- Oct 17, 2018
-
-
cclauss authored
CLA: trivial Discovered via #7410 @ https://travis-ci.org/openssl/openssl/jobs/442003489#L440 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7403)
-
- Oct 16, 2018
-
-
Dr. Matthias St. Pierre authored
In pull request #4328 the seeding of the DRBG via RAND_add()/RAND_seed() was implemented by buffering the data in a random pool where it is picked up later by the rand_drbg_get_entropy() callback. This buffer was limited to the size of 4096 bytes. When a larger input was added via RAND_add() or RAND_seed() to the DRBG, the reseeding failed, but the error returned by the DRBG was ignored by the two calling functions, which both don't return an error code. As a consequence, the data provided by the application was effectively ignored. This commit fixes the problem by a more efficient implementation which does not copy the data in memory and by raising the buffer the size limit to INT32_MAX (2 gigabytes). This is less than the NIST limit of 2^35 bits but it was chosen intentionally to avoid platform dependent problems like integer sizes and/or signed/unsigned conversion. Additionally, the DRBG is now less permissive on errors: In addition to pushing a message to the openssl error stack, it enters the error state, which forces a reinstantiation on next call. Thanks go to Dr. Falko Strenzke for reporting this issue to the openssl-security mailing list. After internal discussion the issue has been categorized as not being security relevant, because the DRBG reseeds automatically and is fully functional even without additional randomness provided by the application. Fixes #7381 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7382)
-
- Oct 13, 2018
-
-
Tomas Mraz authored
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7377)
-
- Oct 12, 2018
-
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7123)
-
Andy Polyakov authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7085)
-
Andy Polyakov authored
Negative displacement in memory references was not originally specified, so that for maximum coverage one should abstain from it, just like with any other extension. [Unless it's guarded by run-time switch, but there is no switch in keccak1600-s390x.] Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7239)
-
Matt Caswell authored
Fixes #7385 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7385)
-
- Oct 11, 2018
-
-
Mykola Baibuz authored
We don't need to use secure clean for public key. CLA: trivial Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7363)
-
Paul Yang authored
The example code in EVP_DigestInit.pod generates warnings if users try to compile it. [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7362)
-
- Oct 10, 2018
-
-
FdaSilvaYY authored
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7378)
-
Dr. Matthias St. Pierre authored
Fixes a compiler warning about an unused syscall_random() and cleans up the OPENSSL_RAND_SEED preprocessor logic. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/779)
-
Matt Caswell authored
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7365)
-
- Oct 09, 2018
-
-
Benjamin Kaduk authored
As for linux, make bsd-gcc an alias to the solaris semantics for shared library symbol version handling. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7376)
-
Paul Yang authored
Should be 2018 instead of 20018. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7364)
-
- Oct 08, 2018
-
-
Benjamin Kaduk authored
Historically (i.e., OpenSSL 1.0.x), the openssl applications would allow for empty subject attributes to be passed via the -subj argument, e.g., `opensl req -subj '/CN=joe/O=/OU=local' ...`. Commit db4c08f0 applied a badly needed rewrite to the parse_name() helper function that parses these strings, but in the process dropped a check that would skip attributes with no associated value. As a result, such strings are now treated as hard errors and the operation fails. Restore the check to skip empty attribute values and restore the historical behavior. Document the behavior for empty subject attribute values in the corresponding applications' manual pages. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7349)
-
Ԝеѕ authored
CLA: trivial Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7356)
-
- Oct 07, 2018
-
-
Pauli authored
The PR #7329 left some indentation slightly off. This fixes it. Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7360)
-
Mykola Baibuz authored
Hash can be longer than EC group degree and it will be truncated. CLA: trivial Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7329)
-
- Oct 05, 2018
-
-
Richard Levitte authored
We passed that ioctl a pointer to the whole session_op structure, which wasn't quite right. Notified by David Legault. Fixes #7302 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/7304)
-
Dr. Matthias St. Pierre authored
Fixes #7322 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7351)
-
Richard Levitte authored
Some modules are built with case insensitive (uppercase) symbols on VMS. This needs to be reflected in the export symbol vector. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7347)
-
Richard Levitte authored
We didn't notice the error because it all happened in the top directory. Now that we use .ld files in subdirectories, the bug became apparent. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7347)
-
Richard Levitte authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7347)
-
Richard Levitte authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7347)
-
Richard Levitte authored
This allows setting up export maps for DSOs as well in a uniform way. This also means that util/mkdef.pl no longer picks up the target version from configdata.pm, and it has to be given on the command line instead. This may be used to give modules separate versions as well, if desirable. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7347)
-
- Oct 04, 2018
-
-
Matt Caswell authored
Check that different return values passed to the BIO callback are correctly handled. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7344)
-
Matt Caswell authored
The BIO callback handling incorrectly wrote over the return code passed to the callback, meaning that an incorrect result was (eventually) returned to the caller. Fixes #7343 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7344)
-
Richard Levitte authored
Rewrite util/mknum.pl to become cleaner, and to use the separate generic C header parsing module, as well as the separate ordinals manipulation module. Adapt the build files. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7191)
-
Richard Levitte authored
This means adding the capability to add new items, to invalidate and revalidate all the items, and to update the file it came from, as well as the possibility to create new items from other data than a line from said file. While we're at it, we throw in a couple of useful filters. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7191)
-
Richard Levitte authored
OpenSSL::ParseC is a module that parses through a C header file and returns a list with information on what it found. Currently, the information it returns covers function and variable declarations, macro definitions, struct declarations/definitions and typedef definitions. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7191)
-
- Oct 03, 2018
-
-
Richard Levitte authored
Having it as a 'platform' was conceptually wrong from from the beginning, and makes decoding more complicated than necessary. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7191)
-
Richard Levitte authored
Move the .num updating functionality to util/mknum.pl. Rewrite util/mkdef.pl to create .def / .map / .opt files exclusively, using the separate ordinals reading module. Adapt the build files. Adapt the symbol presence test. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7191)
-
Richard Levitte authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7191)
-
Richard Levitte authored
I was never exported in our shared libraries and no one noticed, and we don't seem to use it ourselves, so clean it away. In all likelyhood, this is a remain from the 90's, when it was in fashion to litter library modules with these kinds of strings. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7340)
-
Matt Caswell authored
In drbgtest, test_set_defaults changes the default DRBGs. This works fine when tests are run in the normal order. However if OPENSSL_TEST_RAND_ORDER is defined then it may fail (dependent on the ordering). This environment variable is defined for one of the Travis tests, so this issue was causing intermittent travis test failures. [extended tests] Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7338)
-
Matt Caswell authored
These are auto generated files that should not be checked into git Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7339)
-
- Oct 02, 2018
-
-
Matt Caswell authored
Check some return values on some functions. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7335)
-
Matt Caswell authored
Free memory allocated in the parent process that is not needed in the child. We also free it in the parent. Technically this isn't really required since we end up calling exit() soon afterwards - but to prevent false positives we free it anyway. Fixes a Coverity issue. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7335)
-
- Oct 01, 2018
-
-
Shane Lontis authored
Minor change to documentation of RAND_DRBG_set_defaults() Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7326)
-
Richard Levitte authored
Related to #6696 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6702)
-