- Jul 17, 2019
-
-
Bernd Edlinger authored
Although in a false-conditional code section gcc-4.8.4 flagged this with a C90 warning :-( include/internal/refcount.h:108:7: error: C++ style comments are not allowed in ISO C90 [-Werror] // under Windows CE we still have old-style Interlocked* functions Reviewed-by:Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9388)
-
Matt Caswell authored
This function was always returning 0. It should return 1 on success. Fixes #9374 Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/9395) (cherry picked from commit 7bc82358ae930cfbd353602bc1fd25bfad107350)
-
- Jul 16, 2019
-
-
Todd Short authored
Also, use define rather than sizeof Reviewed-by:
Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9377) (cherry picked from commit fe9edc9d39c96c965efc4fde12ddf7fa8a852025)
-
Viktor Dukhovni authored
Reviewed-by: -
Pauli authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9390) (cherry picked from commit 3d9b33b5e48d82d098a1f8c37dbf616a0d84621c)
-
- Jul 15, 2019
-
-
Krists Krilovs authored
x509 store's objects cache can get corrupted when using dir lookup method in multithreaded application. Claim x509 store's lock when accessing objects cache. CLA: trivial Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9326) (cherry picked from commit a161738a708b5e284a4714edc0c976606ea7cb26)
-
- Jul 11, 2019
-
-
agnosticdev authored
Reviewed-by:
-
- Jul 08, 2019
-
-
Dmitry Belyavskiy authored
Reviewed-by:
-
John Schember authored
CLA: trivial Reviewed-by:
-
Lei Maohui authored
Modified rev to rev64, because rev only takes integer registers. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90827 Otherwise, the following error will occur. Error: operand 1 must be an integer register -- `rev v31.16b,v31.16b' CLA: trivial Signed-off-by:
Lei Maohui <leimaohui@cn.fujitsu.com> Reviewed-by:
-
- Jul 07, 2019
-
-
Dr. Matthias St. Pierre authored
Reviewed-by:
-
Bernd Edlinger authored
Happens when trying to generate 4 or 5 bit safe primes. [extended tests] Reviewed-by:
-
- Jul 04, 2019
-
-
Tomas Mraz authored
Fixes #9259 Reviewed-by:
-
- Jul 02, 2019
-
-
Martin Peylo authored
If SRCTOP != BLDTOP, and SRCTOP is given in relative form, e.g. "./config ../openssl", then a bug in Perl's abs2rel may trigger that directory- rewriting in __cwd results in wrong entries in %directories under certain circumstances, e.g. when a test executes run(app(["openssl"]) after indir. There should not be any need to go to a higher directory from BLDDIR or SRCDIR, so it should be OK to use them in their absolute form, also resolving all possible symlinks, right from the start. Following the File::Spec::Functions bug description (reported to perl.org): When abs2rel gets a path argument with ..s that are crossing over the ..s trailing the base argument, the result is wrong. Example PATH: /home/goal/test/.. BASE: /home/goal/test/../../base Good result: ../goal Bad result: ../.. Bug verified with File::Spec versions - 3.6301 - 3.74 (latest) Reviewed-by:
-
Bernd Edlinger authored
The member value.ptr is undefined for those ASN1 types. Reviewed-by:
-
Bernd Edlinger authored
BOOLEAN does not have valid data in the value.ptr member, thus don't use it here. Fixes #9276 [extended tests] Reviewed-by:
-
Dr. Matthias St. Pierre authored
Reviewed-by:
Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/9281)
-
Rich Salz authored
This does no harm, and ensures that the inclusion isn't mistakenly removed in the generated *err.h where it's actually needed. Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9281)
-
- Jul 01, 2019
-
-
Matt Caswell authored
The maximum key length for rc5 is 2040 bits so we should not attempt to use keys longer than this. Issue found by OSS-Fuzz and Guido Vranken. Reviewed-by:
-
- Jun 30, 2019
-
-
Antoine Cœur authored
CLA: trivial Reviewed-by:
-
- Jun 27, 2019
-
-
Dr. Matthias St. Pierre authored
The manual pages require for some API functions that the 'random number generator must be seeded' before calling the function. Initially, this was meant literally, i.e. the OpenSSL CSPRNG had to be seeded manually before calling these functions. Since version 1.1.1, the CSPRNG is seeded automatically on first use, so it's not the responsibility of the programmer anymore. Still, he needs to be aware that the seeding might fail. Reviewed-by:
-
Dr. Matthias St. Pierre authored
Reviewed-by:
-
- Jun 24, 2019
-
-
Pauli authored
Reviewed-by:
-
- Jun 26, 2019
-
-
Benjamin Kaduk authored
It was only ever in cert_st because ssl_st was a public structure and could not be modified without breaking the API. However, both structures are now opaque, and thus we can freely change their layout without breaking applications. In this case, keeping the shared sigalgs in the SSL object prevents complications wherein they would inadvertently get cleared during SSL_set_SSL_CTX() (e.g., as run during a cert_cb). Fixes #9099 Reviewed-by:
