Skip to content
  1. Oct 31, 2017
  2. Oct 30, 2017
  3. Oct 26, 2017
  4. Oct 25, 2017
  5. Oct 24, 2017
  6. Oct 23, 2017
  7. Oct 22, 2017
  8. Oct 21, 2017
  9. Oct 20, 2017
  10. Oct 18, 2017
    • Rich Salz's avatar
      Additional name for all commands · 3f2181e6
      Rich Salz authored
      
      
      Add openssl-foo as a name for the openssl "foo" command.
      Addresses an issue found by a usability study to be published.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/4553)
      3f2181e6
    • KaoruToda's avatar
      Remove parentheses of return. · 26a7d938
      KaoruToda authored
      
      
      Since return is inconsistent, I removed unnecessary parentheses and
      unified them.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/4541)
      26a7d938
    • Benjamin Kaduk's avatar
      Add missing RAND_DRBG locking · 2139145b
      Benjamin Kaduk authored
      
      
      The drbg's lock must be held across calls to RAND_DRBG_generate()
      to prevent simultaneous modification of internal state.
      
      This was observed in practice with simultaneous SSL_new() calls attempting
      to seed the (separate) per-SSL RAND_DRBG instances from the global
      rand_drbg instance; this eventually led to simultaneous calls to
      ctr_BCC_update() attempting to increment drbg->bltmp_pos for their
      respective partial final block, violating the invariant that bltmp_pos < 16.
      The AES operations performed in ctr_BCC_blocks() makes the race window
      quite easy to trigger.  A value of bltmp_pos greater than 16 induces
      catastrophic failure in ctr_BCC_final(), with subtraction overflowing
      and leading to an attempt to memset() to zero a very large range,
      which eventually reaches an unmapped page and segfaults.
      
      Provide the needed locking in get_entropy_from_parent(), as well as
      fixing a similar issue in RAND_priv_bytes().  There is also an
      unlocked call to RAND_DRBG_generate() in ssl_randbytes(), but the
      requisite serialization is already guaranteed by the requirements on
      the application's usage of SSL objects, and no further locking is
      needed for correct behavior.  In that case, leave a comment noting
      the apparent discrepancy and the reason for its safety (at present).
      
      Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
      Reviewed-by: default avatarKurt Roeckx <kurt@roeckx.be>
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/4328)
      2139145b