Matt Caswell [Wed, 12 Apr 2017 16:02:42 +0000 (17:02 +0100)]
Don't fail the connection in SSLv3 if server selects ECDHE
ECDHE is not properly defined for SSLv3. Commit
fe55c4a2 prevented ECDHE
from being selected in that protocol. However, historically, servers do
still select ECDHE anyway so that commit causes interoperability problems.
Clients that previously worked when talking to an SSLv3 server could now
fail.
This commit introduces an exception which enables a client to continue in
SSLv3 if the server selected ECDHE.
(cherry picked from commit
8af91fd9d08487e0dffb6ccac5f42633c964f3f0)
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3734)
Bernd Edlinger [Sun, 26 Mar 2017 21:29:41 +0000 (23:29 +0200)]
Add parentheses around macro argument of OSSL_NELEM.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3039)
(cherry picked from commit
26dc47f3c44c7fb4488d1becaf997737486f4922)
Benjamin Kaduk [Mon, 1 May 2017 17:39:20 +0000 (12:39 -0500)]
Remove duplicates from clang_devteam_warnings
Since the clang_devteam_warnings are appended to the gcc_devteam_warnings
when strict-warnings are requested, any items present in both the gcc
and clang variables will be duplicated in the cflags used for clang builds.
Remove the extra copy from the clang-specific flags in favor of the
gcc_devteam_warnings that are used for all strict-warnings builds.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3239)
(cherry picked from commit
96db26919d5caff2db6340354a026f56dc6f09da)
[extended tests]
Benjamin Kaduk [Fri, 14 Apr 2017 16:53:04 +0000 (11:53 -0500)]
Address some -Wold-style-declaration warnings
gcc's -Wextra pulls in -Wold-style-declaration, which triggers when a
declaration has a storage-class specifier as a non-initial qualifier.
The ISO C formal grammar requires the storage-class to be the first
component of the declaration, if present.
Seeint as the register storage-class specifier does not really have any effect
anymore with modern compilers, remove it entirely while we're here, instead of
fixing up the order.
Interestingly, the gcc devteam warnings do not pull in -Wextra, though
the clang ones do.
[extended tests]
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3239)
(cherry picked from commit
f44903a428cc63ce88bfba26e8e4e2e9b21f058d)
Benjamin Kaduk [Tue, 18 Apr 2017 15:48:11 +0000 (10:48 -0500)]
Add -Wextra to gcc devteam warnings
clang already has it; let's flip the switch and deal with the fallout.
Exclude -Wunused-parameter, as we have many places where we keep unused
parameters to conform to a uniform vtable-like interface.
Also exclude -Wmissing-field-initializers; it's okay to rely on
the standard-mandated behavior of filling out with 0/NULL.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3239)
(cherry picked from commit
560ad13c74fe6967991a2429d90eeeba815d1f9e)
Bernd Edlinger [Mon, 19 Jun 2017 11:33:41 +0000 (13:33 +0200)]
Fix the fall-out in 04-test_bioprint.t
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3712)
(cherry picked from commit
3ac6d5ee5372b05aa90cc5c44efbde01bd669e9e)
Bernd Edlinger [Mon, 19 Jun 2017 09:18:44 +0000 (11:18 +0200)]
Fix the error handling in ERR_get_state:
- Ignoring the return code of ossl_init_thread_start created a memory leak.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3712)
(cherry picked from commit
af6de400b49c011600cfd557319d1142da6e5cbd)
Paul Yang [Sat, 17 Jun 2017 14:17:44 +0000 (22:17 +0800)]
Remove non-accurate description in Configure script
For DES and 3DES based ciphers are also enabled by this option.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3707)
(cherry picked from commit
edcdf38bd09f77160f0ec3e5bdd9d9525daf6f25)
Bernd Edlinger [Wed, 14 Jun 2017 19:54:15 +0000 (21:54 +0200)]
Remove a pointless "#if 0" block from BN_mul.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3683)
(cherry picked from commit
93a8b3ba793c769a3634e56642dac55a8d44023f)
Todd Short [Thu, 15 Jun 2017 19:24:19 +0000 (15:24 -0400)]
Add apps/progs.h to gitignore
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3692)
(cherry picked from commit
0bb4847b67b9eaa1123abf99e077d66ad54c7616)
Richard Levitte [Thu, 15 Jun 2017 17:31:01 +0000 (19:31 +0200)]
Build apps/progs.h dynamically
Because apps/progs.h isn't configuration agnostic, it's not at all
suited for 'make update' or being versioned, so change it to be
dynamically generated.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3688)
(cherry picked from commit
6a74806ed741db24df3a7155e4bc11fb4ba9bc2a)
Richard Levitte [Thu, 15 Jun 2017 14:52:18 +0000 (16:52 +0200)]
.travis.yml: Detect if 'make update' updated something
If it did, it really is something that should be checked in, and should
