- Aug 05, 2019
-
-
Matt Caswell authored
At some point in the past do_ssl3_write() used to return the number of bytes written, or a value <= 0 on error. It now just returns a success/ error code and writes the number of bytes written to |tmpwrit|. The SSL_MODE_RELEASE_BUFFERS code was still looking at the return code for the number of bytes written rather than |tmpwrit|. This has the effect that the buffers are not released when they are supposed to be. Fixes #9490 Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9505) (cherry picked from commit 8bbf63e48f27c5edaa03e6d87d969c9b6a207f3c)
-
- Aug 01, 2019
-
-
Dr. Matthias St. Pierre authored
Complements commit b383aa20 , which added X509_get0_authority_key_id(). const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); [NEW] const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); [NEW] Reviewed-by:
-
raja-ashok authored
Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
-
- Jul 31, 2019
-
-
Antoine Cœur authored
CLA: trivial Reviewed-by:
Shane Lontis <shane.lontis@oracle.com> Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9295)
-
joe2018Outlookcom authored
Fix: crypto\whrlpool\wp_block.c(90) : warning C4164: '_rotl64' : intrinsic function not declared. Fixes #9487 Reviewed-by:
-
David von Oheimb authored
Reviewed-by:
Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/9466) (cherry picked from commit 7408f6759f1b0100438ca236ea8f549454aaf2d5)
-
- Jul 30, 2019
-
-
Bernd Edlinger authored
This avoids a spurious gcc warning: ./config enable-asan --strict-warnings => In function 'afalg_create_sk', inlined from 'afalg_cipher_init' at engines/e_afalg.c:545:11: engines/e_afalg.c:376:5: error: '__builtin_strncpy' output may be truncated copying 63 bytes from a string of length 63 [-Werror=stringop-truncation] 376 | strncpy((char *) sa.salg_name, ciphername, ALG_MAX_SALG_NAME); | ^~~~~~~ [extended tests] Reviewed-by:
-
- Jul 28, 2019
-
-
Pauli authored
Implement the GNU C library's random(3) pseudorandom number generator. The algorithm is described: https://www.mscs.dal.ca/~selinger/random/ The rationale is to make the tests repeatable across differing platforms with different underlying implementations of the random(3) library call. More specifically: when executing tests with random ordering. [extended tests] Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9463) (cherry picked from commit e9a5932d04f6b7dd25b39a8ff9dc162d64a78c22)
-
- Jul 25, 2019
-
-
David Benjamin authored
tls_parse_stoc_key_share was generating a new EVP_PKEY public/private keypair and then overrides it with the server public key, so the generation was a waste anyway. Instead, it should create a parameters-only EVP_PKEY. (This is a consequence of OpenSSL using the same type for empty key, empty key with key type, empty key with key type + parameters, public key, and private key. As a result, it's easy to mistakenly mix such things up, as happened here.) Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/9445) (cherry picked from commit 166c0b98fd6e8b1bb341397642527a9396468f6c)
-
Richard Levitte authored
Mingw config targets assumed that resulting programs and libraries are installed in a Unix-like environment and the default installation prefix was therefore set to '/usr/local'. However, mingw programs are installed in a Windows environment, and the installation directories should therefore have Windows defaults, i.e. the same kind of defaults as the VC config targets. A difficulty is, however, that a "cross compiled" build can't figure out the system defaults from environment the same way it's done when building "natively", so we have to fall back to hard coded defaults in that case. Tests can still be performed when cross compiled on a non-Windows platform, since all tests only depend on the source and build directory, and otherwise relies on normal local paths. CVE-2019-1552 Reviewed-by:
-
- Jul 23, 2019
-
-
Pauli authored
The rand pool support allocates maximal sized buffers -- this is typically 12288 bytes in size. These pools are allocated in secure memory which is a scarse resource. They are also allocated per DRBG of which there are up to two per thread. This change allocates 64 byte pools and grows them dynamically if required. 64 is chosen to be sufficiently large so that pools do not normally need to grow. Reviewed-by:
-
Bernd Edlinger authored
The additional data allocates 12K per DRBG instance in the secure memory, which is not necessary. Also nonces are not considered secret. [extended tests] Reviewed-by:
