- Nov 16, 2016
-
-
Rich Salz authored
Factorise multiple bn_get_top(group->field) calls Add missing checks on some conditional BN_copy return value Add missing checks on some BN_copy return value Add missing checks on a few bn_wexpand return value Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1626) (cherry picked from commit 78e09b53)
-
- Nov 15, 2016
-
-
Rich Salz authored
Also fix version in libcrypto.num, from backporting new functions. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554) (cherry picked from commit ebcb5368)
-
Rob Percival authored
Checks that the epoch_time_in_ms field of CT_POLICY_EVAL_CTX is initialized to approximately the current time (as returned by time()) by default. This prevents the addition of this field, and its verification during SCT validation, from breaking existing code that calls SCT_validate directly. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554) (cherry picked from commit ebcb5368)
-
Rob Percival authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554) (cherry picked from commit 08e588b7)
-
Rob Percival authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554) (cherry picked from commit 5e086066)
-
Rob Percival authored
As requested in https://github.com/openssl/openssl/pull/1554#issuecomment-246371575 . Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554) (cherry picked from commit c22aa33e)
-
Rob Percival authored
See https://github.com/openssl/openssl/pull/1554#issuecomment-246354677 . Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554) (cherry picked from commit f0f535e9)
-
Rob Percival authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554) (cherry picked from commit e25233d9)
-
Rob Percival authored
Do not call the time "current", as a different time can be provided. For example, a time slightly in the future, to provide tolerance for CT logs with a clock that is running fast. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554) (cherry picked from commit 1871a5aa)
-
Rob Percival authored
ctlog_new_null() no longer exists. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554) (cherry picked from commit 333c2e43)
-
Rob Percival authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554) (cherry picked from commit 1fa9ffd9)
-
Richard Levitte authored
engines/e_padlock.c assumes that for all x86 and x86_64 platforms, the lower level routines will be present. However, that's not always true, for example for solaris-x86-cc, and that leads to build errors. The better solution is to have configure detect if the lower level padlock routines are being built, and define the macro PADLOCK_ASM if they are, and use that macro in our C code. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1510) (cherry picked from commit 7b176a54)
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1922) (cherry picked from commit 8aa9cf7e)
-
Richard Levitte authored
Under certain circumstances, the libcrypto init code would loop, causing a deadlock. This would typically happen if something in ossl_init_base() caused an OpenSSL error, and the error stack routines would recurse into the init code before the flag that ossl_init_base() had been run was checked. This change makes sure ossl_init_base isn't run once more of the base is initiated. Thanks to Dmitry Kostjuchenko for the idea. Fixes Github issue #1899 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1922) (cherry picked from commit b7a7f39a)
-
- Nov 14, 2016
-
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit fe9e5b9c)
-
Sebastian Andrzej Siewior authored
prio openssl 1.1.0 seed_len < q was accepted and the seed argument was then ignored. Now DSA_generate_parameters_ex() returns an error in such a case but no error string. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1657) (cherry picked from commit af547412)
-
Matt Caswell authored
This reverts commit edc18749 . The proposed fix is incorrect. It marks the "run_once" code as having finished before it has. The intended semantics of run_once is that no threads should proceed until the code has run exactly once. With this change the "second" thread will think the run_once code has already been run and will continue, even though it is still in progress. This could result in a crash or other incorrect behaviour. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Nov 13, 2016
-
-
DK authored
Fixed deadlock in CRYPTO_THREAD_run_once() if call to init() is causing a recursive call to CRYPTO_THREAD_run_once() again that is causing a hot deadloop inside do { } while (result == ONCE_ININIT); section. CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1913) (cherry picked from commit 349d1cfd)
-
Matthias Kraft authored
Avoid a memory alignment issue. Signed-off-by: Matthias Kraft <Matthias.Kraft@softwareag.com> CLA: trivial Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1650) (cherry picked from commit af5883fe)
-
EasySec authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1837) (cherry picked from commit a22f9c84)
-
EasySec authored
Replace the 'SSL' broken link with SSL_CTX_set_security_level which seems not being referenced from elsewhere Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1898) (cherry picked from commit e330f55d)
-
- Nov 12, 2016
-
-
enkore authored
CLA: trivial Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1909) (cherry picked from commit 625b9d6b)
-
Kurt Roeckx authored
llvm's ubsan reported: runtime error: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself Found using libfuzzer Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1908 (cherry picked from commit e80f3b6a)
-
- Nov 11, 2016
-
-
Andy Polyakov authored
In order to minimize dependency on assembler version a number of post-SSE2 instructions are encoded manually. But in order to simplify the procedure only register operands are considered. Non-register operands are passed down to assembler. Module in question uses pshufb with memory operands, and old [GNU] assembler can't handle it. Fortunately in this case it's possible skip just the problematic segment without skipping SSSE3 support altogether. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit d89773d6)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit cebb1869)
-
Richard Levitte authored
When configured no-dso, there are no DSO_{whatever} macros defined. Therefore, before checking those, you have to check if OPENSSL_NO_DSO is defined. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1902) (cherry picked from commit 6e290a25)
-
- Nov 10, 2016
-
-
Richard Levitte authored
Apparently, pod2html doesn't add ".html" at the end of links, making them useless, so we need to fix that With thanks for the report to Michel <michel.sales@free.fr> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1897)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
This is done by taking one vector, "corrupting" last bit of the tag value and verifying that decrypt fails. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Don't set choice selector on parse failure: this can pass unexpected values to the choice callback. Instead free up partial structure directly. CVE-2016-7053 Thanks to Tyler Nighswander of ForAllSecure for reporting this issue. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
The offset to the memory to clear was incorrect, causing a heap buffer overflow. CVE-2016-7054 Thanks to Robert Święcki for reporting this Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit b8e4011fb26364e44230946b87ab38cc1c719aae)
-
Andy Polyakov authored
Some of stone-age assembler can't cope with r0 in address. It's actually sensible thing to do, because r0 is shunted to 0 in address arithmetic and by refusing r0 assembler effectively makes you understand that. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit a54aba53)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 2fac86d9)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit dca2e0ee)
-