- Oct 13, 2017
-
-
Rich Salz authored
Names were not removed. Some comments were updated. Replace Andy's address with openssl.org Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4516)
-
Rich Salz authored
Use atomic operations for the counters Rename malloc_lock to memdbg_lock Also fix some style errors in mem_dbg.c Reviewed-by:
-
- Oct 12, 2017
-
-
Benjamin Kaduk authored
If q is non-NULL but p is indeed a safe prime, a modified copy of p could be leaked. Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4525)
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Add functions to return DH parameters using NID and to return the NID if parameters match a named set. Currently this supports only RFC7919 parameters but could be expanded in future. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
If BN_FLG_STATIC_DATA is set don't cleanse a->d as it will reside in read only memory. If BN_FLG_MALLOCED is not set don't modify the BIGNUM at all. This change applies to BN_clear_free() and BN_free(). Now the BIGNUM structure is opaque applications cannot create a BIGNUM structure without BN_FLG_MALLOCED being set so they are unaffected. Update internal DH routines so they only copy pointers for read only parameters. Reviewed-by:
-
- Oct 11, 2017
-
-
Dr. Stephen Henson authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4503)
-
Dr. Stephen Henson authored
Add an ENGINE to EVP_PKEY structure which can be used for cryptographic operations: this will typically be used by an HSM key to redirect calls to a custom EVP_PKEY_METHOD. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
If we are passed an ENGINE to use in int_ctx_new e.g. via EVP_PKEY_CTX_new() use it instead of the default. Reviewed-by:
-
Matt Caswell authored
RSA_setup_blinding() calls BN_BLINDING_create_param() which later calls BN_mod_exp() as follows: BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx) ret->mod will have BN_FLG_CONSTTIME set, but ret->e does not. In BN_mod_exp() we only test the third param for the existence of this flag. We should test all the inputs. Thanks to Samuel Weiser (samuel.weiser@iaik.tugraz.at) for reporting this issue. This typically only happens once at key load, so this is unlikely to be exploitable in any real scenario. Reviewed-by:
-
- Oct 10, 2017
-
-
Pauli authored
Use a read lock when reading using pthreads. Reviewed-by:
-
Keshav Kini authored
CLA: trivial Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4513)
-
Andy Polyakov authored
Reviewed-by:
-
- Oct 09, 2017
-
-
Pauli authored
Reviewed-by:
-
Pauli authored
in an atomic fashion. Reviewed-by:
-
KaoruToda authored
unified them. - return (0); -> return 0; - return (1); -> return 1; - return (-1); -> return -1; Reviewed-by:
Stephen Henson <steve@openssl.org> Reviewed-by:
-
- Oct 08, 2017
-
-
Pauli authored
indicate the level of locking required for various operations. Remove the lock and atomics from the lhash code. These we're not complete or adequate. Refer to #4418 and #4427 for details. Reviewed-by:
-
- Oct 07, 2017
-
-
Rich Salz authored
Rewrite the -req-nodes flag from CA.pl (idea from Andy) Rewrite ERR_string_error_n Reviewed-by:
-
- Oct 05, 2017
-
-
Andy Polyakov authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4455)
-
- Oct 04, 2017
-
-
Todd Short authored
When an SSL's context is swtiched from a ticket-enabled context to a ticket-disabled context in the servername callback, no session-id is generated, so the session can't be resumed. If a servername callback changes the SSL_OP_NO_TICKET option, check to see if it's changed to disable, and whether a session ticket is expected (i.e. the client indicated ticket support and the SSL had tickets enabled at the time), and whether we already have a previous session (i.e. s->hit is set). In this case, clear the ticket-expected flag, remove any ticket data and generate a session-id in the session. If the SSL hit (resumed) and switched to a ticket-disabled context, assume that the resumption was via session-id, and don't bother to update the session. Before this fix, the updated unit-tests in 06-sni-ticket.conf would fail test #4 (server1 = SNI, server2 = no SNI). Reviewed-by:
