- Feb 17, 2019
-
-
David Benjamin authored
The add/double shortcut in ecp_nistz256-x86_64.pl left one instruction point that did not unwind, and the "slow" path in AES_cbc_encrypt was not annotated correctly. For the latter, add .cfi_{remember,restore}_state support to perlasm. Next, fill in a bunch of functions that are missing no-op .cfi_startproc and .cfi_endproc blocks. libunwind cannot unwind those stack frames otherwise. Finally, work around a bug in libunwind by not encoding rflags. (rflags isn't a callee-saved register, so there's not much need to annotate it anyway.) These were found as part of ABI testing work in BoringSSL. Reviewed-by:Richard Levitte <levitte@openssl.org> GH: #8109 (cherry picked from commit c0e8e500)
-
- Feb 13, 2019
-
-
Daniel DeFreez authored
CLA: trivial Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by:
Paul Yang <yang.yang@baishancloud.com> Reviewed-by:
-
Andy Polyakov authored
ARMv8.3 adds pointer authentication extension, which in this case allows to ensure that, when offloaded to stack, return address is same at return as at entry to the subroutine. The new instructions are nops on processors that don't implement the extension, so that the vetification is backward compatible. Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
- Feb 11, 2019
-
-
Tomas Mraz authored
If the old openssl versions not supporting the .include directive load a config file with it, they will bail out with error. This change allows using the .include = <filename> syntax which is interpreted as variable assignment by the old openssl config file parser. Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
-
- Feb 10, 2019
-
-
Daniel DeFreez authored
CLA: Trivial Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8183) (cherry picked from commit 758229f7)
-
- Feb 08, 2019
-
-
Todd Short authored
o2i_ECPublicKey() requires an EC_KEY structure filled with an EC_GROUP. o2i_ECPublicKey() is called by d2i_PublicKey(). In order to fulfill the o2i_ECPublicKey()'s requirement, d2i_PublicKey() needs to be called with an EVP_PKEY with an EC_KEY containing an EC_GROUP. However, the call to EVP_PKEY_set_type() frees any existing key structure inside the EVP_PKEY, thus freeing the EC_KEY with the EC_GROUP that o2i_ECPublicKey() needs. This means you can't d2i_PublicKey() for an EC key... The fix is to check to see if the type is already set appropriately, and if so, not call EVP_PKEY_set_type(). Reviewed-by:
-
- Feb 05, 2019
-
-
Sam Roberts authored
Trim trailing whitespace. It doesn't match OpenSSL coding standards, AFAICT, and it can cause problems with git tooling. Trailing whitespace remains in test data and external source. Backport-of: https://github.com/openssl/openssl/pull/8092 Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by:
-
- Jan 31, 2019
-
-
Bernd Edlinger authored
If the second PUBKEY is malformed there is use after free. Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Additionally avoid undefined behavior with in-place memcpy in X509_CRL_digest. Fixes #8099 Reviewed-by:
-
- Jan 29, 2019
-
-
Matt Caswell authored
If the call the ERR_set_error_data() in ERR_add_error_vdata() fails then a mem leak can occur. This commit checks that we successfully added the error data, and if not frees the buffer. Fixes #8085 Reviewed-by:
-
- Jan 27, 2019
-
-
David Asraf authored
When the ret parameter is NULL the generated prime is in rnd variable and not in ret. CLA: trivial Reviewed-by:
Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by:
-
- Jan 24, 2019
-
-
Klotz, Tobias authored
Reviewed-by:
-
- Jan 21, 2019
-
-
Bernd Edlinger authored
If this fails try out if mfspr268 works. Use OPENSSL_ppccap=0x20 for enabling mftb, OPENSSL_ppccap=0x40 for enabling mfspr268, and OPENSSL_ppccap=0 for enabling neither. Fixes #8012 Reviewed-by:
-
Corey Minyard authored
If you use a BIO and set up your own buffer that is not freed, the memory bio will leak the BIO_BUF_MEM object it allocates. The trouble is that the BIO_BUF_MEM is allocated and kept around, but it is not freed if BIO_NOCLOSE is set. The freeing of BIO_BUF_MEM was fairly confusing, simplify things so mem_buf_free only frees the memory buffer and free the BIO_BUF_MEM in mem_free(), where it should be done. Alse add a test for a leak in the memory bio Setting a memory buffer caused a leak. Signed-off-by:
Corey Minyard <minyard@acm.org> Reviewed-by:
-
- Jan 16, 2019
-
-
David Benjamin authored
The RSAZ code requires the input be fully-reduced. To be consistent with the other codepaths, move the BN_nnmod logic before the RSAZ check. This fixes an oft-reported fuzzer bug. https://github.com/google/oss-fuzz/issues/1761 Reviewed-by:
-
Richard Levitte authored
Having a weak getauxval() and only depending on GNU C without looking at the library we build against meant that it got picked up where not really expected. So we change this to check for the glibc version, and since we know it exists from that version, there's no real need to make it weak. Reviewed-by:
