- Jul 11, 2018
-
-
Richard Levitte authored
To avoid the possibility that someone creates rem.exe, rem.bat or rem.cmd, simply don't use it. In the cases it was used, it was to avoid empty lines, but it turns out that nmake handles those fine, so no harm done. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/6686) (cherry picked from commit 1b6a0a26)
-
Richard Levitte authored
It seems that nmake first tries to run executables on its own, and only pass commands to cmd if that fails. That means it's possible to have nmake run something like 'echo.exe' when the builtin 'echo' command was expected, which might give us unexpected results. To get around this, we create our own echoing script and call it explicitly from the nmake makefile. Fixes #6670 Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/6686) (cherry picked from commit 9abce88b)
-
- Jul 10, 2018
-
-
Richard Levitte authored
The reason is that we override Text::Template::append_text_to_output(), and it didn't exist before Text::Template 1.46. Fixes #6641 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6682) (cherry picked from commit 4e351ca9)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6682) (cherry picked from commit f7dce50f)
-
Richard Levitte authored
This enables us to require module versions, and to fall back to a bundled version if the system version is too low. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6682) (cherry picked from commit e9bc5706)
-
- Jul 06, 2018
-
-
Bernd Edlinger authored
[extended tests] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6663)
-
- Jul 04, 2018
-
-
Richard Levitte authored
Fixes #6644 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6645) (cherry picked from commit a9cf71a3)
-
- Jul 03, 2018
-
-
Matt Caswell authored
We should validate that the various fields we put into the CertificateRequest are not too long. Otherwise we will construct an invalid message. Fixes #6609 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6628)
-
- Jul 02, 2018
-
-
Matt Caswell authored
Fixes #6574 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6594)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6614)
-
- Jul 01, 2018
-
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6615) (cherry picked from commit ce5eb5e8)
-
- Jun 29, 2018
-
-
Pauli authored
In ssl/t1_lib.c. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6613) (cherry picked from commit 8eab767a)
-
- Jun 28, 2018
-
-
Rich Salz authored
Fixes uninitialized memory read reported by Nick Mathewson Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6603) (cherry picked from commit 10c3c1c1)
-
- Jun 25, 2018
-
-
Richard Levitte authored
The 1.1.1 branch has a different location for documentation, this is the obvious result of a cherry-pick from there. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6589)
-
Richard Levitte authored
This function is documented to be deprecated since OpenSSL 1.1.0. We need to make it so in openssl/ssl.h as well. Fixes #6565 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6588) (cherry picked from commit 71419442)
-
- Jun 24, 2018
-
-
Bernd Edlinger authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6581) (cherry picked from commit dc6c374b)
-
- Jun 23, 2018
-
-
Kurt Roeckx authored
The parameters where switched Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #6578 (cherry picked from commit eaf39a9f)
-
Richard Levitte authored
We don't want an indentation step inside a 'extern "C" {' .. '}' block. Apparently, cc-mode has a c-offsets-alist keyword to allow exactly this. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6557) (cherry picked from commit 89731128)
-
- Jun 22, 2018
-
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 2e51557b)
-
- Jun 21, 2018
-
-
David von Oheimb authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6227) (cherry picked from commit b8c32081)
-
Nick Mathewson authored
Also, modernize the code, so that it isn't trying to store a size_t into an int, and then check the int's sign. :/ Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6271) (cherry picked from commit c8c25033)
-
Nick Mathewson authored
In previous versions of OpenSSL, the documentation for PEM_read_* said: The callback B<must> return the number of characters in the passphrase or 0 if an error occurred. But since c82c3462 , 0 is now treated as a non-error return value. Applications that want to indicate an error need to return -1 instead. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6271) (cherry picked from commit bbbf752a)
-
Billy Brumley authored
(cherry picked from commit 01fd5df77d401c87f926552ec24c0a09e5735006) Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6549)
-
Andy Polyakov authored