therefore make a CI build fail.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3686)
(cherry picked from commit
46e5b661d435b11652b90cd9e06cbf6606d3b61a)
Bernd Edlinger [Tue, 13 Jun 2017 16:08:40 +0000 (18:08 +0200)]
Fix crash in ecdh_simple_compute_key.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3671)
(cherry picked from commit
abea494cf75061650deecf584adc2cd293ce322d)
Bernd Edlinger [Tue, 13 Jun 2017 19:22:45 +0000 (21:22 +0200)]
Fix a possible crash in dsa_builtin_paramgen2.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3675)
(cherry picked from commit
fb0a64126b8c11a6961dfa1323c3602b591af7df)
Bernd Edlinger [Tue, 13 Jun 2017 20:08:03 +0000 (22:08 +0200)]
Fix another possible crash in rsa_ossl_mod_exp.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3675)
(cherry picked from commit
5625567f9c7daaa2e2689647e10e4c5d7370718f)
Bernd Edlinger [Tue, 13 Jun 2017 20:34:30 +0000 (22:34 +0200)]
Fix possible crash in X931 code.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3675)
(cherry picked from commit
5419dadd4bd1f7abbfa23326ca766d2c143f257c)
Todd Short [Wed, 26 Apr 2017 18:05:49 +0000 (14:05 -0400)]
Fix ex_data and session_dup issues
Code was added in commit
b3c31a65 that overwrote the last ex_data value
using CRYPTO_dup_ex_data() causing a memory leak, and potentially
confusing the ex_data dup() callback.
In ssl_session_dup(), fix error handling (properly reference and up-ref
shared data) and new-up the ex_data before calling CRYPTO_dup_ex_data();
all other structures that dup ex_data have the destination ex_data new'd
before the dup.
Fix up some of the ex_data documentation.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3625)
Bernd Edlinger [Tue, 13 Jun 2017 17:00:35 +0000 (19:00 +0200)]
Fix a possible crash in the error handling.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3672)
(cherry picked from commit
4fc426b78964b3d234cb7b1b6112c9b80e16a13a)
Bernd Edlinger [Tue, 13 Jun 2017 05:22:50 +0000 (07:22 +0200)]
Fix a memleak in ec_copy_parameters.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3666)
(cherry picked from commit
188a9bd950837c70661aa6849894e4e02d129031)
Bernd Edlinger [Mon, 12 Jun 2017 16:05:19 +0000 (18:05 +0200)]
Fix memleak in EVP_DigestSignFinal/VerifyFinal.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3658)
(cherry picked from commit
19546246cf44d30043fb17d1899b2c325924ac8b)
Rich Salz [Sat, 10 Jun 2017 19:25:56 +0000 (15:25 -0400)]
Remove needless type casting.
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3627)
(cherry picked from commit
a020f54c25985fc83e809daa15a3920731d39612)
Paul Yang [Fri, 9 Jun 2017 18:22:22 +0000 (02:22 +0800)]
Fix possible usage of NULL pointers in apps/spkac.c
Check return value of NETSCAPE_SPKI_new() and
NETSCAPE_SPKI_b64_encode(), and also clean up coding style incidentally.
Signed-off-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3647)
(cherry picked from commit
f2582f08d5167ee84b7b313fd1435fe91ee44880)
Jonathan Protzenko [Wed, 17 May 2017 16:09:01 +0000 (09:09 -0700)]
Fix speed command for alternation of ciphers and digests.
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3487)
(cherry picked from commit
9ae4e664da0692f27bfe0d1a34db29ed815203c8)
Rich Salz [Fri, 9 Jun 2017 16:26:30 +0000 (12:26 -0400)]
fix broken implementations of GOST ciphersuites
removed the unnecessary upper bracket
add !SSL_USE_SIGALGS to check for broken implementations of GOST
client signature (signature without length field)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3588)
Benjamin Kaduk [Thu, 8 Jun 2017 20:55:30 +0000 (15:55 -0500)]
Remove stale note from s_server.pod
Modern browsers are now, well, pretty modern.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3644)
(cherry picked from commit
36c438514db71eba3e8062fef7869b9211630a19)
Tomas Mraz [Mon, 22 May 2017 14:20:21 +0000 (16:20 +0200)]
Ignore -named_curve auto value to improve backwards compatibility
Fixes #3490
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3518)
(cherry picked from commit
1c7aa0dbf16c3389bbedd13391bb653e7a189603)
Rich Salz [Thu, 8 Jun 2017 20:05:52 +0000 (16:05 -0400)]
Fix a read off the end of the input buffer
when building with OPENSSL_SMALL_FOOTPRINT defined.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3533)
(cherry picked from commit
0b20ad127ce86b05a854f31d51d91312c86ccc74)
Diego Santa Cruz [Tue, 16 May 2017 08:35:49 +0000 (10:35 +0200)]
Use memset to clear SRP_CTX instead of NULL and zero assignments
This uses memset() to clear all of the SRP_CTX when free'ing or
initializing it as well as in error paths instead of having a series
of NULL and zero assignments as it is safer.
