- Nov 10, 2017
-
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Nov 09, 2017
-
-
Matt Caswell authored
We were using OPENSSL_strdup() unnecessarily and then failing to free it. There is no reason to use OPENSSL_strdup() in this scenario - so just remove it. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4699)
-
- Nov 08, 2017
-
-
Andy Polyakov authored
HP-UX make doesn't recognize $< in explict target rules, only in inference ones such as .c.o. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4697)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4703)
-
Rich Salz authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4702)
-
- Nov 07, 2017
-
-
FdaSilvaYY authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4457)
-
FdaSilvaYY authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4457)
-
Richard Levitte authored
'rsa', 'sha' and 'tlsext' can't be disabled, not even as a consequence of other conditions, so having cascading disables that depend on them is futile. Clean up! Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4693)
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4692)
-
Matt Caswell authored
If SSL_read() is called with a zero length buffer, and we read a zero length record then we should mark that record as read. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4685)
-
Matt Caswell authored
Normally TLSProxy waits for the s_server process to finish before continuing. However in cases where serverconnects > 1 we need to keep the s_server process around for a later test so we continue immediately. This means that TAP test output can end up being printed to stdout at the same time as s_server is printing stuff. This confuses the test runner and can cause spurious test failures. This commit introduces a small delay in cases where serverconnects > 1 in order to give s_server enough time to finish what it was doing before we continue to the next test. Fixes #4129 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4660)
-
Matt Caswell authored
There were 4 macros in ocsp.h that have not worked since 1.1.0 because they attempt to access the internals of an opaque structure. For OCSP_REQUEST_sign() applications should use OCSP_request_sign() instead. For OCSP_BASICRESP_sign() applications should use OCSP_basic_sign() instead. For OCSP_REQUEST_verify() applications should use OCSP_request_verify() instead. For OCSP_BASICRESP_verify() applications should use OCSP_basic_verify() instead. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4635)
-
- Nov 06, 2017
-
-
Pauli authored
The Chinese cryptographic operations should appear in the disabled list if they are disabled. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4678)
-
- Nov 05, 2017
-
-
Ronald Tse authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4616)
-
Jack Lloyd authored
SM3 is a secure hash function which is part of the Chinese "Commercial Cryptography" suite of algorithms which use is required for certain commercial applications in China. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4616)
-
FdaSilvaYY authored
Based on patch from Tomasz Moń: https://groups.google.com/forum/#!topic/mailing.openssl.dev/fQxXvCg1uQY Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/1008)
-
Andy Polyakov authored
It's not clear if it's a feature or bug, but binutils-2.29[.1] interprets 'adr' instruction with Thumb2 code reference differently, in a way that affects calculation of addresses of constants' tables. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4669)
-
- Nov 03, 2017
-
-
Benjamin Kaduk authored
Do not try to fuzz-test structures/routines that are compiled out of the library due to library configuration. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4664)
-
Pavel Kopyl authored
CLA: trivial Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4600)
-
Pavel Kopyl authored
CLA: trivial Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4600)
-
Pavel Kopyl authored
CLA: trivial Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4600)
-
Kurt Roeckx authored
Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #4653
-
Kurt Roeckx authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #4648
-
Kurt Roeckx authored
b2 being negative is ignored Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #4648
-
Kurt Roeckx authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #4648
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4652)
-
- Nov 02, 2017
-
-
Matt Caswell authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Credit to OSS-Fuzz for finding this. CVE-2017-3736 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
In OpenSSL pre 1.1.0, 'openssl x509 -CAkeyformat engine' was possible and supported. In 1.1.0, a small typo ('F' instead of 'f') removed that possibility. This restores the pre 1.1.0 behavior. Fixes #4366 Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4643)
-
- Nov 01, 2017
-
-
Pauli authored
information about the length of the scalar used in ECDSA operations from a large number (2^32) of signatures. This doesn't rate as a CVE because: * For the non-constant time code, there are easier ways to extract more information. * For the constant time code, it requires a significant number of signatures to leak a small amount of information. Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4576)
-
Pauli authored
information about the length of a value used in DSA operations from a large number of signatures. This doesn't rate as a CVE because: * For the non-constant time code, there are easier ways to extract more information. * For the constant time code, it requires a significant number of signatures to leak a small amount of information. Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4576)
-
- Oct 31, 2017
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4637)
-
Richard Levitte authored
It turns out that (some?) fuzzers can read a dictionary of OIDs, so we generate one as part of the usual 'make update'. Fixes #4615 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4637)
-
Ronald Tse authored
* ARIA, SEED, Camellia * AES-XTS, OCB, CTR * Key wrap for 3DES, AES * RC4-MD5 AD * CFB modes with 1-bit and 8-bit shifts Split EVP_EncryptInit cipher list to individual man pages. Consolidate cipher bit-lengths in EVP_EncryptInit cipher list. Clarify Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4564)
-
Ronald Tse authored
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4628)
-
Richard Levitte authored
Missing names slipped through Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4629)
-
Dr. Matthias St. Pierre authored
A block of six TEST_int_xy() macro definitions was duplicated. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4624)
-
Baptiste Jonglez authored
The check should reject kernel versions < 4.1.0, not <= 4.1.0. The issue was spotted on OpenSUSE 42.1 Leap, since its linux/version.h header advertises 4.1.0. CLA: trivial Fixes: 7f458a48 ("ALG: Add AFALG engine") Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4617)
-