Matt Caswell [Thu, 18 Oct 2018 13:45:59 +0000 (14:45 +0100)]
Don't complain and fail about unknown TLSv1.3 PSK identities in s_server
An unknown PSK identity could be because its actually a session resumption
attempt. Sessions resumptions and external PSKs are indistinguishable so
the callbacks need to fail gracefully if they don't recognise the identity.
Fixes #7433
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7434)
(cherry picked from commit
2d015189b97c60b67e10aed320230357bf6b200f)
Matt Caswell [Tue, 9 Oct 2018 09:22:06 +0000 (10:22 +0100)]
Buffer a ClientHello with a cookie received via DTLSv1_listen
Previously when a ClientHello arrives with a valid cookie using
DTLSv1_listen() we only "peeked" at the message and left it on the
underlying fd. This works fine for single threaded applications but for
multi-threaded apps this does not work since the fd is typically reused for
the server thread, while a new fd is created and connected for the client.
By "peeking" we leave the message on the server fd, and consequently we
think we've received another valid ClientHello and so we create yet another
fd for the client, and so on until we run out of fds.
In this new approach we remove the ClientHello and buffer it in the SSL
object.
Fixes #6934
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7375)
(cherry picked from commit
079ef6bd534d2f708d8013cfcd8ea0d2f600c788)
Matt Caswell [Mon, 8 Oct 2018 14:46:51 +0000 (15:46 +0100)]
Use the read and write buffers in DTLSv1_listen()
Rather than using init_buf we use the record layer read and write buffers
in DTLSv1_listen(). These seem more appropriate anyway and will help with
the next commit.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7375)
(cherry picked from commit
2fc4c77c3f06443f4c476f6f58d83e5e108d1dce)
Matt Caswell [Thu, 18 Oct 2018 09:12:20 +0000 (10:12 +0100)]
Test DTLS cookie generation and verification
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7431)
(cherry picked from commit
edcd29efd32c51f298ad5ab438e2d4cc5411e9a9)
Matt Caswell [Thu, 18 Oct 2018 09:12:07 +0000 (10:12 +0100)]
Fix a DTLS memory leak
Fixes #7428
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7431)
(cherry picked from commit
01666a8c1db3ecfb999e1a8f2c5436d114f95681)
Andy Polyakov [Sun, 14 Oct 2018 13:19:41 +0000 (15:19 +0200)]
Configurations/15-android.conf: add support for "standalone toolchain".
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7400)
(cherry picked from commit
03ad7c009e16a233c733098db3169c560142ccd3)
Andy Polyakov [Wed, 17 Oct 2018 08:09:33 +0000 (10:09 +0200)]
arch/async_posix.h: improve portability.
{make|swap|get|set}context are removed in POSIX.1-2008, but glibc
apparently keeps providing it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7420)
(cherry picked from commit
9d71a24ebf57e7157888af1ca587eafe914bf96f)
armfazh [Thu, 18 Oct 2018 22:26:58 +0000 (08:26 +1000)]
Fix tls_cbc_digest_record is slow using SHA-384 and short messages
The formula used for this is now
kVarianceBlocks = ((255 + 1 + md_size + md_block_size - 1) / md_block_size) + 1
Notice that md_block_size=64 for SHA256, which results on the
magic constant kVarianceBlocks = 6.
However, md_block_size=128 for SHA384 leading to kVarianceBlocks = 4.
CLA:trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7342)
(cherry picked from commit
cb8164b05e3bad5586c2a109bbdbab1ad65a1a6f)
Viktor Dukhovni [Mon, 8 Oct 2018 16:05:14 +0000 (12:05 -0400)]
Apply self-imposed path length also to root CAs
Also, some readers of the code find starting the count at 1 for EE
cert confusing (since RFC5280 counts only non-self-issued intermediate
CAs, but we also counted the leaf). Therefore, never count the EE
cert, and adjust the path length comparison accordinly. This may
be more clear to the reader.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
dc5831da59e9bfad61ba425d886a0b06ac160cd6)
Viktor Dukhovni [Fri, 5 Oct 2018 03:53:01 +0000 (23:53 -0400)]
Only CA certificates can be self-issued
At the bottom of https://tools.ietf.org/html/rfc5280#page-12 and
top of https://tools.ietf.org/html/rfc5280#page-13 (last paragraph
of above https://tools.ietf.org/html/rfc5280#section-3.3), we see:
This specification covers two classes of certificates: CA
certificates and end entity certificates. CA certificates may be
further divided into three classes: cross-certificates, self-issued
certificates, and self-signed certificates. Cross-certificates are
CA certificates in which the issuer and subject are different
entities. Cross-certificates describe a trust relationship between
the two CAs. Self-issued certificates are CA certificates in which
the issuer and subject are the same entity. Self-issued certificates
are generated to support changes in policy or operations. Self-
signed certificates are self-issued certificates where the digital
signature may be verified by the public key bound into the
certificate. Self-signed certificates are used to convey a public
key for use to begin certification paths. End entity certificates
are issued to subjects that are not authorized to issue certificates.