It also changes SSL_SRP_CTX_init() to reset all the SRP_CTX to zero
in case or error, previously it could retain pointers to freed
memory, potentially leading to a double free.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3467)
(cherry picked from commit
135976b3dd24e674c202c20b5746fc04ebb1fc1a)
Diego Santa Cruz [Mon, 15 May 2017 08:35:45 +0000 (10:35 +0200)]
Make SRP_CTX.info ownership and lifetime be the same as SRP_CTX.login.
Ownership and lifetime rules of SRP_CTX.info are confusing and different
from those of SRP_CTX.login, making it difficult to use correctly.
This makes the ownership and lifetime be the same as those of SRP_CTX.login,
thet is a copy is made when setting it and is freed when SRP_CTX is freed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3467)
(cherry picked from commit
e655f5494100d93307726b23f4718ead0cadc0c3)
Richard Levitte [Thu, 8 Jun 2017 06:02:26 +0000 (08:02 +0200)]
Windows: rearrange programs cleanup
The list of programs hit nmake's maximum line length, so we split up the
line in smaller chunks.
Fixes #3634
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3636)
(cherry picked from commit
edef840f23b31066df4333995f544ae0f32d3e09)
Rich Salz [Wed, 7 Jun 2017 15:23:37 +0000 (11:23 -0400)]
Add a lock around the OBJ_NAME table
Various initialization functions modify this table, which can cause heap
corruption in the absence of external synchronization.
Some stats are modified from OPENSSL_LH_retrieve, where callers aren't
expecting to have to take out an exclusive lock. Switch to using atomic
operations for those stats.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3525)
(cherry picked from commit
be606c013d31847718ceb5d97c567988a771c2e5)
Rich Salz [Fri, 2 Jun 2017 20:05:37 +0000 (16:05 -0400)]
Document default client -psk_identity
Document that -psk is required to use PSK cipher
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3607)
(cherry picked from commit
9d772829c9e4f202460acb43f9e073841a7cb9db)
Andy Polyakov [Sat, 3 Jun 2017 19:08:57 +0000 (21:08 +0200)]
ec/asm/ecp_nistz256-x86_64.pl: minor sqr_montx cleanup.
Drop some redundant instructions in reduction in ecp_nistz256_sqr_montx.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
8fc063dcc9668589fd95533d25932396d60987f9)
Rich Salz [Wed, 31 May 2017 16:14:55 +0000 (12:14 -0400)]
Only release thread-local key if we created it.
Thanks to Jan Alexander Steffens for finding the bug and confirming the
fix.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3592)
(cherry picked from commit
73bc53708c386c1ea85941d345721e23dc61c05c)
Rich Salz [Fri, 2 Jun 2017 14:30:44 +0000 (10:30 -0400)]
Add text pointing to full change list.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3606)
(cherry picked from commit
01dfaa08b1960049f91485f2e5eec6c6bd03db39)
Benjamin Kaduk [Thu, 1 Jun 2017 16:37:43 +0000 (11:37 -0500)]
Do not document SSL_CTX_set1_cert_store()
It does not exist on this branch.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3602)
Paul Yang [Wed, 31 May 2017 14:46:30 +0000 (22:46 +0800)]
Fix coding style in apps/passwd file
Reformat some indents and braces based on OpenSSL coding style spec.
Signed-off-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3586)
(cherry picked from commit
72d8b823bbe749da528f386408541ae1daa644c9)
Matt Caswell [Wed, 31 May 2017 09:27:32 +0000 (10:27 +0100)]
Wait longer for the server in TLSProxy to start
In a recent PR (#3566) it seems that TLSProxy gave up trying to connect to
the server process too quickly. This meant the test failed even though the
server *did* eventually start. Currently we try 3 times to connect with a
0.1 second pause between each attempt. That is probably too aggressive.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3587)
(cherry picked from commit
142463c9375efdcdaa4c504f6aaf5bfd61d5ba99)
Rich Salz [Thu, 25 May 2017 18:16:26 +0000 (14:16 -0400)]
Add stricter checking in NAME section
Require a comma between every name and a single space before the dash
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3559)
(cherry picked from commit
2bcb232ebeb155c6f1241deb84a26ab23176f866)
Rich Salz [Fri, 7 Apr 2017 16:39:02 +0000 (12:39 -0400)]
Make default_method mostly compile-time
Document thread-safety issues
Cherry-pick from
076fc55527a1499391fa6de109c8387895199ee9 but
keeps the RSA_null method.