-
- Jul 24, 2019
-
-
Dr. Matthias St. Pierre authored
The HEADER_X509_H check is redundant, because <openssl/x509.h> is already included. Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
-
Dr. Matthias St. Pierre authored
The check is redundant, because <openssl/x509v3.h> is included. Reviewed-by:
-
Dr. Matthias St. Pierre authored
This include guard inside an object file comes as a surprise and serves no purpose anymore. It seems like this object file was included by crypto/threads/mttest.c at some time, but the include directive was removed in commit bb8abd67 . Reviewed-by:
-
Dr. Matthias St. Pierre authored
Reviewed-by:
-
Bernd Edlinger authored
This avoids leaking bit 0 of the private key. Backport-of: #9363 Reviewed-by:
-
- Jul 23, 2019
-
-
Pauli authored
Reviewed-by:
-
- Jul 21, 2019
-
-
Richard Levitte authored
These weren't available in Cygwin at the time our DSO code was written, but things have changed since. Fixes #9385 Reviewed-by:
-
- Jul 19, 2019
-
-
Richard Levitte authored
If a config file gets loaded, the tests get disturbed. Reviewed-by:
-
- Jul 18, 2019
-
-
Bernd Edlinger authored
The barriers prevent the compiler from narrowing down the possible value range of the mask and ~mask in the select statements, which avoids the recognition of the select and turning it into a conditional load or branch. Reviewed-by:
Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by:
-
Shane Lontis authored
Cosmetic changes to use the X509_STORE_lock/unlock functions. Renamed some ctx variables to store. Reviewed-by:
-
- Jul 17, 2019
-
-
Patrick Steuer authored
Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
-
Bernd Edlinger authored
Although in a false-conditional code section gcc-4.8.4 flagged this with a C90 warning :-( include/internal/refcount.h:108:7: error: C++ style comments are not allowed in ISO C90 [-Werror] // under Windows CE we still have old-style Interlocked* functions Reviewed-by: -
Matt Caswell authored
This function was always returning 0. It should return 1 on success. Fixes #9374 Reviewed-by:
-
- Jul 16, 2019
-
-
Todd Short authored
Also, use define rather than sizeof Reviewed-by:
-
Viktor Dukhovni authored
Reviewed-by: -
Pauli authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9390) (cherry picked from commit 3d9b33b5e48d82d098a1f8c37dbf616a0d84621c)
-
- Jul 15, 2019
-
-
Krists Krilovs authored
x509 store's objects cache can get corrupted when using dir lookup method in multithreaded application. Claim x509 store's lock when accessing objects cache. CLA: trivial Reviewed-by:
-
- Jul 11, 2019
-
-
agnosticdev authored
Reviewed-by:
-
- Jul 08, 2019
-
-
Dmitry Belyavskiy authored
Reviewed-by:
-
John Schember authored
CLA: trivial Reviewed-by:
-
Lei Maohui authored
Modified rev to rev64, because rev only takes integer registers. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90827 Otherwise, the following error will occur. Error: operand 1 must be an integer register -- `rev v31.16b,v31.16b' CLA: trivial Signed-off-by:
Lei Maohui <leimaohui@cn.fujitsu.com> Reviewed-by:
-
- Jul 07, 2019
-
-
Dr. Matthias St. Pierre authored
Reviewed-by:
-
Bernd Edlinger authored
Happens when trying to generate 4 or 5 bit safe primes. [extended tests] Reviewed-by:
-
- Jul 04, 2019
-
-
Tomas Mraz authored
Fixes #9259 Reviewed-by:
-
- Jul 02, 2019
-
-
Martin Peylo authored
If SRCTOP != BLDTOP, and SRCTOP is given in relative form, e.g. "./config ../openssl", then a bug in Perl's abs2rel may trigger that directory- rewriting in __cwd results in wrong entries in %directories under certain circumstances, e.g. when a test executes run(app(["openssl"]) after indir. There should not be any need to go to a higher directory from BLDDIR or SRCDIR, so it should be OK to use them in their absolute form, also resolving all possible symlinks, right from the start. Following the File::Spec::Functions bug description (reported to perl.org): When abs2rel gets a path argument with ..s that are crossing over the ..s trailing the base argument, the result is wrong. Example PATH: /home/goal/test/.. BASE: /home/goal/test/../../base Good result: ../goal Bad result: ../.. Bug verified with File::Spec versions - 3.6301 - 3.74 (latest) Reviewed-by:
-
Bernd Edlinger authored
The member value.ptr is undefined for those ASN1 types. Reviewed-by:
-
Bernd Edlinger authored
BOOLEAN does not have valid data in the value.ptr member, thus don't use it here. Fixes #9276 [extended tests] Reviewed-by:
-
Dr. Matthias St. Pierre authored
Reviewed-by:
-