that the term "self-issued" is only applicable to CAs, not end-entity
certificates. In https://tools.ietf.org/html/rfc5280#section-4.2.1.9
the description of path length constraints says:
The pathLenConstraint field is meaningful only if the cA boolean is
asserted and the key usage extension, if present, asserts the
keyCertSign bit (Section 4.2.1.3). In this case, it gives the
maximum number of non-self-issued intermediate certificates that may
follow this certificate in a valid certification path. (Note: The
last certificate in the certification path is not an intermediate
certificate, and is not included in this limit. Usually, the last
certificate is an end entity certificate, but it can be a CA
certificate.)
This makes it clear that exclusion of self-issued certificates from
the path length count applies only to some *intermediate* CA
certificates. A leaf certificate whether it has identical issuer
and subject or whether it is a CA or not is never part of the
intermediate certificate count. The handling of all leaf certificates
must be the same, in the case of our code to post-increment the
path count by 1, so that we ultimately reach a non-self-issued
intermediate it will be the first one (not zeroth) in the chain
of intermediates.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
ed422a2d0196ada0f5c1b6e296f4a4e5ed69577f)
Antoine Salon [Mon, 1 Oct 2018 21:11:57 +0000 (14:11 -0700)]
EVP module documentation pass
Replace ECDH_KDF_X9_62() with internal ecdh_KDF_X9_63()
Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7345)
(cherry picked from commit
ffd89124bdfc9e69349492c3f15383bb35520a11)
Dr. Matthias St. Pierre [Tue, 16 Oct 2018 21:50:16 +0000 (23:50 +0200)]
Fix: 'openssl ca' command crashes when used with 'rand_serial' option
Commit
ffb46830e2df introduced the 'rand_serial' option. When it is used,
the 'serialfile' does not get initialized, i.e. it remains a NULL pointer.
This causes a crash when the NULL pointer is passed to the rotate_serial()
call.
This commit fixes the crash and unifies the pointer checking before
calling the rotate_serial() and save_serial() commands.
Fixes #7412
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7417)
(cherry picked from commit
aeec793b4bee929cef8ae35ec4b5a783a6e1d7ed)
Richard Levitte [Mon, 15 Oct 2018 15:38:26 +0000 (17:38 +0200)]
Build file templates: look at *all* defines
When looking at configured macro definitions, we must look at both
what comes from the config target AND what comes from user
configuration.
Fixes #7396
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7402)
(cherry picked from commit
92ebf6c4c21ff4b41ba1fd69af74b2039e138114)
Mansour Ahmadi [Mon, 15 Oct 2018 19:11:24 +0000 (15:11 -0400)]
Add a missing check on s->s3->tmp.pkey
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7405)
(cherry picked from commit
61bef9bde09dc6099a7c59baa79898e3b003fec3)
cclauss [Tue, 16 Oct 2018 04:57:41 +0000 (06:57 +0200)]
print() is a function in Python 3
CLA: trivial
Discovered via #7410 @ https://travis-ci.org/openssl/openssl/jobs/
442003489#L440
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7403)
(cherry picked from commit
83e4533a71c5c78278e9763552a5e5f1806473ee)
Dr. Matthias St. Pierre [Tue, 9 Oct 2018 23:53:29 +0000 (01:53 +0200)]
DRBG: fix reseeding via RAND_add()/RAND_seed() with large input
In pull request #4328 the seeding of the DRBG via RAND_add()/RAND_seed()
was implemented by buffering the data in a random pool where it is
picked up later by the rand_drbg_get_entropy() callback. This buffer
was limited to the size of 4096 bytes.
When a larger input was added via RAND_add() or RAND_seed() to the DRBG,
the reseeding failed, but the error returned by the DRBG was ignored
by the two calling functions, which both don't return an error code.
As a consequence, the data provided by the application was effectively
ignored.
This commit fixes the problem by a more efficient implementation which
does not copy the data in memory and by raising the buffer the size limit
to INT32_MAX (2 gigabytes). This is less than the NIST limit of 2^35 bits
but it was chosen intentionally to avoid platform dependent problems
like integer sizes and/or signed/unsigned conversion.
Additionally, the DRBG is now less permissive on errors: In addition to
pushing a message to the openssl error stack, it enters the error state,
which forces a reinstantiation on next call.