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3146)
Andy Polyakov [Thu, 25 May 2017 16:08:09 +0000 (18:08 +0200)]
modes/ocb128.c: address undefined behaviour warning.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3526)
(cherry picked from commit
14bb100b6cc4c875473af6659c8368198e898050)
Matt Caswell [Fri, 26 May 2017 12:06:08 +0000 (13:06 +0100)]
Fix a Proxy race condition
Issue #3562 describes a problem where a race condition can occur in the
Proxy such that a test "ok" line can appear in the middle of other text
causing the test harness to miss it. The issue is that we do not wait for
the client process to finish after the test is complete, so that process may
continue to write data to stdout/stderr at the same time that the test
harness does.
This commit fixes TLSProxy so that we always wait for the client process to
finish before continuing.
Fixes #3562
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3567)
(cherry picked from commit
b72668a0d3586ee2560f0536c43e18991a4cfc6f)
Todd Short [Mon, 22 May 2017 15:24:59 +0000 (11:24 -0400)]
Fix inconsistent check of UNSAFE_LEGACY_RENEGOTIATION
The check for SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is
inconsistent. Most places check SSL->options, one place is checking
SSL_CTX->options; fix that.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
GH: #3523
(cherry picked from commit
dffdcc773ac0a294b1ce620131cb8d7401da9408)
Rainer Jung [Thu, 25 May 2017 21:58:14 +0000 (23:58 +0200)]
Fix use of "can_load()" in run_tests.pl.
CLA: Trivial
Fixes #3563.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3564)
(cherry picked from commit
418bb7b31bb7cfca6e419a5aa7bf161784f61059)
Kurt Roeckx [Thu, 25 May 2017 17:24:11 +0000 (19:24 +0200)]
Add missing commas in pod files
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #3557
(cherry picked from commit
6061f80b5c55f03f9604d793cc06917b105bc4bc)
Matt Caswell [Thu, 25 May 2017 14:18:22 +0000 (15:18 +0100)]
Document that HMAC() with a NULL md is not thread safe
Fixes #3541
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3554)
Matt Caswell [Thu, 25 May 2017 12:47:35 +0000 (13:47 +0100)]
Prepare for 1.1.0g-dev
Reviewed-by: Stephen Henson <steve@openssl.org>
Matt Caswell [Thu, 25 May 2017 12:46:16 +0000 (13:46 +0100)]
Prepare for 1.1.0f release
Reviewed-by: Stephen Henson <steve@openssl.org>
Matt Caswell [Thu, 25 May 2017 09:54:19 +0000 (10:54 +0100)]
Update CHANGES and NEWS for new release
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3547)
David Woodhouse [Wed, 24 May 2017 11:18:14 +0000 (12:18 +0100)]
Document that PKCS#12 functions assume UTF-8 for passwords
Part of issue #3531
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3535)
(cherry picked from commit
cff85f39e438830cb5bc8bf7cb2ed6458670c5be)
Richard Levitte [Tue, 23 May 2017 17:52:54 +0000 (19:52 +0200)]
Clarify what character encoding is used in the returned UI strings
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3532)
(cherry picked from commit
789d6dddecbc231f5c858d203aab318cf81676fd)
Paul Yang [Mon, 22 May 2017 15:18:45 +0000 (23:18 +0800)]
Fix typo in doc/man3/EVP_EncrypInit.pod
In the example section.
CLA: trivial
Signed-off-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3520)
(cherry picked from commit
719b289d62d32fe45226e8bc5b4fb0d76f6a1b5d)
Alex Gaynor [Mon, 22 May 2017 13:37:57 +0000 (06:37 -0700)]
[1.1.0 backport] set entry type on SCTs from X.509 and OCSP extensions
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3519)
Todd Short [Thu, 11 May 2017 19:48:10 +0000 (15:48 -0400)]
Fix infinite loops in secure memory allocation.
Remove assertion when mmap() fails.
Only give the 1<<31 limit test as an example.
Fix the small arena test to just check for the symptom of the infinite
loop (i.e. initialized set on failure), rather than the actual infinite
loop. This avoids some valgrind errors.
