- Feb 13, 2017
-
-
Andy Polyakov authored
Reviewed-by:Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
This is handy when "offset(%reg)" is a perl variable. Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Thanks to Jun Sun for spotting this. Reviewed-by: -
Andrea Grandi authored
Remove call to cleanup function Use only one loop to find previous element Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2581)
-
Andrea Grandi authored
This fixes the num of fds added/removed returned by ASYNC_WAIT_CTX_get_changed_fds Previously, the numbers were not consistent with the fds actually written in the buffers since the fds that have been both added and removed are explicitly ignored in the loop. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Darren Tucker authored
CLA: trivial Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2604)
-
- Feb 11, 2017
-
-
Adam Langley authored
Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2590)
-
- Feb 10, 2017
-
-
Andy Polyakov authored
.cfi_{start|end}proc and .cfi_def_cfa were not tracked. Reviewed-by: -
Adam Langley authored
CLA: trivial Reviewed-by:
-
Adam Langley authored
I don't think this actually affects anything since the cfi_restore directives aren't strictly needed anyway. (The old values are still in memory so either will do.) CLA: trivial Reviewed-by:
-
Lukasz Pawelczyk authored
EVP_CIPH_FLAG_LENGTH_BITS flag for CFB1 has been broken with the introduction of the is_partially_overlapping() check that did not take it into the account (treating number of bits passed as bytes). This remedies that and allows this flag to work as intended. Reviewed-by:
-
- Feb 09, 2017
-
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
CFI directives annotate instructions that are significant for stack unwinding procedure. In addition to directives recognized by GNU assembler this module implements three synthetic ones: - .cfi_push annotates push instructions in prologue and translates to .cfi_adjust_cfa_offset (if needed) and .cfi_offset; - .cfi_pop annotates pop instructions in epilogue and translates to .cfi_adjust_cfs_offset (if needed) and .cfi_restore; - .cfi_cfa_expression encodes DW_CFA_def_cfa_expression and passes it to .cfi_escape as byte vector; CFA expression syntax is made up mix of DWARF operator suffixes [subset of] and references to registers with optional bias. Following example describes offloaded original stack pointer at specific offset from current stack pointer: .cfi_cfa_expression %rsp+40,deref,+8 Final +8 has everything to do with the fact that CFA, Canonical Frame Address, is reference to top of caller's stack, and on x86_64 call to subroutine pushes 8-byte return address. Triggered by request from Adam Langley. Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by:
-
- Feb 08, 2017
-
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
- Feb 07, 2017
-
-
Bernd Edlinger authored
or EVP_CTRL_INIT/EVP_CTRL_COPY was not called or failed. If that happens in EVP_CipherInit_ex/EVP_CIPHER_CTX_copy set cipher = NULL, aes_gcm_cleanup should check that gctx != NULL before calling OPENSSL_cleanse. Reviewed-by:
-
- Feb 06, 2017
-
-
Andy Polyakov authored
- harmonize handlers with guidelines and themselves; - fix some bugs in handlers; - add missing handlers in chacha and ecp_nistz256 modules; Reviewed-by: -
Andy Polyakov authored
Reviewed-by:
-
- Feb 05, 2017
-
-
Bernd Edlinger authored
Reviewed-by:
-
- Feb 03, 2017
-
-
Bernd Edlinger authored
Fixed a memory leak in ASN1_digest and ASN1_item_digest. Reworked error handling in asn1_item_embed_new. Fixed error handling in int_ctx_new and EVP_PKEY_CTX_dup. Fixed a memory leak in CRYPTO_free_ex_data. Reworked error handing in x509_name_ex_d2i, x509_name_encode and x509_name_canon. Check for null pointer in tls_process_cert_verify. Fixes #2103 #2104 #2105 #2109 #2111 #2115 Reviewed-by:
-
Dmitry Kostjuchenko authored
Reviewed-by:
-
Dmitry Kostjuchenko authored
Reviewed-by:
-
Dmitry Kostjuchenko authored
Updated indentations according project rules, renamed file-local define to the shorter version - USE_RWLOCK, fixed declaration after the if statement in CRYPTO_THREAD_lock_new(). Reviewed-by:
-
Dmitry Kostjuchenko authored
Fix compilation on platforms with missing pthread_rwlock_t implementation by replacing it with pthread_mutex_t. An example of such platform can be Android OS 2.0 - 2.1, API level 5 (Eclair), Android NDK platform - android-5 where pthread_rwlock_t is not implemented and is missing in pthread.h. In case of missing pthread_rwlock_t implementation CRYPTO_RWLOCK will work as exclusive lock in write-only mode of pthread_rwlock_t lock. The implementation based on pthread_mutex_t must be using PTHREAD_MUTEX_RECURSIVE mode to be compatible with recursive behavior of pthread_rwlock_rdlock. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
- Feb 01, 2017
-
-
Todd Short authored
The core SipHash supports either 8 or 16-byte output and a configurable number of rounds. The default behavior, as added to EVP, is to use 16-byte output and 2,4 rounds, which matches the behavior of most implementations. There is an EVP_PKEY_CTRL that can control the output size. Reviewed-by:
-
Richard Levitte authored
Reviewed-by: -
Geoff Thorpe authored
The BIGNUM behaviour is supposed to be "consistent" when going into and out of APIs, where "consistent" means 'top' is set minimally and that 'neg' (negative) is not set if the BIGNUM is zero (which is iff 'top' is zero, due to the previous point). The BN_DEBUG testing (make test) caught the cases that this patch corrects. Note, bn_correct_top() could have been used instead, but that is intended for where 'top' is expected to (sometimes) require adjustment after direct word-array manipulation, and so is heavier-weight. Here, we are just catching the negative-zero case, so we test and correct for that explicitly, in-place. Change-Id: Iddefbd3c28a13d935648932beebcc765d5b85ae7 Signed-off-by:
Geoff Thorpe <geoff@openssl.org> Reviewed-by:
-
Geoff Thorpe authored
Change-Id: I5ab72ad0aae9069b47d5b7b7b9e25bd1b7afa251 Signed-off-by:
-
Geoff Thorpe authored
Couple of updates to make this code work properly again; * use OPENSSL_assert() instead of assert() (and #include <assert.h>) * the circular-dependency-avoidance uses RAND_bytes() (not pseudo) Change-Id: Iefb5a9dd73f71fd81c1268495c54a64378955354 Signed-off-by:
-
- Jan 29, 2017
-
-
Richard Levitte authored
On error, i2o_SCT_signature() and i2o_SCT() free a pointer that may have wandered off from the start of the allocated block (not currently true for i2o_SCT_signature(), but has that potential as the code may change. To avoid this, save away the start of the allocated block and free that instead. Thanks to Guido Vranken for reporting this issue. Reviewed-by:
-
- Jan 28, 2017
-
-
Richard Levitte authored
X509_CRL_digest() didn't check if the precomputed sha1 hash was actually present. This also makes sure there's an appropriate flag to check. Reviewed-by:
Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2314)
-
- Jan 26, 2017
-
-
Andy Polyakov authored
CVE-2017-3732 Reviewed-by: -
Richard Levitte authored
When the client reads DH parameters from the TLS stream, we only checked that they all are non-zero. This change updates the check to use DH_check_params() DH_check_params() is a new function for light weight checking of the p and g parameters: check that p is odd check that 1 < g < p - 1 Reviewed-by:Viktor Dukhovni <viktor@openssl.org>
-