Thanks go to Dr. Falko Strenzke for reporting this issue to the
openssl-security mailing list. After internal discussion the issue
has been categorized as not being security relevant, because the DRBG
reseeds automatically and is fully functional even without additional
randomness provided by the application.
Fixes #7381
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7382)
(cherry picked from commit
3064b55134434a0b2850f07eff57120f35bb269a)
Matt Caswell [Mon, 8 Oct 2018 11:16:22 +0000 (12:16 +0100)]
Fix no-engine
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7365)
(cherry picked from commit
5f9f67b9d494e26941aa8d66d28a6a993c557643)
Pauli [Sun, 7 Oct 2018 21:23:44 +0000 (07:23 +1000)]
Indentation fixes.
The PR #7329 left some indentation slightly off. This fixes it.
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7360)
(cherry picked from commit
5b639d4cb3b9a33536e2ebadf6a03149ea26ba32)
Mykola Baibuz [Sun, 7 Oct 2018 21:14:08 +0000 (07:14 +1000)]
Remove useless check.
Hash can be longer than EC group degree and it will be truncated.
CLA: trivial
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7329)
(cherry picked from commit
b770a80f6d0b08659cd03f26388b45512adb84f3)
Matt Caswell [Mon, 24 Sep 2018 11:00:10 +0000 (12:00 +0100)]
Fix no-psk
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7306)
(cherry picked from commit
734af93a278a7a06710167219e1f05e525c9dd49)
Matt Caswell [Mon, 24 Sep 2018 11:20:45 +0000 (12:20 +0100)]
Fix no-tls1_2
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7308)
(cherry picked from commit
7f1d923aa9dc55dd23a7741e4341ec421c683941)
Mykola Baibuz [Thu, 11 Oct 2018 04:07:26 +0000 (12:07 +0800)]
Safer memory cleanup in (crypto/rsa/rsa_lib.c)
We don't need to use secure clean for public key.
CLA: trivial
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7363)
(cherry picked from commit
c033101db39c93cf41d80dfee4357f2617ede1a0)
Tomas Mraz [Tue, 9 Oct 2018 16:37:10 +0000 (18:37 +0200)]
Fix copy&paste error found in Coverity scan
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7377)
(cherry picked from commit
628ee796389b555ddb5fc28355e16e9417ab1724)
Andy Polyakov [Wed, 5 Sep 2018 12:33:21 +0000 (14:33 +0200)]
rsa/rsa_ossl.c: fix and extend commentary [skip ci].
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7123)
(cherry picked from commit
d1c008f66bad435b18aa45aa59f72bed7c682849)
Andy Polyakov [Sun, 2 Sep 2018 11:07:58 +0000 (13:07 +0200)]
ssl/s3_enc.c: fix logical errors in ssl3_final_finish_mac.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7085)
(cherry picked from commit
7d0effeacbb50b12bfc24df7614d7cf5c8686f51)
Andy Polyakov [Mon, 17 Sep 2018 10:36:37 +0000 (12:36 +0200)]
sha/asm/keccak1600-s390x.pl: resolve -march=z900 portability issue.
Negative displacement in memory references was not originally specified,
so that for maximum coverage one should abstain from it, just like with
any other extension. [Unless it's guarded by run-time switch, but there
is no switch in keccak1600-s390x.]
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7239)
(cherry picked from commit
fc97c882f443060dffd8eb56a6b8784e52096c86)
Matt Caswell [Thu, 11 Oct 2018 10:59:57 +0000 (11:59 +0100)]
Fix a typo in a macro
Fixes #7385
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7385)
(cherry picked from commit
990fe909949a58398b3a0cbbdc52b9bbb9cefaa0)
Paul Yang [Mon, 8 Oct 2018 08:36:49 +0000 (16:36 +0800)]
Fix compiling warnings in example code
The example code in EVP_DigestInit.pod generates warnings if users try
to compile it.
[skip ci]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7362)
(cherry picked from commit
19ac1bf2de07214ee7ee6d2e118fa3aa8e5850f3)
FdaSilvaYY [Fri, 15 Sep 2017 19:14:34 +0000 (21:14 +0200)]
crypto/rand: fix some style nit's
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7378)
(cherry picked from commit
c2e33a05b1eb9dda988aebdeaa529973d7c22142)
Dr. Matthias St. Pierre [Wed, 10 Oct 2018 00:31:37 +0000 (02:31 +0200)]
rand_unix.c: fix --with-rand-seed=none build
Fixes a compiler warning about an unused syscall_random()
and cleans up the OPENSSL_RAND_SEED preprocessor logic.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/779)
(cherry picked from commit
d90e128be6e584d319931c78cb8f8f68d17b6a34)
Paul Yang [Mon, 8 Oct 2018 09:04:14 +0000 (17:04 +0800)]
Fix a nit of copyright date range
Should be 2018 instead of 20018.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7364)
Benjamin Kaduk [Thu, 4 Oct 2018 18:49:21 +0000 (13:49 -0500)]
apps: allow empty attribute values with -subj
Historically (i.e., OpenSSL 1.0.x), the openssl applications would
allow for empty subject attributes to be passed via the -subj argument,
e.g., `opensl req -subj '/CN=joe/O=/OU=local' ...`. Commit
db4c08f0194d58c6192f0d8311bf3f20e251cf4f applied a badly needed rewrite
to the parse_name() helper function that parses these strings, but
in the process dropped a check that would skip attributes with no
associated value. As a result, such strings are now treated as
hard errors and the operation fails.