Backport of:
PR #3512 commit
fee423bb68869de02fceaceefbc847e98213574b
PR #3510 commit
a486561b691d6293a901b412172ca0c6d1ffc0dc
PR #3455 commit
c8e89d58a5d44b9dd657d6d13a5a10d1d4d30733
PR #3449 commit
7031ddac94d0ae616d1b0670263a9265ce672cd2
Issue 1:
sh.bittable_size is a size_t but i is and int, which can result in
freelist == -1 if sh.bittable_size exceeds an int.
This seems to result in an OPENSSL_assert due to invalid allocation
size, so maybe that is "ok."
Worse, if sh.bittable_size is exactly 1<<31, then this becomes an
infinite loop (because 1<<31 is a negative int, so it can be shifted
right forever and sticks at -1).
Issue 2:
CRYPTO_secure_malloc_init() sets secure_mem_initialized=1 even when
sh_init() returns 0.
If sh_init() fails, we end up with secure_mem_initialized=1 but
sh.minsize=0. If you then call secure_malloc(), which then calls,
sh_malloc(), this then enters an infite loop since 0 << anything will
never be larger than size.
Issue 3:
That same sh_malloc loop will loop forever for a size greater
than size_t/2 because i will proceed (assuming sh.minsize=16):
i=16, 32, 64, ..., size_t/8, size_t/4, size_t/2, 0, 0, 0, 0, ....
This sequence will never be larger than "size".
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3453)
Diego Santa Cruz [Tue, 16 May 2017 14:05:19 +0000 (16:05 +0200)]
Fix srp app missing NULL termination with password callback
The password_callback() function does not necessarily NULL terminate
the password buffer, the caller must use the returned length but the
srp app uses this function as if it was doing NULL termination.
This made the -passin and -passout options of "openssl srp"
fail inexpicably and randomly or even crash.
Fixed by enlarging the buffer by one, so that the maximum password length
remains unchanged, and adding NULL termination upon return.
[Rearrange code for coding style compliance in process.]
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3475)
(cherry picked from commit
0e83981d61fc435f42d4bb4d774272b69556b7bc)
Andy Polyakov [Sun, 21 May 2017 09:40:46 +0000 (11:40 +0200)]
test/run_tests.pl: don't mask test failures.
Switch to TAP::Harness inadvertently masked test failures.
Test::Harness::runtests was terminating with non-zero exit code in case
of failure[s], while TAP::Harness apparently holds caller responsible
for doing so.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Sun, 21 May 2017 01:44:31 +0000 (21:44 -0400)]
-inkey can be an identifier, not just a file
update pkcs12, smime, ts apps.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3507)
(cherry picked from commit
48b5352212d8c68f7fd071ca9f38822b7e954c5a)
Diego Santa Cruz [Wed, 17 May 2017 08:17:59 +0000 (10:17 +0200)]
Fix endless loop on srp app when listing users
With the -list option the srp app loops on the main while() endlessly,
whether users were given on the command line or not. The loop should
be stopped when in list mode and there are no more users.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3489)
(cherry picked from commit
5ec3210fc106ecc6badb48db6cfb1493a7607763)
Matt Caswell [Tue, 2 May 2017 10:08:33 +0000 (11:08 +0100)]
Fix ASN1_TIME_to_generalizedtime to take a const ASN1_TIME
Fixes #1526
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3360)
(cherry picked from commit
9bfeeef8ee2220339e601a028fa991c30d296ed4)
Matt Caswell [Tue, 2 May 2017 10:00:50 +0000 (11:00 +0100)]
Make SSL_is_server() accept a const SSL
Fixes #1526
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3360)
(cherry picked from commit
6944311688015ad293bd788ce78f3226738ebf00)
Richard Levitte [Wed, 17 May 2017 06:28:55 +0000 (08:28 +0200)]
Remove notification settings from appveyor.yml
Notifications can be (and should be) configured on account basis on
the CI web site. This avoids getting emails to openssl-commits for
personal accounts that also build OpenSSL stuff.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3484)
(cherry picked from commit
7a94f5b0f7c878b1056a08f659ce23aa97bfa3ad)
Richard Levitte [Mon, 15 May 2017 12:59:38 +0000 (14:59 +0200)]
INSTALL: Remind people to read more if they added configuration options
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3469)
(cherry picked from commit
62f218cb8d31851935b8113a2a2236493b3510cc)
Richard Levitte [Mon, 15 May 2017 12:16:17 +0000 (14:16 +0200)]