-
Benjamin Kaduk authored
This reverts commit 524006dd1b80c1a86a20119ad988666a80d8d8f5. While this change did prevent the sigalgs from getting inadvertently clobbered by SSL_set_SSL_CTX(), it also caused the sigalgs to not be set when the cert_cb runs. This, in turn, caused significant breakage, such as SSL_check_chain() failing to find any valid chain. An alternate approach to fixing the issue from #7244 will follow. Reviewed-by:
-
Benjamin Kaduk authored
Augment the cert_cb sslapitest to include a run that uses SSL_check_chain() to inspect the certificate prior to installing it on the SSL object. If the check shows the certificate as not valid in that context, we do not install a certificate at all, so the handshake will fail later on in processing (tls_choose_sigalg()), exposing the indicated regression. Currently it fails, since we have not yet set the shared sigalgs by the time the cert_cb runs. Reviewed-by:
-
- Jun 24, 2019
-
-
Pauli authored
This feature is enabled by default outside of FIPS builds which ban such actions completely. Encryption is always disallowed and will generate an error. Reviewed-by:
-
Pauli authored
Reviewed-by:
-
- Jun 21, 2019
-
-
Bernd Edlinger authored
This is a bit annoying, if for instance "openssl genrsa -aes128" tries to read a 4+ character size password, but CTRL-C does no longer work after a RETURN key, since the flag UI_FLAG_REDOABLE is set by UI_set_result_ex, together with the error "You must type in 4 to 1023 characters". Thus remove the REDOABLE flag to allow CTRL-C to work. [extended tests] Reviewed-by:
-
- Jun 19, 2019
-
-
Miquel Ruiz authored
SSL_shutdown can fail if called during initialization, and in such case, it'll add an error to the error queue. This adds SSL_shutdown to the list of functions that should preceed the call to SSL_get_error. CLA: trivial Reviewed-by:
-
Rebecca Cran authored
CLA: trivial Reviewed-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
-
Tomas Mraz authored
The BIO_FLAGS_NONCLEAR_RST flag behavior was not properly documented and it also caused the length to be incorrectly set after the reset operation. Reviewed-by:
-
Pauli authored
Reviewed-by:
-
- Jun 18, 2019
-
-
Matt Caswell authored
The previous 2 commits moved supported groups and ciphers out of the session object to avoid race conditions. We now also move ecpointformats for consistency. There does not seem to be a race condition with access to this data since it is only ever set in a non-resumption handshake. However, there is no reason for it to be in the session. Reviewed-by:
-
Matt Caswell authored
Similarly to the previous commit we were storing the peer offered list of ciphers in the session. In practice there is no need for this information to be avilable from one resumption to the next since this list is specific to a particular handshake. Since the session object is supposed to be immutable we should not be updating it once we have decided to resume. The solution is to remove the session list out of the session object. Reviewed-by:
-
Matt Caswell authored
In TLSv1.3 the supported groups can be negotiated each time a handshake occurs, regardless of whether we are resuming or not. We should not store the supported groups information in the session because session objects can be shared between multiple threads and we can end up with race conditions. For most users this won't be seen because, by default, we use stateless tickets in TLSv1.3 which don't get shared. However if you use SSL_OP_NO_TICKET (to get stateful tickets in TLSv1.3) then this can happen. The answer is to move the supported the supported group information into the SSL object instead. Reviewed-by:
-
Bernd Edlinger authored
When bufsize == 0, openssl_strerror_r should return 0 (if _GNU_SOURCE is defined), to be consistent with non-_GNU_SOURCE variants, which exhibit the same behavior. Fix a few cases, where the return value of openssl_strerror_r was ignored. Reviewed-by:
-
Rebecca Cran authored
This avoids the case where a UEFI build on FreeBSD tries to call the system issetugid function instead of returning 0 as it should do. CLA: trivial Reviewed-by:
-
- Jun 15, 2019
-
-
Paul Yang authored
Fixes: #9088 Functions documented in this commit: X509_cmp, X509_NAME_cmp, X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, X509_CRL_cmp, X509_CRL_match Reviewed-by:
-
- Jun 13, 2019
-
-
Matt Caswell authored
The d2i docs state that if an error occurs then |*a| is not freed. This is not correct. On error it is freed and set to NULL. We update the docs to say this, and also discuss the fact that this behaviour was inconsistent prior to OpenSSL 1.1.0. Reviewed-by:
-