Restore the check to skip empty attribute values and restore
the historical behavior.
Document the behavior for empty subject attribute values in the
corresponding applications' manual pages.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7349)
(cherry picked from commit
3d362f190306b62a17aa2fd475b2bc8b3faa8142)
Ԝеѕ [Fri, 5 Oct 2018 18:58:30 +0000 (14:58 -0400)]
Cleanup typos and grammar in DES_random_key.pod
CLA: trivial
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7356)
(cherry picked from commit
4fef4981f8cc614559b86a06532b0eeac6ffd0d9)
Richard Levitte [Mon, 24 Sep 2018 10:18:31 +0000 (12:18 +0200)]
/dev/crypto engine: give CIOCFSESSION the actual sess-id
We passed that ioctl a pointer to the whole session_op structure,
which wasn't quite right.
Notified by David Legault.
Fixes #7302
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7304)
(cherry picked from commit
470096e576941566fd094f2fd793dc2948804ea8)
Dr. Matthias St. Pierre [Thu, 4 Oct 2018 23:05:54 +0000 (01:05 +0200)]
test/secmemtest: test secure memory only if it is implemented
Fixes #7322
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7351)
(cherry picked from commit
8529b156421805415bc7b17758255394de580c61)
Matt Caswell [Wed, 3 Oct 2018 14:29:47 +0000 (15:29 +0100)]
Extend the BIO callback tests to check the return value semantics
Check that different return values passed to the BIO callback are
correctly handled.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7344)
(cherry picked from commit
52d78cc5ebc1d4fc021cabbcb09f4efb4c6ae82d)
Matt Caswell [Wed, 3 Oct 2018 14:27:31 +0000 (15:27 +0100)]
Fix the BIO callback return code handling
The BIO callback handling incorrectly wrote over the return code passed
to the callback, meaning that an incorrect result was (eventually) returned
to the caller.
Fixes #7343
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7344)
(cherry picked from commit
d97ce8d9a0619c1d9d1222dc1b44dbebb58dd966)
Richard Levitte [Sun, 30 Sep 2018 00:18:47 +0000 (02:18 +0200)]
Clean out aliases in include/openssl/symhacks.h
Only a few clashing ones remain
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7331)
(cherry picked from commit
b44882a0bd0717e0aab84f5dc3ef81ab673155e9)
Richard Levitte [Sat, 29 Sep 2018 23:59:11 +0000 (01:59 +0200)]
Small cleanup (util/mkdef.pl, crypto/bio/bss_log.c, include/openssl/ocsp.h)
BIO_s_log() is declared for everyone, so should return NULL when not
actually implemented. Also, it had explicit platform limitations in
util/mkdef.pl that didn't correspond to what was actually in code.
While at it, a few other hard coded things that have lost their
relevance were removed.
include/openssl/ocsp.h had a few duplicate declarations.
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7331)
(cherry picked from commit
7e09c5eaa57295f87453286ffe25277c2f2bc73f)
Matt Caswell [Mon, 1 Oct 2018 12:16:55 +0000 (13:16 +0100)]
Fix some Coverity warnings
Check some return values on some functions.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7335)
(cherry picked from commit
434893af2bd4c1fa72655f8e5262c8a432713968)
Matt Caswell [Mon, 1 Oct 2018 11:06:06 +0000 (12:06 +0100)]
Fix a mem leak in the ocsp app
Free memory allocated in the parent process that is not needed in the
child. We also free it in the parent. Technically this isn't really
required since we end up calling exit() soon afterwards - but to
prevent false positives we free it anyway.
Fixes a Coverity issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7335)
(cherry picked from commit
c20a76f695922f409c316399f7290530f7728f19)
Antoine Salon [Wed, 26 Sep 2018 08:56:05 +0000 (16:56 +0800)]
Add missing cipher aliases to openssl(1)
And references to other manpages are also added in openssl(1).
Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7314)
James Callahan [Thu, 23 Aug 2018 02:12:05 +0000 (12:12 +1000)]
doc/man3/SSL_set_bio.pod: Fix wrong function name in return values section
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7035)
Antoine Salon [Mon, 17 Sep 2018 22:42:19 +0000 (15:42 -0700)]
Update enc(1) examples to more recent ciphers and key derivation algorithms
Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7248)
(cherry picked from commit
eadde90bff01a6755399a4e1f6a3e4a9ed0fd61d)
Bernd Edlinger [Sun, 23 Sep 2018 07:20:54 +0000 (09:20 +0200)]
Reduce stack usage in tls13_hkdf_expand
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7297)
(cherry picked from commit
ec0c5f5693e39c5a013f81e6dd9dfd09ec65162d)
Daniel Bevenius [Mon, 24 Sep 2018 06:43:35 +0000 (08:43 +0200)]
Document OPENSSL_VERSION_TEXT macro
This commit documents the OPENSSL_VERSION_TEXT which is currently
missing in the man page.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7301)
(cherry picked from commit
7c69495712e3dc9aa8db38271f0c3faeb2037165)
Pauli [Mon, 24 Sep 2018 01:21:18 +0000 (11:21 +1000)]
Use secure_getenv(3) when available.
Change all calls to getenv() inside libcrypto to use a new wrapper function
that use secure_getenv() if available and an issetugid then getenv if not.
CPU processor override flags are unchanged.
Extra checks for OPENSSL_issetugid() have been removed in favour of the
safe getenv.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7047)
(cherry picked from commit
5c39a55d04ea6e6f734b627a050b9e702788d50d)
Bernd Edlinger [Thu, 13 Sep 2018 16:25:37 +0000 (18:25 +0200)]
Create the .rnd file it it does not exist
It's a bit annoying, since some commands try to read a .rnd file,
and print an error message if the file does not exist.
But previously a .rnd file was created on exit, and that does no longer
happen.
Fixed by continuing in app_RAND_load_conf regardless of the error in
RAND_load_file.
If the random number generator is still not initalized on exit, the
function RAND_write_file will fail and no .rnd file would be created.
Remove RANDFILE from openssl.cnf
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7217)
(cherry picked from commit
0f58220973a02248ca5c69db59e615378467b9c8)
agnosticdev [Thu, 20 Sep 2018 10:23:27 +0000 (05:23 -0500)]
typo-fixes: miscellaneous typo fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7277)
(cherry picked from commit
46d085096c6ead624c61e4b8b301421301511e64)
Matt Caswell [Wed, 19 Sep 2018 09:09:39 +0000 (10:09 +0100)]
Fix the max psk len for TLSv1.3
If using an old style TLSv1.2 PSK callback then the maximum possible PSK
len is PSK_MAX_PSK_LEN (256) - not 64.
Fixes #7261
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7267)
(cherry picked from commit
f39a02c68abc8936db24499cb3cfcba206a2e7eb)
Matt Caswell [Wed, 19 Sep 2018 13:51:49 +0000 (14:51 +0100)]
Add a test for the certificate callback
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7257)
(cherry picked from commit
cd6fe29f5bad1a350a039673e06f83ec7a7ef619)
Matt Caswell [Tue, 18 Sep 2018 16:45:39 +0000 (17:45 +0100)]
Delay setting the sig algs until after the cert_cb has been called
Otherwise the sig algs are reset if SSL_set_SSL_CTX() gets called.
Fixes #7244
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7257)
(cherry picked from commit
524006dd1b80c1a86a20119ad988666a80d8d8f5)
Richard Levitte [Fri, 21 Sep 2018 09:11:15 +0000 (11:11 +0200)]
crypto/bn/asm/x86_64-gcc.c: remove unnecessary redefinition of BN_ULONG
This module includes bn.h via other headers, so it picks up the
definition from there and doesn't need to define them locally (any
more?). Worst case scenario, the redefinition may be different and
cause all sorts of compile errors.
Fixes #7227
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7287)
(cherry picked from commit
dda5396aaec315bdbcb080e42fb5cd0191f2ad72)
Richard Levitte [Thu, 20 Sep 2018 13:33:21 +0000 (15:33 +0200)]
/dev/crypto engine: add missing RC4 parameter
Fixes #7280
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7281)
(cherry picked from commit
f52f2c1ae8f2ec378c5a20fb4104aa38edbabfcb)
Paul Yang [Thu, 20 Sep 2018 09:04:15 +0000 (17:04 +0800)]
Add some missing ciphers in 'enc' document
The original issue is #7273 and this commit fixes part of that issue.
