- Oct 28, 2017
-
-
Rich Salz authored
Thanks to Remi Gacogne for pointing this out. Also indented the two macro bodies Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4608)
-
- Oct 27, 2017
-
-
Andy Polyakov authored
Thanks to David Benjamin for spotting this. Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4514)
-
Andy Polyakov authored
Reviewed-by:
-
- Oct 26, 2017
-
-
Matt Caswell authored
The functions strcasecmp() and strncasecmp() will use locale specific rules when performing comparison. This could cause some problems in certain locales. For example in the Turkish locale an 'I' character is not the uppercase version of 'i'. However IA5 strings should not use locale specific rules, i.e. for an IA5 string 'I' is uppercase 'i' even if using the Turkish locale. This fixes a bug in name constraints checking reported by Thomas Pornin (NCCGroup). This is not considered a security issue because it would require both a Turkish locale (or other locale with similar issues) and malfeasance by a trusted name-constrained CA for a certificate to pass name constraints in error. The constraints also have to be for excluded sub-trees which are extremely rare. Failure to match permitted subtrees is a bug, not a vulnerability. Reviewed-by:
-
Paul Yang authored
<compar> to <compare> to match the var name in function prototype Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
-
- Oct 25, 2017
-
-
Richard Levitte authored
Reviewed-by:
-
- Oct 24, 2017
-
-
Richard Levitte authored
asn1_item_embed_free() will try unlocking and fail in this case, and since the new item was just allocated on the heap, free it directly with OPENSSL_free() instead. Reviewed-by:
-
Richard Levitte authored
The previous change with this intention didn't quite do it. An embedded item must not be freed itself, but might potentially contain non-embedded elements, which must be freed. So instead of calling ASN1_item_ex_free(), where we can't pass the embed flag, we call asn1_item_embed_free() directly. This changes asn1_item_embed_free() from being a static function to being a private non-static function. Reviewed-by:
-
Matt Caswell authored
The lhash expand() function can fail if realloc fails. The previous implementation made changes to the structure and then attempted to do a realloc. If the realloc failed then it attempted to undo the changes it had just made. Unfortunately changes to lh->p were not undone correctly, ultimately causing subsequent expand() calls to increment num_nodes to a value higher than num_alloc_nodes, which can cause out-of-bounds reads/ writes. This is not considered a security issue because an attacker cannot cause realloc to fail. This commit moves the realloc call to near the beginning of the function before any other changes are made to the lhash structure. That way if a failure occurs we can immediately fail without having to undo anything. Thanks to Pavel Kopyl (Samsung) for reporting this issue. Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4550) (cherry picked from commit 4ce8bebc)
-
Xiangyu Bu authored
CLA: trivial Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
- Oct 23, 2017
-
-
Richard Levitte authored
An embedded item wasn't allocated separately on the heap, so don't free it as if it was. Issue discovered by Pavel Kopyl Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4572) (cherry picked from commit 590bbdfd)
-
Matt Caswell authored
The function BN_security_bits() uses the values from SP800-57 to assign security bit values for different FF key sizes. However the value for 192 security bits is wrong. SP800-57 has it as 7680 but the code had it as 7690. Reviewed-by:
-
- Oct 22, 2017
-
-
Patrick Steuer authored
Remove all .comm definitions from the asm modules. Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
-
- Oct 20, 2017
-
-
Jakub Jelen authored
CLA: trivial Reviewed-by:
Ben Laurie <ben@links.org> Reviewed-by:
-
- Oct 19, 2017
-
-
Rich Salz authored
Add openssl-foo as a name for the openssl "foo" command. Addresses an issue found by a usability study to be published. Reviewed-by:
-
- Oct 17, 2017
-
-
Patrick Steuer authored
An instruction's QUERY function is executed at initialization, iff the required MSA level is installed. Therefore, it is sufficient to check the bits returned by the QUERY functions. The MSA level does not have to be checked at every function call. crypto/aes/asm/aes-s390x.pl: The AES key schedule must be computed if the required KM or KMC function codes are not available. Formally, the availability of a KMC function code does not imply the availability of the corresponding KM function code. Signed-off-by:
-
Patrick Steuer authored
Signed-off-by:
-
Rich Salz authored
Reviewed-by:
-
- Oct 13, 2017
-
-
Dr. Stephen Henson authored
Reviewed-by:
-
Ben Kaduk authored
The second set of tests in that configuration uses the AES-SHA256 ciphers, which are only available for TLS 1.2. Thus, when TLS 1.2 is disabled, there are no ciphers available and the handshake fails with an internal error. Apply the same treatment as for 13-fragmentation.conf, which uses the same ciphers. Reviewed-by:
-
- Oct 11, 2017
-
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Add an ENGINE to EVP_PKEY structure which can be used for cryptographic operations: this will typically be used by an HSM key to redirect calls to a custom EVP_PKEY_METHOD. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
If we are passed an ENGINE to use in int_ctx_new e.g. via EVP_PKEY_CTX_new() use it instead of the default. Reviewed-by:
-
Matt Caswell authored
RSA_setup_blinding() calls BN_BLINDING_create_param() which later calls BN_mod_exp() as follows: BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx) ret->mod will have BN_FLG_CONSTTIME set, but ret->e does not. In BN_mod_exp() we only test the third param for the existence of this flag. We should test all the inputs. Thanks to Samuel Weiser (samuel.weiser@iaik.tugraz.at) for reporting this issue. This typically only happens once at key load, so this is unlikely to be exploitable in any real scenario. Reviewed-by:
-
- Oct 09, 2017
-
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
RESULT_D can be used to provide a separate directory for test results. Let's use that to separate them from other files. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Mouse authored
CLA: trivial Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4494)
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
- Oct 08, 2017
-
-
Rich Salz authored
Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4491) (cherry picked from commit 24b0be11)
-
- Oct 06, 2017
-
-
Richard Levitte authored
Fixes #4471 and more Reviewed-by:
-
- Oct 05, 2017
-
-
Emilia Kasper authored
Verify that the encrypt-then-mac negotiation is handled correctly. Additionally, when compiled with no-asm, this test ensures coverage for the constant-time MAC copying code in ssl3_cbc_copy_mac. The proxy-based CBC padding test covers that as well but it's nevertheless better to have an explicit handshake test for mac-then-encrypt. Reviewed-by:
-
David Woodhouse authored
Reviewed-by:
-
- Oct 04, 2017
-
-
Matt Caswell authored
Reviewed-by:
-
Richard Levitte authored
This avoids issues that can come with an ending backslash, among other. Fixes #4458 Reviewed-by:
-
- Oct 02, 2017
-
-
Bernd Edlinger authored
Change argument type of xxxelem_is_zero_int to const void* to avoid the need of type casts. Fixes #4413 Reviewed-by:
-
- Sep 30, 2017
-
-
Andy Polyakov authored
Reviewed-by:
-
