- Jun 24, 2019
-
-
Pauli authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9255)
-
Pauli authored
This feature is enabled by default outside of FIPS builds which ban such actions completely. Encryption is always disallowed and will generate an error. Reviewed-by:
Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9112) (cherry picked from commit 2c840201e57e27fa9f1b26a970270a91813e32fe)
-
- Jun 21, 2019
-
-
Bernd Edlinger authored
This is a bit annoying, if for instance "openssl genrsa -aes128" tries to read a 4+ character size password, but CTRL-C does no longer work after a RETURN key, since the flag UI_FLAG_REDOABLE is set by UI_set_result_ex, together with the error "You must type in 4 to 1023 characters". Thus remove the REDOABLE flag to allow CTRL-C to work. [extended tests] Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9170) (cherry picked from commit f8922b5107d098c78f846c8c999f96111345de8d)
-
- Jun 19, 2019
-
-
Rebecca Cran authored
CLA: trivial Reviewed-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
-
Tomas Mraz authored
The BIO_FLAGS_NONCLEAR_RST flag behavior was not properly documented and it also caused the length to be incorrectly set after the reset operation. Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by:
-
- Jun 18, 2019
-
-
Bernd Edlinger authored
When bufsize == 0, openssl_strerror_r should return 0 (if _GNU_SOURCE is defined), to be consistent with non-_GNU_SOURCE variants, which exhibit the same behavior. Fix a few cases, where the return value of openssl_strerror_r was ignored. Reviewed-by:
-
Rebecca Cran authored
This avoids the case where a UEFI build on FreeBSD tries to call the system issetugid function instead of returning 0 as it should do. CLA: trivial Reviewed-by:
-
- Jun 11, 2019
-
-
Matt Caswell authored
When compiling with --strict-warnings using gcc 7.4.0 the compiler complains that a case falls through, even though there is an explicit comment stating this. Moving the comment outside of the conditional compilation section resolves this. Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9123) (cherry picked from commit e98e586b31386af2b2212729da85561a207e7af3)
-
- Jun 10, 2019
-
-
Tomas Mraz authored
The lookup for ::1 with getaddrinfo() might return error even if the ::1 would work if AI_ADDRCONFIG flag is used. Fixes: #9053 Reviewed-by:
-
- Jun 09, 2019
-
-
Dr. Matthias St. Pierre authored
The DEVRANDOM_WAIT feature added a select() call to wait for the `/dev/random` device to become readable before reading from the `/dev/urandom` device. It was introduced in commit 38023b87f037 in order to mitigate the fact that the `/dev/urandom` device does not block until the initial seeding of the kernel CSPRNG has completed, contrary to the behaviour of the `getrandom()` system call. It turned out that this change had negative side effects on performance which were not acceptable. After some discussion it was decided to revert this feature and leave it up to the OS resp. the platform maintainer to ensure a proper initialization during early boot time. Fixes #9078 This partially reverts commit 38023b87f037. Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> (cherry picked from commit a08714e18131b1998faa0113e5bd4024044654ac) (Merged from https://github.com/openssl/openssl/pull/9118)
-
- Jun 07, 2019
-
-
Acheev Bhagat authored
Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9101) (cherry picked from commit bab6046146c4fc8f088c1aaca11598ede7609c04)
-
- Jun 04, 2019
-
-
Vitezslav Cizek authored
The 4 kB SPACE_SYS_STR_REASONS in crypto/err/err.c isn't enough for some locales. The Russian locales consume 6856 bytes, Ukrainian even 7000. build_SYS_str_reasons() contains an overflow check: if (cnt > sizeof(strerror_pool)) cnt = sizeof(strerror_pool); But since commit 9f15e5b911ba6053e09578f190354568e01c07d7 it no longer works as cnt is incremented once more after the condition. cnt greater than sizeof(strerror_pool) results in an unbounded OPENSSL_strlcpy() in openssl_strerror_r(), eventually causing a crash. When the first received error string was empty or contained only spaces, cur would move in front of the start of the strerror_pool. Also don't call openssl_strerror_r when the pool is full. Reviewed-by:
-
- Jun 03, 2019
-
-
Shane Lontis authored
