- Dec 12, 2017
-
-
Richard Levitte authored
If OPENSSL_init_crypto() hasn't been called yet when ERR_get_state() is called, it need to be called early, so the base initialization is done. On some platforms (those who support DSO functionality and don't define OPENSSL_USE_NODELETE), that includes a call of ERR_set_mark(), which calls this function again. Furthermore, we know that ossl_init_thread_start(), which is called later in ERR_get_state(), calls OPENSSL_init_crypto(0, NULL), except that's too late. Here's what happens without an early call of OPENSSL_init_crypto(): => ERR_get_state(): => CRYPTO_THREAD_get_local(): <= NULL; # no state is found, so it gets allocated. => ossl_init_thread_start(): => OPENSSL_init_crypto(): # Here, base_inited is set to 1 # before ERR_set_mark() call => ERR_set_mark(): => ERR_get_state(): => CRYPTO_THREAD_get_local(): <= NULL; # no state is found, so it gets allocated!!!!! => ossl_init_thread_start(): => OPENSSL_init_crypto(): # base_inited is 1, # so no more init to be done <= 1 <= => CRYPTO_thread_set_local(): <= <= <= <= 1 <= => CRYPTO_thread_set_local() # previous value removed! <= Result: double allocation, and we have a leak. By calling the base OPENSSL_init_crypto() early, we get this instead: => ERR_get_state(): => OPENSSL_init_crypto(): # Here, base_inited is set to 1 # before ERR_set_mark() call => ERR_set_mark(): => ERR_get_state(): => OPENSSL_init_crypto(): # base_inited is 1, # so no more init to be done <= 1 => CRYPTO_THREAD_get_local(): <= NULL; # no state is found, so it gets allocated # let's assume we got 0xDEADBEEF => ossl_init_thread_start(): => OPENSSL_init_crypto(): # base_inited is 1, # so no more init to be done <= 1 <= 1 => CRYPTO_thread_set_local(): <= <= <= <= 1 => CRYPTO_THREAD_get_local(): <= 0xDEADBEEF <= 0xDEADBEEF Result: no leak. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4913)
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4907)
-
Richard Levitte authored
This got lost somehow. The methods to do makedepend on Windows and VMS are hard coded for cl (Windows) and CC/DECC (VMS), because that's what we currently support natively. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4907)
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4840)
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4840)
-
Richard Levitte authored
Remove some config attributes that just duplicate values that are already there in other attributes. Remove the special runs of mkdef.pl and mkrc.pl from build file templates, as these are now done via GENERATE statements in build.info. Remove all references to ordinal files from build file templates, as these are now treated via the GENERATE statements in build.info. Also remove -shared flags and similar that are there in shared-info.pl anyway. (in the case of darwin, it's mandatory, as -bundle and -dynamiclib don't mix) Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4840)
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4840)
-
Richard Levitte authored
Because this also includes handling all sorts of non-object files when linking a program, shared library or DSO, this also includes allowing general recognition of files such as .res files (compiled from .rc files), or .def / .map / .opt files (for export and possibly versioning of public symbols only). This does mean that there's a tangible change for all build file templates: they must now recognise and handle the `.o` extension, which is used internally to recognise object files internally. This extension was removed by common.tmpl before this change, but would mean that the platform specific templates wouldn't know if "foo.map" was originally "foo.map.o" (i.e. an object file in its own right) or "foo.map" (an export definition file that should be treated as such, not as an object file). For the sake of simplifying things, we also modify util/mkdef.pl to produce .def (Windows) and .opt (VMS) files that don't need additional hackery. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4840)
-
Richard Levitte authored
This makes it possible to add build.info statements for using resource files as well as linker scripts (.def for Windows, .map for Unix, and .opt for VMS) is if they were source files. This requires changes in the build file templates. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4840)
-
Richard Levitte authored
This will replace the use of Makefile.shared This also means a small adjustment on how the attributes dso_cflags, dso_cxxflags and dso_lflags are treated. They were previously treated as an extension to shared_cflag, shared_cxxflag and shared_ldflag, but they should really be regarded as alternatives instead, for example for darwin, where -dynamiclib is used for shared libraries and -bundle for DSOs. We take the opportunity to clean out things that are redundant or otherwise superfluous (for example the check of GNU ld on platforms where it never existed). Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4840)
-
Richard Levitte authored
It will return the last expression from the input file. We also use this in read_config, which slightly changes what's expected of Configurations/*.conf. They do not have to assign %targets specifically. On the other hand, the table of configs MUST be the last expression in each of those files. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4840)
