needed to immediately generate a ticket after the SSL_new_session_ticket() call -- the default behavior is still to defer the actual write until there is other application data to write, unless the application requests otherwise. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14817)
show more ...
|
#
55373bfd |
| 06-May-2021 |
Rich Salz |
Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION Add -client_renegotiation flag support. The -client_renegotiation flag is equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app,
Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION Add -client_renegotiation flag support. The -client_renegotiation flag is equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app, the config code, and the documentation. Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to always enable it, but there are so many tests so this is the easiest thing to do. Add a test where client tries to renegotiate and it fails as expected. Add a test where server tries to renegotiate and it succeeds. The second test is supported by a new flag, -immediate_renegotiation, which is ignored on the client. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15184)
show more ...
|
#
56bd1783 |
| 11-May-2021 |
Rich Salz |
Convert SSL_{CTX}_[gs]et_options to 64 Less tersely: converted SSL_get_options, SSL_set_options, SSL_CTX_get_options and SSL_CTX_get_options to take and return uint64_t since we were
Convert SSL_{CTX}_[gs]et_options to 64 Less tersely: converted SSL_get_options, SSL_set_options, SSL_CTX_get_options and SSL_CTX_get_options to take and return uint64_t since we were running out of 32 bits. Fixes: 15145 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15230)
show more ...
|
#
72d2670b |
| 03-May-2021 |
Benjamin Kaduk |
Enforce secure renegotiation support by default Previously we would set SSL_OP_LEGACY_SERVER_CONNECT by default in SSL_CTX_new(), to allow connections to legacy servers that did not
Enforce secure renegotiation support by default Previously we would set SSL_OP_LEGACY_SERVER_CONNECT by default in SSL_CTX_new(), to allow connections to legacy servers that did not implement RFC 5746. It has been more than a decade since RFC 5746 was published, so there has been plenty of time for implmentation support to roll out. Change the default behavior to be to require peers to support secure renegotiation. Existing applications that already cleared SSL_OP_LEGACY_SERVER_CONNECT will see no behavior change, as re-clearing the flag is just a little bit of redundant work. The old behavior is still available by explicitly setting the flag in the application. Also remove SSL_OP_LEGACY_SERVER_CONNECT from SSL_OP_ALL, for similar reasons. Document the behavior change in CHANGES.md, and update the SSL_CTX_set_options() and SSL_CONF_cmd manuals to reflect the change in default behavior. Fixes: 14848 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15127)
show more ...
|
#
045a8930 |
| 27-Apr-2021 |
FdaSilvaYY |
ssl: fix possible ref counting fields use before init. `strdup(propq)` failure is doing a `goto err;` from where `SSL_CTX_free` is called. The possible call is made before reference and
ssl: fix possible ref counting fields use before init. `strdup(propq)` failure is doing a `goto err;` from where `SSL_CTX_free` is called. The possible call is made before reference and lock fields setup. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/15052)
show more ...
|
Revision tags: OpenSSL_1_1_1k |
|
#
feba11cf |
| 22-Mar-2021 |
Todd Short |
Handle set_alpn_protos inputs better. It's possible to set an invalid protocol list that will be sent in a ClientHello. This validates the inputs to make sure this does not happen.
Handle set_alpn_protos inputs better. It's possible to set an invalid protocol list that will be sent in a ClientHello. This validates the inputs to make sure this does not happen. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14815)
show more ...
|
#
492bc359 |
| 31-Mar-2021 |
Nan Xiao |
Fix typos in ssl_lib.c CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pu
Fix typos in ssl_lib.c CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14751)
show more ...
|
#
39a14059 |
| 18-Mar-2021 |
Matt Caswell |
Ensure buffer/length pairs are always in sync Following on from CVE-2021-3449 which was caused by a non-zero length associated with a NULL buffer, other buffer/length pairs are updated t
Ensure buffer/length pairs are always in sync Following on from CVE-2021-3449 which was caused by a non-zero length associated with a NULL buffer, other buffer/length pairs are updated to ensure that they too are always in sync. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
show more ...
|
Revision tags: openssl-3.0.0-alpha13 |
|
#
cd3f8c1b |
| 18-Feb-2021 |
Rich Salz |
Always check CRYPTO_LOCK_{read,write}_lock Some functions that lock things are void, so we just return early. Also make ossl_namemap_empty return 0 on error. Updated the docs, and
Always check CRYPTO_LOCK_{read,write}_lock Some functions that lock things are void, so we just return early. Also make ossl_namemap_empty return 0 on error. Updated the docs, and added some code to ossl_namemap_stored() to handle the failure, and updated the tests to allow for failure. Fixes: #14230 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14238)
show more ...
|
#
3e6a0d57 |
| 04-Mar-2021 |
Shane Lontis |
Reword repeated words. A trivial PR to remove some commonly repeated words. It looks like this is not the first PR to do this. Reviewed-by: Richard Levitte <levitte@openssl.org>
Reword repeated words. A trivial PR to remove some commonly repeated words. It looks like this is not the first PR to do this. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14420)
show more ...