INSTALL: clarify a bit more how Configure treats "unknown" options
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3468)
(cherry picked from commit
a3cb4cfc6af3f5fc1cd81ccd264daaa79d1c0a46)
Todd Short [Wed, 10 May 2017 15:44:55 +0000 (11:44 -0400)]
Clean up SSL_OP_* a bit
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3439)
(cherry picked from commit
80a2fc4100daf6f1001eee33ef2f9b9eee05bedf)
Richard Levitte [Thu, 11 May 2017 18:34:08 +0000 (20:34 +0200)]
Clean away needless VMS check
BIO_socket_ioctl is only implemented on VMS for VMS version 7.0 and
up, but since we only support version 7.1 and up, there's no need to
check the VMS version.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3448)
(cherry picked from commit
b57f0c598bde43e147a886c9ffb0d6fdb3141d72)
Richard Levitte [Thu, 11 May 2017 18:20:07 +0000 (20:20 +0200)]
Cleanup - use e_os2.h rather than stdint.h
Not exactly everywhere, but in those source files where stdint.h is
included conditionally, or where it will be eventually
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3447)
(cherry picked from commit
74a011ebb5e9028ef18982d737a434a8ff926a95)
Patrick Steuer [Sat, 15 Oct 2016 14:54:52 +0000 (16:54 +0200)]
Fix strict-warnings build
crypto/asn1/a_strex.c: Type of width variable in asn1_valid_host
function needs to be changed from char to signed char to avoid
build error due to '-Werror=type-limits'.
Signed-off-by: Patrick Steuer <psteuer@mail.de>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
(cherry picked from commit
34657a8da2ead453460d668771984432cc767044)
Tomas Mraz [Thu, 11 May 2017 12:25:17 +0000 (14:25 +0200)]
Fix regression in openssl req -x509 behaviour.
Allow conversion of existing requests to certificates again.
Fixes the issue #3396
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3437)
(cherry picked from commit
888adbe064556ff5ab2f1d16a223b0548696614c)
Pauli [Thu, 11 May 2017 00:45:38 +0000 (10:45 +1000)]
Remove dead code.
The second BN_is_zero test can never be true.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3434)
(cherry picked from commit
3f97052392cb10fca5309212bf720685262ad4a6)
Rich Salz [Tue, 9 May 2017 17:27:30 +0000 (13:27 -0400)]
Ignore MSVC warnings (via Gisle Vanem)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3420)
(cherry picked from commit
05004f366ecd6b4fcc968739648be9b7fd87df3f)
Matt Caswell [Wed, 10 May 2017 09:54:18 +0000 (10:54 +0100)]
Add a test for SNI in conjunction with custom extensions
Test that custom extensions still work even after a change in SSL_CTX due
to SNI. See #2180.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3426)
Matt Caswell [Wed, 10 May 2017 10:28:53 +0000 (11:28 +0100)]
Copy custom extension flags in a call to SSL_set_SSL_CTX()
The function SSL_set_SSL_CTX() can be used to swap the SSL_CTX used for
a connection as part of an SNI callback. One result of this is that the
s->cert structure is replaced. However this structure contains information
about any custom extensions that have been loaded. In particular flags are
set indicating whether a particular extension has been received in the
ClientHello. By replacing the s->cert structure we lose the custom
extension flag values, and it appears as if a client has not sent those
extensions.
SSL_set_SSL_CTX() should copy any flags for custom extensions that appear
in both the old and the new cert structure.
Fixes #2180
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3426)
Richard Levitte [Wed, 10 May 2017 10:58:36 +0000 (12:58 +0200)]
Prefer TAP::Harness over Test::Harness
TAP:Harness came along in perl 5.10.1, and since we claim to support
perl 5.10.0 in configuration and testing, we can only load it
conditionally.
The main reason to use TAP::Harness rather than Test::Harness is its
capability to merge stdout and stderr output from the test recipes,
which Test::Harness can't. The merge gives much more comprehensible
output when testing verbosely.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3424)
(cherry picked from commit
76e0d0b21cc4e8a879d54f4d78a392826dadb1d1)
Matt Caswell [Mon, 8 May 2017 08:32:58 +0000 (09:32 +0100)]
Remove support for OPENSSL_SSL_TRACE_CRYPTO
This trace option does not appear in Configure as a separate option and is
undocumented. It can be switched on using "-DOPENSSL_SSL_TRACE_CRYPTO",
however this does not compile in master or in any 1.1.0 released version.