Triggered by Coverity analysis. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 7d859d1c ) Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6549)
-
Matt Caswell authored
This extends the recently added ECDSA signature blinding to blind DSA too. This is based on side channel attacks demonstrated by Keegan Ryan (NCC Group) for ECDSA which are likely to be able to be applied to DSA. Normally, as in ECDSA, during signing the signer calculates: s:= k^-1 * (m + r * priv_key) mod order In ECDSA, the addition operation above provides a sufficient signal for a flush+reload attack to derive the private key given sufficient signature operations. As a mitigation (based on a suggestion from Keegan) we add blinding to the operation so that: s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order Since this attack is a localhost side channel only no CVE is assigned. This commit also tweaks the previous ECDSA blinding so that blinding is only removed at the last possible step. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6523)
-
Richard Levitte authored
Fixes #6544 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6546) (cherry picked from commit 63871d9f)
-
- Jun 18, 2018
-
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6499) (cherry picked from commit 575045f5)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6499) (cherry picked from commit 27635a4e)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6499) (cherry picked from commit b55e21b3)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6499) (cherry picked from commit 9e97f61d)
-
Jack Bates authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 693be9a2) (Merged from https://github.com/openssl/openssl/pull/5750)
-
- Jun 15, 2018
-
-
Bernd Edlinger authored
Prevent a possible recursion in ERR_get_state and fix the problem that was pointed out in commit aef84bb4 differently. Fixes: #6493 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6494)
-
- Jun 13, 2018
-
-
Matt Caswell authored
Keegan Ryan (NCC Group) has demonstrated a side channel attack on an ECDSA signature operation. During signing the signer calculates: s:= k^-1 * (m + r * priv_key) mod order The addition operation above provides a sufficient signal for a flush+reload attack to derive the private key given sufficient signature operations. As a mitigation (based on a suggestion from Keegan) we add blinding to the operation so that: s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order Since this attack is a localhost side channel only no CVE is assigned. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jun 12, 2018
-
-
Nicola Tuveri authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6460) (cherry picked from commit 8fe4c0b0)
-
Guido Vranken authored
CVE-2018-0732 Signed-off-by: Guido Vranken <guidovranken@gmail.com> (cherry picked from commit 91f7361f ) Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6457)
-
- Jun 11, 2018
-
-
Richard Levitte authored
Fixes #6449 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6450)
-
- Jun 09, 2018
-
-
Andy Polyakov authored
This module is used only with odd input lengths, i.e. not used in normal PKI cases, on contemporary processors. The problem was "illuminated" by fuzzing tests. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6440) (cherry picked from commit f55ef97b)
-
- Jun 08, 2018
-
-
Mingtao Yang authored
Upon a call to CRYPTO_ocb128_setiv, either directly on an OCB_CTX or indirectly with EVP_CTRL_AEAD_SET_IVLEN, reset the nonce-dependent variables in the OCB_CTX. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6420) (cherry picked from commit bbb02a5b)
-
- Jun 07, 2018
-
-
Marcus Huewe authored
If the remove_session_cb accesses the session's data (for instance, via SSL_SESSION_get_protocol_version), a potential use after free can occur. For this, consider the following scenario when adding a new session via SSL_CTX_add_session: - The session cache is full (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) - Only the session cache has a reference to ctx->session_cache_tail (that is, ctx->session_cache_tail->references == 1) Since the cache is full, remove_session_lock is called to remove ctx->session_cache_tail from the cache. That is, it SSL_SESSION_free()s the session, which free()s the data. Afterwards, the free()d session is passed to the remove_session_cb. If the callback accesses the session's data, we have a use after free. The free before calling the callback behavior was introduced in commit e4612d02 ("Remove sessions from external cache, even if internal cache not used."). CLA: trivial Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6222) (cherry picked from commit c0a58e03)
-
- Jun 05, 2018
-
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6413) (cherry picked from commit 630fe1da)
-