-
Richard Levitte authored
It turns out that AT_SECURE may be defined through other means than our inclusion of sys/auxv.h, so to be on the safe side, we define our own guard and use that to determine if getauxval() should be used or not. Fixes #7932 Reviewed-by:
-
- Jan 15, 2019
-
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Spotted by OSTIF audit Reviewed-by:
-
- Jan 07, 2019
-
-
Viktor Dukhovni authored
1. In addition to overriding the default application name, one can now also override the configuration file name and flags passed to CONF_modules_load_file(). 2. By default we still keep going when configuration file processing fails. But, applications that want to be strict about initialization errors can now make explicit flag choices via non-null OPENSSL_INIT_SETTINGS that omit the CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far been both undocumented and unused). 3. In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG if the options already include OPENSSL_INIT_NO_LOAD_CONFIG. 4. Don't set up atexit() handlers when called with opts equal to OPENSSL_INIT_BASE_ONLY (this flag should only be used alone). Reviewed-by: -
Viktor Dukhovni authored
Some Travis builds appear to fail because generated objects get 2019 copyrights now, and the diff complains. Reviewed-by:
-
- Jan 04, 2019
-
-
Matt Caswell authored
This enables cleanup to happen on DLL unload instead of at process exit. [extended tests] Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7983)
-
Matt Caswell authored
This option prevents OpenSSL from pinning itself in memory. Fixes #7598 [extended tests] Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
We have a number of instances where there are multiple "init" functions for a single CRYPTO_ONCE variable, e.g. to load config automatically or to not load config automatically. Unfortunately the RUN_ONCE mechanism was not correctly giving the right return value where an alternative init function was being used. Reviewed-by:
-
- Jan 03, 2019
-
-
Matt Caswell authored
Reviewed-by:
-
- Dec 31, 2018
-
-
Bernd Edlinger authored
Reviewed-by:
-
- Dec 23, 2018
-
-
Jung-uk Kim authored
FreeBSD does not enable cryptodev(4) by default. OpenBSD disabled support for /dev/crypto by default from 4.9 and removed it from 5.7. Now the engine is properly enabled by default on BSD platforms (see #7885), it continuously complains: Could not open /dev/crypto: No such file or directory Hide the nagging error message behind ENGINE_DEVCRYPTO_DEBUG. CLA: trivial Reviewed-by:
-
- Dec 22, 2018
-
-
Shreya Bhandare authored
CLA: trivial Function EVP_PKEY_size has been modified to take a const parameter Reviewed-by:
-
FdaSilvaYY authored
Call to i2d method returns an int value. Fix: CID 1338183 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS) CID 1371691 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS) CID 1371692 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS) [extended tests] Reviewed-by:
-
- Dec 20, 2018
-
-
Ken Goldman authored
The check_key_level() function currently fails when the public key cannot be extracted from the certificate because its algorithm is not supported. However, the public key is not needed for the last certificate in the chain. This change moves the check for level 0 before the check for a non-NULL public key. For background, this is the TPM 1.2 endorsement key certificate. I.e., this is a real application with millions of certificates issued. The key is an RSA-2048 key. The TCG (for a while) specified Public Key Algorithm: rsaesOaep rather than the commonly used Public Key Algorithm: rsaEncryption because the key is an encryption key rather than a signing key. The X509 certificate parser fails to get the public key. Reviewed-by:Viktor Dukhovni <viktor@openssl.org> Reviewed-by:
-
- Dec 14, 2018
-
-
Richard Levitte authored
It turns out that intialization may change the error number, so we need to preserve the system error number in functions where initialization is called for. These are ERR_get_state() and err_shelve_state() Fixes #7897 Reviewed-by:
-
- Dec 13, 2018
-
-
Mansour Ahmadi authored
Fixes #7657 Reviewed-by:
-
Mansour Ahmadi authored
Fixes #7650 Reviewed-by:
-
Mansour Ahmadi authored
Fixes #7117 Reviewed-by:
-
- Dec 11, 2018
-
-
Matt Caswell authored
Check that s is less than the order before attempting to verify the signature as per RFC8032 5.2.7 Fixes #7706 Reviewed-by:
-
- Dec 10, 2018
-
-
Eneas U de Queiroz authored
Digest must be able to do partial-state copy to be used. Signed-off-by:
Eneas U de Queiroz <cote2004-github@yahoo.com> Reviewed-by:
-
Eneas U de Queiroz authored
Make CTR mode behave like a stream cipher. Signed-off-by:
-
Eneas U de Queiroz authored
The engine needs a custom cipher context copy function to open a new /dev/crypto session. Signed-off-by:
-