(cherry picked from commit
eee2750bd3d25265bb44d029877434d2cc80970c)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3413)
Meena Vyas [Mon, 8 May 2017 13:23:01 +0000 (23:23 +1000)]
Added a new Makefile in demos/evp directory
Fixed compilation warning in file aesgcm.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3406)
(cherry picked from commit
d396da33130aba2e77478d00fd369eb8d34bd8bf)
Andy Polyakov [Tue, 2 May 2017 08:50:58 +0000 (10:50 +0200)]
sha/sha512.c: fix formatting.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
ce1932f25f784bc5df3505c5de8b6b53436202a3)
Andy Polyakov [Thu, 4 May 2017 13:54:29 +0000 (15:54 +0200)]
perlasm/x86_64-xlate.pl: work around problem with hex constants in masm.
Perl, multiple versions, for some reason occasionally takes issue with
letter b[?] in ox([0-9a-f]+) regex. As result some constants, such as
0xb1 came out wrong when generating code for MASM. Fixes GH#3241.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3385)
(cherry picked from commit
c47aea8af1e28e46e1ad5e2e7468b49fec3f4f29)
Rich Salz [Thu, 4 May 2017 16:45:15 +0000 (12:45 -0400)]
Fix pathname errors in errcode file
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3388)
(cherry picked from commit
1d3235f85c4b0e51b6baf7d8b89089c6c77f6928)
Matt Caswell [Thu, 4 May 2017 11:51:18 +0000 (12:51 +0100)]
Don't leave stale errors on queue if DSO_dsobyaddr() fails
The init code uses DSO_dsobyaddr() to leak a reference to ourselves to
ensure we remain loaded until atexit() time. In some circumstances that
can fail and leave stale errors on the error queue.
Fixes #3372
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3383)
(cherry picked from commit
689f112d9806fa4a0c2f8c108226639455bc770d)
Rich Salz [Tue, 2 May 2017 16:22:26 +0000 (12:22 -0400)]
Convert uses of snprintf to BIO_snprintf
Fixes #2360
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3366)
(cherry picked from commit
c41048ffe359ae18cb9c8f840ca970e367d97c37)
Matt Caswell [Tue, 2 May 2017 12:47:31 +0000 (13:47 +0100)]
Fix some error path logic in i2v_AUTHORITY_INFO_ACCESS and i2v_GENERAL_NAME
Fixes #1653 reported by Guido Vranken
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3362)
(cherry picked from commit
75a3e39288feeeefde5ed1f96ff9faeba0d2b233)
Rich Salz [Tue, 2 May 2017 14:53:10 +0000 (10:53 -0400)]
Fix URL links in comment
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3365)
(cherry picked from commit
dea0eb2c5452cd4c2160a64a6868e79efeca6e9d)
Todd Short [Thu, 16 Feb 2017 21:08:02 +0000 (16:08 -0500)]
Fix time offset calculation.
ASN1_GENERALIZEDTIME and ASN1_UTCTIME may be specified using offsets,
even though that's not supported within certificates.
To convert the offset time back to GMT, the offsets are supposed to be
subtracted, not added. e.g. 1759-0500 == 2359+0100 == 2259Z.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3335)
Andy Polyakov [Fri, 28 Apr 2017 08:06:35 +0000 (10:06 +0200)]
asn1/a_int.c: fix "next negative minimum" corner case in c2i_ibuf.
"Next" refers to negative minimum "next" to one presentable by given
number of bytes. For example, -128 is negative minimum presentable by
one byte, and -256 is "next" one.
Thanks to Kazuki Yamaguchi for report, GH#3339
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
1e93d619b78832834ae32f5c0c1b0e466267f72d)
Rich Salz [Fri, 28 Apr 2017 18:14:59 +0000 (14:14 -0400)]
Check fflush on BIO_ctrl call
Bug found and fix suggested by Julian RĂ¼th.
Push error if fflush fails
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3266)
(cherry picked from commit
595b2a42375427a254ad5a8c85870efea839a9b9)
Rich Salz [Fri, 28 Apr 2017 14:00:09 +0000 (10:00 -0400)]
Ensure blank lines between tests.
Also add a comment describing the file format.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3337)
(cherry picked from commit
9a837f220ad1320c51ad2b57b2466fbe28670a45)
Richard Levitte [Fri, 28 Apr 2017 07:20:05 +0000 (09:20 +0200)]
TLSProxy: When in debug mode, show the exact subprocess commands
When you want to debug a test that goes wrong, it's useful to know
exactly what subprocess commands are run.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3342)
(cherry picked from commit
46d5e2b42e00ec392bf3326743519bc25136db09)
Rich Salz [Thu, 27 Apr 2017 15:38:17 +0000 (11:38 -0400)]
Remove (broken) diagnostic print
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3336)
(cherry picked from commit
f2150cd74f45d49545d0787725f99723642b7c2c)
Bernd Edlinger [Wed, 26 Apr 2017 07:59:18 +0000 (09:59 +0200)]
Remove unnecessary loop in pkey_rsa_decrypt.