[skip ci]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7275)
Richard Levitte [Wed, 12 Sep 2018 00:38:22 +0000 (02:38 +0200)]
util/mkdef.pl, util/add-depends.pl: don't lowercase file names
It turns out to be detrimental on some file systems that may or may not
be case sensitive (such as NTFS, which has a case sensitive mode).
Fixes #7172
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7172)
(cherry picked from commit
d3c72e392ab72d418ea5147857701a8730def3fd)
Richard Levitte [Wed, 19 Sep 2018 19:33:45 +0000 (21:33 +0200)]
crypto/ui/ui_openssl.c: make sure to recognise ENXIO and EIO too
These both indicate that the file descriptor we're trying to use as a
terminal isn't, in fact, a terminal.
Fixes #7271
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7272)
(cherry picked from commit
276bf8620ce35a613c856f2b70348f65ffe94067)
Benjamin Kaduk [Wed, 19 Sep 2018 14:02:04 +0000 (09:02 -0500)]
Reset TLS 1.3 ciphers in SSL_CTX_set_ssl_version()
Historically SSL_CTX_set_ssl_version() has reset the cipher list
to the default. Splitting TLS 1.3 ciphers to be tracked separately
caused a behavior change, in that TLS 1.3 cipher configuration was
preserved across calls to SSL_CTX_set_ssl_version(). To restore commensurate
behavior with the historical behavior, set the ciphersuites to the default as
well as setting the cipher list to the default.
Closes: #7226
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7270)
(cherry picked from commit
2340ed277b7c5365e83a32eb7d5fa32c4071fb21)
Dr. Matthias St. Pierre [Tue, 18 Sep 2018 05:56:27 +0000 (07:56 +0200)]
ssl/ssl_ciph.c: make set_ciphersuites static
Fixes #7252
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7253)
(cherry picked from commit
f9a22815f386dbe7a13822f0ac3629ae8521cd76)
Tobias Nießen [Fri, 14 Sep 2018 19:43:12 +0000 (21:43 +0200)]
Trivial test improvements
This commit reuses a variable instead of reevaluating the expression
and updates an outdated comment in the EVP test.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7242)
(cherry picked from commit
523fcfb4c081ec346f117fd493103ddcd521e431)
David Makepeace [Mon, 17 Sep 2018 03:46:08 +0000 (13:46 +1000)]
Fixed typos in hkdf documentation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7236)
(cherry picked from commit
d474100af0827d9ba87f3bb25a34867244552df5)
Pauli [Mon, 17 Sep 2018 00:40:32 +0000 (10:40 +1000)]
Add missing include file.
Specifically, include e_os.h to pick up alloca definition for WIN32.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7234)
(cherry picked from commit
a825856ab719b0fcce229faad2b437fc88985251)
Pauli [Sun, 16 Sep 2018 21:47:42 +0000 (07:47 +1000)]
Use 'i' as parameter name not 'I'.
The latter causes problems when complex.h is #included.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7233)
(cherry picked from commit
972f67889b5a10c33dbc3d500cfa65b544e68b46)
Pauli [Sun, 16 Sep 2018 22:09:25 +0000 (08:09 +1000)]
Add a compile time test to verify that openssl/rsa.h and complex.h can
coexist.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7233)
(cherry picked from commit
da5fac72b1cba5651b871902eea234e693cf01e5)
Matt Eaton [Fri, 14 Sep 2018 02:11:14 +0000 (21:11 -0500)]
Update RAND_DRBG.pod
Fixed a minor typo while reading the documentation.
I agree that this contribution is trivial can be freely used.
CLA: trivial
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7221)
Kurt Roeckx [Tue, 11 Sep 2018 21:39:25 +0000 (23:39 +0200)]
Improve SSL_shutdown() documentation
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
GH: #7188
(cherry picked from commit
8e593f0a0dbcb3193548ced3c2e78fbbd201b2db)
Richard Levitte [Sat, 15 Sep 2018 12:59:06 +0000 (14:59 +0200)]
VMS: only use the high precision on VMS v8.4 and up
It simply isn't available on older versions.
Issue submitted by Mark Daniels
Fixes #7229
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7230)
Paul Yang [Thu, 13 Sep 2018 02:17:14 +0000 (11:17 +0900)]
Make some return checks consistent with others
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7209)
Matt Caswell [Wed, 12 Sep 2018 16:11:10 +0000 (17:11 +0100)]
Don't allow -early_data with other options where it doesn't work
-early_data is not compatible with -www, -WWW, -HTTP or -rev.