-
Daniel Bevenius authored
This commit contains suggestion that (hopefully) improve the documentation in ssl.pod. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4914)
-
- Dec 11, 2017
-
-
Benjamin Kaduk authored
The one in rsa.c was overlooked when fixing the same comment in pkey.c as part of eff1752b . Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4902)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4899)
-
Sebastian Andrzej Siewior authored
As per documentation, the RSA keys should not be smaller than 64bit (the documentation mentions something about a quirk in the prime generation algorithm). I am adding check into the code which used to be 16 for some reason. My primary motivation is to get rid of the last sentence in the documentation which suggest that typical keys have 1024 bits (instead updating it to the now default 2048). I *assume* that keys less than the 2048 bits (say 512) are used for education purposes. The 512 bits as the minimum have been suggested by Bernd Edlinger. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4547)
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4891)
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4891)
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4891)
-
Matt Caswell authored
In 20-cert-select.conf there is a TLSv1.1 specific test which we should skip if TLSv1.1. is disabled. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4890)
-
- Dec 10, 2017
-
-
Matt Caswell authored
The tests in 25-cipher.conf all use TLSv1.2 ciphersuites so we shouldn't run it if we don't have TLSv1.2 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4889)
-
- Dec 09, 2017
-
-
FdaSilvaYY authored
check is already made 10 line above. clean commented code Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4885)
-
Patrick Steuer authored
Stop valgrind's complaints about uninitialized values. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4842)
-
Patrick Steuer authored
Generate keys using EVP_CIPHER's key generation routine to support keys of a specific form. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4842)
-
Patrick Steuer authored
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4843)
-
Daniel Bevenius authored
I noticed that some of the BIO_METHOD structs are placing the name on the same line as the type and some don't. This commit places the name on a separate line for consistency (which looks like what the majority do) CLA: trivial Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4878)
-
- Dec 08, 2017
-
-
Daniel Bevenius authored
CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4880)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4841)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4841)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4841)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4841)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4841)
-
FdaSilvaYY authored
Expression '...' is always true. The 'b->init' variable is assigned values twice successively Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4753)
-
FdaSilvaYY authored
Pointer 'o' is set inside a local buffer, so it can't be NULL. Also fix coding style and add comments Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4754)
-
Benjamin Kaduk authored
s_client -status is not available in this configuration. While here, remove an outdated TODO(TLS1.3) comment. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4873)
-
Benjamin Kaduk authored
make_dummy_resp() uses OCSP types, and get_cert_and_key() is unused once make_dummy_resp() is compiled out, so neither can be included in the build when OCSP is disabled and strict warnings are active. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4873)
-
Benjamin Kaduk authored
There's no reason to wrap this call in TEST_true() if we're not checking the return value of TEST_true() -- all of the surrounding similar calls do not have the macro wrapping them. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4873)
-
Benjamin Kaduk authored
Avoid memory leaks in error paths, and correctly apply parentheses to function calls in a long if-chain. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4873)
-
Richard Levitte authored
Otherwise, any command that relies on ssl modules may fail, because SSL_add_ssl_module() will be called after the config file has already been loaded. Fixes #4788 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4792)
-
Richard Levitte authored
IF OPENSSL_init_ssl() is called with the option flag OPENSSL_INIT_LOAD_CONFIG, any SSL config will be handled wrongly (i.e. there will be an attempt to load libssl_conf.so or whatever corresponds to that on non-Unix platforms). Therefore, at least SSL_add_ssl_module() MUST be called before OPENSSL_init_crypto() is called. The base ssl init does that, plus adds all kinds of ciphers and digests, which is harmless. Fixes #4788 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4792)
-
Bernd Edlinger authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4862)
-