It is not necessary to remove leading zeros here because
RSA_padding_check_PKCS1_OAEP_mgf1 appends them again. As this was not done
in constant time, this might have leaked timing information.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3313)
(cherry picked from commit
237bc6c997e42295eeb32c8c1c709e6e6042b839)
Rob Percival [Tue, 4 Apr 2017 22:24:28 +0000 (23:24 +0100)]
CT_POLICY_EVAL_CTX_set_time expects milliseconds, but given seconds
This resulted in the SCT timestamp check always failing, because the
timestamp appeared to be in the future.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3260)
Rob Percival [Thu, 6 Apr 2017 12:21:27 +0000 (13:21 +0100)]
Add SSL tests for certificates with embedded SCTs
The only SSL tests prior to this tested using certificates with no
embedded Signed Certificate Timestamps (SCTs), which meant they couldn't
confirm whether Certificate Transparency checks in "strict" mode were
working.
These tests reveal a bug in the validation of SCT timestamps, which is
fixed by the next commit.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3260)
Dr. Stephen Henson [Thu, 16 Feb 2017 15:27:49 +0000 (15:27 +0000)]
Add and use function test_pem to work out test filenames.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3260)
Andy Polyakov [Sat, 15 Apr 2017 13:53:50 +0000 (15:53 +0200)]
asn1/a_int.c: clean up asn1_get_int64.
Trouble was that integer negation wasn't producing *formally* correct
result in platform-neutral sense. Formally correct thing to do is
-(int64_t)u, but this triggers undefined behaviour for one value that
would still be representable in ASN.1. The trigger was masked with
(int64_t)(0-u), but this is formally inappropriate for values other
than the problematic one. [Also reorder branches to favour most-likely
paths and harmonize asn1_string_set_int64 with asn1_get_int64].]
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3231)
(cherry picked from commit
786b6a45fbecc068d0fb8b05252a9228e0661c63)
Andy Polyakov [Tue, 11 Apr 2017 22:05:26 +0000 (00:05 +0200)]
asn1/a_int.c: don't write result if returning error.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3192)
(cherry picked from commit
b997adb3a518b065240e70acf38ec5f77a937f53)
Andy Polyakov [Tue, 11 Apr 2017 22:03:35 +0000 (00:03 +0200)]
asn1/a_int.c: simplify asn1_put_uint64.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3192)
(cherry picked from commit
6d4321fc242829490e1e7a36358eb12874c9b9e0)
Andy Polyakov [Tue, 11 Apr 2017 21:15:55 +0000 (23:15 +0200)]
asn1/a_int.c: remove code duplicate and optimize branches,
i.e. reduce amount of branches and favour likely ones.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3192)
(cherry picked from commit
a3ea6bf0ef703b38a656245931979c7e53c410b7)
Matt Caswell [Mon, 24 Apr 2017 10:45:42 +0000 (11:45 +0100)]
Fix some variable references in init_client
We were incorrectly using "res" when we meant "ai"
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3287)
Matt Caswell [Fri, 21 Apr 2017 15:56:06 +0000 (16:56 +0100)]
Fix problem with SCTP close_notify alerts
In SCTP the code was only allowing a send of a close_notify alert if the
socket is dry. If the socket isn't dry then it was attempting to save away
the close_notify alert to resend later when it is dry and then it returned
success. However because the application then thinks that the close_notify
alert has been successfully sent it never re-enters the DTLS code to
actually resend the alert. A much simpler solution is to just fail with a
retryable error in the event that the socket isn't dry. That way the
application knows to retry sending the close_notify alert.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3287)
Matt Caswell [Fri, 21 Apr 2017 13:00:20 +0000 (14:00 +0100)]
Don't attempt to send fragments > max_send_fragment in DTLS
We were allocating the write buffer based on the size of max_send_fragment,
but ignoring it when writing data. We should fragment handshake messages
if they exceed max_send_fragment and reject application data writes that
are too large.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3287)
Matt Caswell [Thu, 20 Apr 2017 14:13:28 +0000 (15:13 +0100)]
Remove special case code for SCTP reneg handling
There was code existing which attempted to handle the case where application
data is received after a reneg handshake has started in SCTP. In normal DTLS
we just fail the connection if this occurs, so there doesn't seem any reason
to try and work around it for SCTP. In practice it didn't work properly
anyway and is probably a bad idea to start with.
Fixes #3251
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3287)