Fixes #7200
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7206)
(cherry picked from commit
6ef40f1fc08f0c4ffb08438d63eed83eae7eb2b8)
Matt Caswell [Wed, 12 Sep 2018 15:49:19 +0000 (16:49 +0100)]
Add an explicit cast to time_t
Caused a compilation failure in some environments
Fixes #7204
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7205)
(cherry picked from commit
bc278f30f0b766bfb82426c641dc1d51ace4a994)
Dr. Matthias St. Pierre [Tue, 11 Sep 2018 22:37:15 +0000 (00:37 +0200)]
Replace the public RAND_DRBG_USED_FLAGS #define by an internal constant
The new DRBG API added the aforementioned #define. However, it is
used internally only and having it defined publicly does not serve
any purpose except causing potential version compatibility problems.
Fixes #7182
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7190)
(cherry picked from commit
c402e943cd0d748ca2a74a37caeccdfc59ce2870)
Bernd Edlinger [Tue, 11 Sep 2018 09:44:13 +0000 (11:44 +0200)]
Fix a possible recursion in SSLfatal handling
Fixes: #7161 (hopefully)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7175)
(cherry picked from commit
6839a7a7f4973a3fc2f87b12664c26d524bef1f4)
Brian 'geeknik' Carpenter [Wed, 12 Sep 2018 06:24:00 +0000 (01:24 -0500)]
Update README.md
Fixes a minor typo that would cause the linker to complain about not finding -lFuzzer
CLA: trivial
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7197)
(cherry picked from commit
8e8fe187f1559a7fc9f50cc4af7f880273a4eea2)
Viktor Szakats [Tue, 11 Sep 2018 22:34:00 +0000 (22:34 +0000)]
minor fixes for Windows
- fix to use secure URL in generated Windows resources
- fix a potentially uninitialized variable
- fix an unused variable warning
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7189)
Richard Levitte [Wed, 12 Sep 2018 00:06:26 +0000 (02:06 +0200)]
crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined
Fixes #7186
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7193)
(cherry picked from commit
88ea3685e4bf30fc529fe46e19effc6317726de8)
Matt Caswell [Tue, 11 Sep 2018 12:49:46 +0000 (13:49 +0100)]
Prepare for 1.1.1a-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 11 Sep 2018 12:48:18 +0000 (13:48 +0100)]
Prepare for 1.1.1 release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 11 Sep 2018 12:22:14 +0000 (13:22 +0100)]
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7176)
Richard Levitte [Tue, 11 Sep 2018 09:00:30 +0000 (11:00 +0200)]
CAPI engine: add support for RSA_NO_PADDING
Since the SSL code started using RSA_NO_PADDING, the CAPI engine became
unusable. This change fixes that.
Fixes #7131
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7174)
Matt Caswell [Mon, 10 Sep 2018 15:23:14 +0000 (16:23 +0100)]
Check the return value from ASN1_INTEGER_set
Found by Coverity
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7169)
Matt Caswell [Mon, 10 Sep 2018 15:53:17 +0000 (16:53 +0100)]
Validate the SM2 digest len before use
Fixes a Coverity complaint.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7170)
Matt Caswell [Mon, 10 Sep 2018 15:03:14 +0000 (16:03 +0100)]
Don't cast an int * to a size_t *
If sizeof(int) != sizeof(size_t) this may not work correctly.
Fixes a Coverity issue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7168)
Matt Caswell [Mon, 10 Sep 2018 13:44:04 +0000 (14:44 +0100)]
More updates to CHANGES and NEWS for the 1.1.1 release
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7167)
Matt Caswell [Mon, 10 Sep 2018 10:51:30 +0000 (11:51 +0100)]
Updates NEWS for the 1.1.1 release
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7164)
Matt Caswell [Mon, 10 Sep 2018 10:33:40 +0000 (11:33 +0100)]
Update the pyca-cryptography submodule
Hopefully this will resolve spurious travis failures.
[extended tests]
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7163)
Paul Yang [Mon, 10 Sep 2018 05:42:00 +0000 (13:42 +0800)]
Add a sentence in CHANGES to note SM2 support
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7160)
Dr. Matthias St. Pierre [Sun, 9 Sep 2018 22:20:12 +0000 (00:20 +0200)]
test/evp_extra_test.c: fix null pointer dereference
It's actually not a real issue but caused by the absence of the default case
which does not occur in reality but which makes coverity see a code path where
pkey remains unassigned.
