- Mar 28, 2018
-
-
Patrick Steuer authored
Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5250)
-
Patrick Steuer authored
Signed-off-by:
-
Patrick Steuer authored
Signed-off-by:
-
Matt Caswell authored
This commit removes the contribution of a user that we cannot trace to gain their consent for the licence change. After this commit the various IS_*() macros in the auto-generated file conf_def.h may incorrectly return true if the supplied character has its most significant bit set. The IS_*() macros should be able to correctly handle 8-bit characters. Note that UTF-8 support is not a requirement. Reviewed-by:
-
- Mar 27, 2018
-
-
Rich Salz authored
Based on the description in https://github.com/openssl/openssl/pull/5757 , this re-implements the "allow NULL to be passed" behavior of a number of xxx_free routines. I also fixed up some egregious formatting errors that were nearby. Reviewed-by:
-
Miroslav Suk authored
ts/ts_rsp_sign.c: change to OPENSSL_gmtime. Reviewed-by:
-
Andy Polyakov authored
Apparently applications rely on RAND_load_file's ability to work with non-regular files, customarily with /dev/urandom, so that the ban was not exactly appropriate. Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5737)
-
Matt Caswell authored
This removes some code because we cannot trace the original contributor to get their agreement for the licence change (original commit e03ddfae ). After this change there will be numerous failures in the test cases until someone rewrites the missing code. All *_free functions should accept a NULL parameter. After this change the following *_free functions will fail if a NULL parameter is passed: BIO_ACCEPT_free() BIO_CONNECT_free() BN_BLINDING_free() BN_CTX_free() BN_MONT_CTX_free() BN_RECP_CTX_free() BUF_MEM_free() COMP_CTX_free() ERR_STATE_free() TXT_DB_free() X509_STORE_free() ssl3_free() ssl_cert_free() SSL_SESSION_free() SSL_free() [skip ci] Reviewed-by:
-
Matt Caswell authored
If we don't have OID data for an object then we should fail if we are asked to encode the ASN.1 for that OID. Fixes #5723 Reviewed-by:
-
Andy Polyakov authored
Comparison was effectively reduced to least significant bits. CVE-2018-0733 Reviewed-by:Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Constructed types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. Therefore we limit the stack depth. CVE-2018-0739 Credit to OSSFuzz for finding this issue. Reviewed-by:
-
- Mar 23, 2018
-
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
The macros resulting from the dso_scheme attribute were defined for libraries only, but there's a test program that uses the macros as well. The easier way is to move the handling of this macro to crypto/include/internal/dso_conf.h and having the modules that need it include it. Reviewed-by:
-
- Mar 22, 2018
-
-
Andy Polyakov authored
Some platforms, cough-DJGPP, fail to compile claiming that requested alignment is greater than maximum possible. Supposedly original alignment was result of an attempt to utilize AVX2... Reviewed-by:
-
Andy Polyakov authored
In other words no-sock DJGPP build should suppress syslogging. Reviewed-by:
-
Andy Polyakov authored
At earlier point e_os.h was omitted from a number of headers (in order to emphasize OS neutrality), but this affected o_fopen.c, which is not OS-neutral, and contains some DJGPP-specific code. Reviewed-by:
-
- Mar 21, 2018
-
-
Kurt Roeckx authored
Reviewed-by: -
David Benjamin authored
In particular, x and y may be NULL, as used in ecdsa_ossl.c. Make use of this in ecdh_ossl.c as well, to save an otherwise unnecessary temporary. Reviewed-by:
-
Jack Bates authored
Reviewed-by:
-
Andy Polyakov authored
At earlier point e_os.h was omitted from a number of headers (in order to emphasize OS neutrality), but this affected o_fopen.c and randfile.c which are not OS-neutral, and contain some Win32-specific code. Reviewed-by:
-
Matthias Kraft authored
Although it deviates from the actual prototype of DSO_dsobyaddr(), this is now ISO C compliant and gcc -Wpedantic accepts the code. Added DATA segment checking to catch ptrgl virtual addresses. Avoid memleaks with every AIX/dladdr() call. Removed debug-fprintf()s. Added test case for DSO_dsobyaddr(), which will eventually call dladdr(). Removed unecessary AIX ifdefs again. The implementation can only lookup function symbols, no data symbols. Added PIC-flag to aix*-cc build targets. As AIX is missing a dladdr() implementation it is currently uncertain our exit()-handlers can still be called when the application exits. After dlclose() the whole library might have been unloaded already. Signed-off-by:
Matthias Kraft <makr@gmx.eu> Reviewed-by:
-
- Mar 20, 2018
-
-
Matt Caswell authored
Reviewed-by:
-
Richard Levitte authored
Without it, the RAND_POOL typedef is missing Reviewed-by:
-
- Mar 19, 2018
-
-
Todd Short authored
Reviewed-by:
-
Todd Short authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Rich Salz authored
Use shorter names for some defines, so also had to change the .c file that used them. Reviewed-by:
-
Kurt Roeckx authored
Since the public and private DRBG are per thread we don't need one per ssl object anymore. It could also try to get entropy from a DRBG that's really from an other thread because the SSL object moved to an other thread. Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5547)
-
Kurt Roeckx authored
This avoids lock contention. Reviewed-by:
-
Jack Lloyd authored
Without actually using EVP_PKEY_FLAG_AUTOARGLEN Reviewed-by:
-
Jack Lloyd authored
Reviewed-by:
-
Jack Lloyd authored
Reviewed-by:
-
Andy Polyakov authored
Current endianness detection is somewhat opportunistic and can fail in cross-compile scenario. Since we are more likely to cross-compile for little-endian now, adjust the default accordingly. Reviewed-by:
-
Bernd Edlinger authored
Don't pass a pointer to uninitialized processed value for BIO_CB_READ and BIO_CB_WRITE Check the correct cmd code in BIO_callback_ctrl Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
- Mar 17, 2018
-
-
Dr. Matthias St. Pierre authored
- d2i_PKC8PrivateKey -> d2i_PKCS8PrivateKey - bechmark -> benchmark - ciperhsuite -> ciphersuite - EncyptedPreMasterSecret -> EncryptedPreMasterSecret Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Kurt Roeckx authored
There is a requirements of having access to a live entropy source which we can't do with the default callbacks. If you need prediction resistance you need to set up your own callbacks that follow the requirements of NIST SP 800-90C. Reviewed-by: -
Kurt Roeckx authored
Reviewed-by: -
Bernd Edlinger authored
Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5646)
-