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j |
|
#
76cb077f |
| 08-Feb-2021 |
Matt Caswell |
Deprecate the libssl level SRP APIs The low level SRP implementation has been deprecated with no replacement. Therefore the libssl level APIs need to be similarly deprecated. Re
Deprecate the libssl level SRP APIs The low level SRP implementation has been deprecated with no replacement. Therefore the libssl level APIs need to be similarly deprecated. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14132)
show more ...
|
Revision tags: openssl-3.0.0-alpha11 |
|
#
462f4f4b |
| 15-Jan-2021 |
Matt Caswell |
Remove OPENSSL_NO_EC guards from libssl Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
|
#
ddf8f1ce |
| 13-Jan-2021 |
Matt Caswell |
Ensure default supported groups works even with no-ec and no-dh The default supported groups code was disabled in the event of a build with no-ec and no-dh. However now that providers ca
Ensure default supported groups works even with no-ec and no-dh The default supported groups code was disabled in the event of a build with no-ec and no-dh. However now that providers can add there own groups (which might not fit into either of these categories), this is no longer appropriate. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
show more ...
|
#
5b64ce89 |
| 13-Jan-2021 |
Matt Caswell |
Remove OPENSSL_NO_DH guards from libssl This removes man unnecessary OPENSSL_NO_DH guards from libssl. Now that libssl is entirely using the EVP APIs and implementations can be plugged
Remove OPENSSL_NO_DH guards from libssl This removes man unnecessary OPENSSL_NO_DH guards from libssl. Now that libssl is entirely using the EVP APIs and implementations can be plugged in via providers it is no longer needed to disable DH at compile time in libssl. Instead it should detect at runtime whether DH is available from the loaded providers. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
show more ...
|
#
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
|
#
0c3eb279 |
| 16-Jan-2021 |
Dr. David von Oheimb |
TLS client: allow cert verify callback return -1 for SSL_ERROR_WANT_RETRY_VERIFY The client-side cert verification callback function may not only return as usual for success or 0 for fai
TLS client: allow cert verify callback return -1 for SSL_ERROR_WANT_RETRY_VERIFY The client-side cert verification callback function may not only return as usual for success or 0 for failure, but also -1, typically on failure verifying the server certificate. This makes the handshake suspend and return control to the calling application with SSL_ERROR_WANT_RETRY_VERIFY. The app can for instance fetch further certificates or cert status information needed for the verification. Calling SSL_connect() again resumes the connection attempt by retrying the server certificate verification step. This process may even be repeated if need be. The core implementation of the feature is in ssl/statem/statem_clnt.c, splitting tls_process_server_certificate() into a preparation step that just copies the certificates received from the server to s->session->peer_chain (rather than having them in a local variable at first) and returns to the state machine, and a post-processing step in tls_post_process_server_certificate() that can be repeated: Try verifying the current contents of s->session->peer_chain basically as before, but give the verification callback function the chance to pause connecting and make the TLS state machine later call tls_post_process_server_certificate() again. Otherwise processing continues as usual. The documentation of the new feature is added to SSL_CTX_set_cert_verify_callback.pod and SSL_want.pod. This adds two tests: * A generic test in test/helpers/handshake.c on the usability of the new server cert verification retry feature. It is triggered via test/ssl-tests/03-custom_verify.cnf.in (while the bulky auto- generated changes to test/ssl-tests/03-custom_verify.cnf can be basically ignored). * A test in test/sslapitest.c that demonstrates the effectiveness of the approach for augmenting the cert chain provided by the server in between SSL_connect() calls. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13906)
show more ...
|
Revision tags: openssl-3.0.0-alpha10 |
|
#
6d4313f0 |
| 21-Dec-2020 |
Thomas De Schampheleire |
replace 'unsigned const char' with 'const unsigned char' The openssl code base has only a few occurrences of 'unsigned const char' (15 occurrences), compared to the more common 'const un
replace 'unsigned const char' with 'const unsigned char' The openssl code base has only a few occurrences of 'unsigned const char' (15 occurrences), compared to the more common 'const unsigned char' (4420 occurrences). While the former is not illegal C, mixing the 'const' keyword (a 'type qualifier') in between 'unsigned' and 'char' (both 'type specifiers') is a bit odd. The background for writing this patch is not to be pedantic, but because the 'opmock' program (used to mock headers for unit tests) does not accept the 'unsigned const char' construct. While this definitely is a bug in opmock or one of its dependencies, openssl is the only piece of software we are using in combination with opmock that has this construct. CLA: trivial Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13722)
show more ...
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
#
a68eee67 |
| 20-Nov-2020 |
Matt Caswell |
Move some libssl global variables into SSL_CTX disabled_enc_mask et al were global. Now that cipher loading is done individually for each SSL_CTX, based on the libctx configured for that
Move some libssl global variables into SSL_CTX disabled_enc_mask et al were global. Now that cipher loading is done individually for each SSL_CTX, based on the libctx configured for that SSL_CTX this means that some things will be disabled for one SSL_CTX but not for another. The global variables set up the potential for different SSL_CTXs to trample on each other. We move these variables into the SSL_CTX structure. Fixes #12040 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13465)
show more ...
|
#
276d6c68 |
| 19-Nov-2020 |
Richard Levitte |
SSL: Change SSLerr() to ERR_raise() This was probably due to a merge Fixes #13449 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.
SSL: Change SSLerr() to ERR_raise() This was probably due to a merge Fixes #13449 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/13450)
show more ...
|