Fixes #8923 Found using the openssl cms -resign option. This uses an alternate path to do the signing which was not adding the required signed attribute content type. The content type attribute should always exist since it is required is there are any signed attributes. As the signing time attribute is always added in code, the content type attribute is also required. The CMS_si_check_attributes() method adds validity checks for signed and unsigned attributes e.g. The message digest attribute is a signed attribute that must exist if any signed attributes exist, it cannot be an unsigned attribute and there must only be one instance containing a single value. Reviewed-by:
-
- May 31, 2019
-
-
David Benjamin authored
Reviewed-by:
Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by:
-
Retropotenza authored
CLA: trivial Fixes #8911 Reviewed-by:
-
- May 30, 2019
-
-
Pauli authored
Reviewed-by:
-
- May 29, 2019
-
-
Dr. Matthias St. Pierre authored
openssl_config_int() returns the uninitialized variable `ret` when compiled with OPENSSL_SYS_UEFI. Fixes #9026 Reviewed-by:
-
- May 28, 2019
-
-
Tomas Mraz authored
The #7408 implemented mandatory digest checking in TLS. However this broke compatibility of DSS support with GnuTLS which supports only SHA1 with DSS. There is no reason why SHA256 would be a mandatory digest for DSA as other digests in SHA family can be used as well. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
- May 26, 2019
-
-
FdaSilvaYY authored
Add a few coverage test case. Fixes #8949 [extended tests] Reviewed-by:
-
- May 24, 2019
-
-
voev authored
CLA: trivial Reviewed-by:
Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/8979)
-
agnosticdev authored
Reviewed-by:
-
- May 22, 2019
-
-
Patrick Steuer authored
Fixes #7323 Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
-
Patrick Steuer authored
Fixes #8957 Signed-off-by:
-
Patrick Steuer authored
67c81ec311 forgot about s390x Signed-off-by:
-
- May 21, 2019
-
-
Kurt Roeckx authored
Fixes: #8737 Reviewed-by:
-
Matt Caswell authored
This reverts commit dcb982d792d6064ed3493e79749208d8c257ff04. This change is causing extended tests to fail. [extended tests] Reviewed-by:
-
- May 09, 2019
-
-
Rashmica Gupta authored
CLA: trivial Reviewed-by:
-
- May 08, 2019
-
-
Tobias Nießen authored
This change allows to pass the authentication tag after specifying the AAD in CCM mode. This is already true for the other two supported AEAD modes (GCM and OCB) and it seems appropriate to match the behavior. GCM and OCB also support to set the tag at any point before the call to `EVP_*Final`, but this won't work for CCM due to a restriction imposed by section 2.6 of RFC3610: The tag must be set before actually decrypting data. This commit also adds a test case for setting the tag after supplying plaintext length and AAD. Reviewed-by:
-
- May 07, 2019
-
-
Matt Caswell authored
Fixes #8875 Reviewed-by:
-
- Apr 25, 2019
-
-
Guido Vranken authored
Return error if the output tag buffer size doesn't match the tag size exactly. This prevents the caller from using that portion of the tag buffer that remains uninitialized after an otherwise succesfull call to CRYPTO_ccm128_tag. Bug found by OSS-Fuzz. Fix suggested by Kurt Roeckx. Signed-off-by:
Guido Vranken <guidovranken@gmail.com> Reviewed-by:
-
- Apr 16, 2019
-
-
Tomas Mraz authored
Reviewed-by:
-
Tomas Mraz authored
Reviewed-by:
-
- Apr 14, 2019
-
-
Bernd Edlinger authored
This happens in ec_key_simple_check_key and EC_GROUP_check. Since the the group order is not a secret scalar, it is unnecessary to use coordinate blinding. Fixes: #8731 Reviewed-by:
-
- Apr 10, 2019
-
-
Shane Lontis authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Richard Levitte authored
Even with custome ciphers, the combination in == NULL && inl == 0 should not be passed down to the backend cipher function. The reason is that these are the values passed by EVP_*Final, and some of the backend cipher functions do check for these to see if a "final" call is made. Fixes #8675 Reviewed-by:
-
Richard Levitte authored
'no-dso' is meaningless, as it doesn't get any macro defined. Therefore, we remove all checks of OPENSSL_NO_DSO. However, there may be some odd platforms with no DSO scheme. For those, we generate the internal macro DSO_NONE aand use it. Reviewed-by:
-
- Apr 09, 2019
-
-
Matt Caswell authored
If using a custom X509_LOOKUP_METHOD then calls to X509_STORE_CTX_get_by_subject may crash due to an incorrectly initialised X509_OBJECT being passed to the callback get_by_subject function. Fixes #8673 Reviewed-by:
-
