Skip to content
  1. Nov 04, 2018
    • Benjamin Kaduk's avatar
      Restore sensible "sess_accept" counter tracking · 33a37a61
      Benjamin Kaduk authored
      Commit 9ef9088c
      
       switched the SSL/SSL_CTX
      statistics counters to using Thread-Sanitizer-friendly primitives.
      However, it erroneously converted an addition of -1
      (for s->session_ctx->stats.sess_accept) to an addition of +1, since that
      is the only counter API provided by the internal tsan_assist.h header
      until the previous commit.  This means that for each accepted (initial)
      connection, the session_ctx's counter would get doubly incremented, and the
      (switched) ctx's counter would also get incremented.
      
      Restore the counter decrement so that each accepted connection increments
      exactly one counter exactly once (in net effect).
      
      Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
      (Merged from https://github.com/openssl/openssl/pull/7464)
      
      (cherry picked from commit 2aaa0b14)
      33a37a61
    • Benjamin Kaduk's avatar
      Add tsan_decr() API, counterpart of tsan_counter() · a649b52f
      Benjamin Kaduk authored
      
      
      The existing tsan_counter() API increments a reference counter.
      Provide a new API, tsan_decr(), to decrement such a reference counter.
      This can be used, for example, when a reference is added to the session_ctx's
      sess_accept stats but should more properly be tracked in the regular ctx's
      statistics.
      
      Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
      (Merged from https://github.com/openssl/openssl/pull/7464)
      
      (cherry picked from commit 95658c32436017aeeef3d8598957071baf6769a9)
      a649b52f
  2. Nov 02, 2018
  3. Nov 01, 2018
  4. Oct 31, 2018
  5. Oct 30, 2018
  6. Oct 29, 2018
  7. Oct 28, 2018
  8. Oct 27, 2018
    • Bernd Edlinger's avatar
      Fix data race in RAND_DRBG_generate · 1f985276
      Bernd Edlinger authored
      
      
      Fixes #7394
      
      Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
      (Merged from https://github.com/openssl/openssl/pull/7399)
      
      (cherry picked from commit a83dc59afa2e0207180d7218efed19b20d48de95)
      1f985276
    • Dr. Matthias St. Pierre's avatar
      RAND_add()/RAND_seed(): fix failure on short input or low entropy · d597a9a8
      Dr. Matthias St. Pierre authored
      
      
      Commit 5b4cb385c18a (#7382) introduced a bug which had the effect
      that RAND_add()/RAND_seed() failed for buffer sizes less than
      32 bytes. The reason was that now the added random data was used
      exlusively as entropy source for reseeding. When the random input
      was too short or contained not enough entropy, the DRBG failed
      without querying the available entropy sources.
      
      This commit makes drbg_add() act smarter: it checks the entropy
      requirements explicitely. If the random input fails this check,
      it won't be added as entropy input, but only as additional data.
      More precisely, the behaviour depends on whether an os entropy
      source was configured (which is the default on most os):
      
      - If an os entropy source is avaible then we declare the buffer
        content as additional data by setting randomness to zero and
        trigger a regular   reseeding.
      
      - If no os entropy source is available, a reseeding will fail
        inevitably. So drbg_add() uses a trick to mix the buffer contents
        into the DRBG state without forcing a reseeding: it generates a
        dummy random byte, using the buffer content as additional data.
      
      Related-to: #7449
      
      Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
      (Merged from https://github.com/openssl/openssl/pull/7456)
      
      (cherry picked from commit 8817215d5c52a76f2b184b624bde4df8556dee6d)
      d597a9a8
  9. Oct 26, 2018