Reported by Coverity Scan (CID
1423323)
[extended tests]
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7158)
Dr. Matthias St. Pierre [Sun, 9 Sep 2018 14:33:12 +0000 (16:33 +0200)]
crypto/rsa/rsa_pss.c: silence coverity warning
Reported by Coverity Scan (CID
1439138)
[extended tests]
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7156)
Dr. Matthias St. Pierre [Sun, 9 Sep 2018 14:19:19 +0000 (16:19 +0200)]
test/dhtest.c: fix resource leak
Reported by Coverity Scan (CID
1439136)
[extended tests]
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7155)
Richard Levitte [Thu, 6 Sep 2018 20:09:11 +0000 (22:09 +0200)]
ASN.1 DER: Make INT32 / INT64 types read badly encoded LONG zeroes
The deprecated ASN.1 type LONG / ZLONG (incorrectly) produced zero
length INTEGER encoding for zeroes. For the sake of backward
compatibility, we allow those to be read without fault when using the
replacement types INT32 / UINT32 / INT64 / UINT64.
Fixes #7134
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7144)
Richard Levitte [Sat, 8 Sep 2018 08:09:32 +0000 (10:09 +0200)]
TESTS: add test of decoding of invalid zero length ASN.1 INTEGER zero
Confirms #7134
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7153)
Richard Levitte [Thu, 6 Sep 2018 20:52:38 +0000 (22:52 +0200)]
SipHash: add separate setter for the hash size
This was originally part of SipHash_Init. However, there are cases
where there isn't any key material to initialize from when setting the
hash size, and we do allow doing so with a EVP_PKEY control. The
solution is to provide a separate hash_size setter and to use it in
the corresponding EVP_PKEY_METHOD.
Fixes #7143
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7145)
Richard Levitte [Sat, 8 Sep 2018 21:19:39 +0000 (23:19 +0200)]
TESTS: add SipHash tests with digestsize controls
Confirms #7143
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7154)
Richard Levitte [Sat, 8 Sep 2018 21:19:06 +0000 (23:19 +0200)]
SipHash: make it possible to control the hash size through string controls
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7154)
Richard Levitte [Sat, 8 Sep 2018 21:16:55 +0000 (23:16 +0200)]
test/evp_test.c: make it possible to use controls with MAC tests
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7154)
Matt Caswell [Fri, 7 Sep 2018 14:17:34 +0000 (15:17 +0100)]
Do not reset SNI data in SSL_do_handshake()
PR #3783 introduce coded to reset the server side SNI state in
SSL_do_handshake() to ensure any erroneous config time SNI changes are
cleared. Unfortunately SSL_do_handshake() can be called mid-handshake
multiple times so this is the wrong place to do this and can mean that
any SNI data is cleared later on in the handshake too.
Therefore move the code to a more appropriate place.
Fixes #7014
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7149)
Ben Kaduk [Tue, 4 Sep 2018 17:30:00 +0000 (12:30 -0500)]
Simplify SSL_get_servername() to avoid session references
Ideally, SSL_get_servername() would do exactly as it is documented
and return exactly what the client sent (i.e., what we currently
are stashing in the SSL's ext.hostname), without needing to refer
to an SSL_SESSION object. For historical reasons, including the
parsed SNI value from the ClientHello originally being stored in the
SSL_SESSION's ext.hostname field, we have had references to the
SSL_SESSION in this function. We cannot fully excise them due to
the interaction between user-supplied callbacks and TLS 1.2 resumption
flows, where we call all callbacks but the client did not supply an
SNI value. Existing callbacks expect to receive a valid SNI value
in this case, so we must fake one up from the resumed session in
order to avoid breakage.
Otherwise, greatly simplify the implementation and just return the
value in the SSL, as sent by the client.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7115)
Ben Kaduk [Tue, 4 Sep 2018 16:44:07 +0000 (11:44 -0500)]
Restore historical SSL_get_servername() behavior
Commit
1c4aa31d79821dee9be98e915159d52cc30d8403 modified the state machine
to clean up stale ext.hostname values from SSL objects in the case when
SNI was not negotiated for the current handshake. This is natural from
the TLS perspective, since this information is an extension that the client
offered but we ignored, and since we ignored it we do not need to keep it
around for anything else.
However, as documented in https://github.com/openssl/openssl/issues/7014 ,
there appear to be some deployed code that relies on retrieving such an
ignored SNI value from the client, after the handshake has completed.
Because the 1.1.1 release is on a stable branch and should preserve the
published ABI, restore the historical behavior by retaining the ext.hostname
value sent by the client, in the SSL structure, for subsequent retrieval.
[extended tests]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7115)
Matt Caswell [Thu, 6 Sep 2018 14:53:25 +0000 (15:53 +0100)]
Ensure certificate callbacks work correctly in TLSv1.3
The is_tls13_capable() function should not return 0 if no certificates
are configured directly because a certificate callback is present.
Fixes #7140
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7141)
Matt Caswell [Thu, 6 Sep 2018 14:21:42 +0000 (15:21 +0100)]
Remove a reference to SSL_force_post_handshake_auth()
That function was removed in favour of SSL_set_post_handshake_auth().
Update the docs accordingly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7139)