-
- Oct 03, 2017
-
-
FdaSilvaYY authored
Reviewed-by:
-
FdaSilvaYY authored
insert() or an explicit call to OPENSSL_sk_reserve Factorise STACK item deletion code Reviewed-by:
-
- Oct 02, 2017
-
-
Adam Langley authored
This change adds a comment to the exceptional case in point_add that handles the case of a doubling, which explains when this case may occur during normal processing. Thanks go to Antonio Sanso for noting this. Reviewed-by:
Emilia Käsper <emilia@openssl.org> Reviewed-by:
-
Bernd Edlinger authored
Change argument type of xxxelem_is_zero_int to const void* to avoid the need of type casts. Fixes #4413 Reviewed-by:
-
- Sep 29, 2017
-
-
Samuel Weiser authored
Reviewed-by:
-
- Sep 28, 2017
-
-
Pauli authored
Reviewed-by:
-
Pauli authored
Remove all stack headers from some includes that don't use them. Avoid a genearic untyped stack use. Update stack POD file to include the OPENSSL_sk_ API functions in the notes section. They were mentioned in the name section but not defined anywhere. Reviewed-by:
-
- Sep 27, 2017
-
-
Pauli authored
Reviewed-by:
-
Pauli authored
This allows the caller to guarantee that there is sufficient space for a number of insertions without reallocation. The expansion ratio when reallocating the array is reduced to 1.5 rather than 2. Change bounds testing to use a single size rather than both INT_MAX and SIZE_MAX. This simplifies some of the tests. Switch the stack pointers to data from char * to void * Reviewed-by:
-
Samuel Weiser authored
Reviewed-by:
-
Samuel Weiser authored
Fixed error in propagating BN_FLG_CONSTTIME flag through BN_MONT_CTX_set, which could lead to information disclosure on RSA primes p and q. Reviewed-by:
-
- Sep 26, 2017
-
-
David Benjamin authored
The pub_key field for DH isn't actually used in DH_compute_key at all. (Note the peer public key is passed in as as BIGNUM.) It's mostly there so the caller may extract it from DH_generate_key. It doesn't particularly need to be present if filling in a DH from external parameters. The check in DH_set0_key conflicts with adding OpenSSL 1.1.0 to Node. Their public API is a thin wrapper over the old OpenSSL one: https://nodejs.org/api/crypto.html#crypto_class_diffiehellman They have separate setPrivateKey and setPublicKey methods, so the public key may be set last or not at all. In 1.0.2, either worked fine since operations on DH objects generally didn't use the public key. (Like with OpenSSL, Node's setPublicKey method is also largely a no-op, but so it goes.) In 1.1.0, DH_set0_key prevents create a private-key-only DH object. Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4384)
-
- Sep 22, 2017
-
-
David Benjamin authored
This guards against the name constraints check consuming large amounts of CPU time when certificates in the presented chain contain an excessive number of names (specifically subject email names or subject alternative DNS names) and/or name constraints. Name constraints checking compares the names presented in a certificate against the name constraints included in a certificate higher up in the chain using two nested for loops. Move the name constraints check so that it happens after signature verification so peers cannot exploit this using a chain with invalid signatures. Also impose a hard limit on the number of name constraints check loop iterations to further mitigate the issue. Thanks to NCC for finding this issue. Fix written by Martin Kreichgauer. Reviewed-by:
-
- Sep 19, 2017
-
-
David Benjamin authored
c2i_ASN1_BIT_STRING takes length as a long but uses it as an int. Check bounds before doing so. Previously, excessively large inputs to the function could write a single byte outside the target buffer. (This is unreachable as asn1_ex_c2i already uses int for the length.) Thanks to NCC for finding this issue. Fix written by Martin Kreichgauer. Reviewed-by:
-
- Sep 17, 2017
-
-
Pauli authored
Address coverity report of null pointer being dereferenced. Reviewed-by:
-
