- 13 Apr, 2018 2 commits
-
-
Richard Levitte authored
There is a test to check that 'genrsa' doesn't accept absurdly low number of bits. Apart from that, this test is designed to check the working functionality of 'openssl genrsa', so instead of having a hard coded lower limit on the size key, let's figure out what it is. Partially fixes #5751 Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5754)
-
Richard Levitte authored
The documentation erroneously stated that one can change the default configuration file name. Fixes #5939 Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5941) (cherry picked from commit 0320e8e2)
-
- 12 Apr, 2018 4 commits
-
-
Richard Levitte authored
X509_get_default_cert_dir_env() returns the default environment variable to check for certificate directories. X509_get_default_cert_dir() returns the default configured certificate directory. Use these instead of hard coding our own values, and thereby be more integrated with the rest of OpenSSL. Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5937) (cherry picked from commit 362ff3c3)
-
Richard Levitte authored
Fixes #5902 Reviewed-by:
-
Daniel Bevenius authored
This is a minor update which hopefully makes these particular lines read a little easier. Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5938) (cherry picked from commit 0652e8a7)
-
Rich Salz authored
The wrong "set" field was incremented in the wrong place and would create a new RDN, not a multi-valued RDN. RDN inserts would happen after not before. Prepending an entry to an RDN incorrectly created a new RDN Anything which built up an X509_NAME could get a messed-up structure, which would then be "wrong" for anyone using that name. Thanks to Ingo Schwarze for extensive debugging and the initial fix (documented in GitHub issue #5870). Reviewed-by:
-
- 09 Apr, 2018 2 commits
-
-
Andy Polyakov authored
The warning reads "[cast] may cause misaligned access". Even though this can be application-supplied pointer, misaligned access shouldn't happen, because structure type is "encoded" into data itself, and application would customarily pass correctly aligned pointer. But there is no harm in resolving the warning... Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
- 08 Apr, 2018 1 commit
-
-
Andy Polyakov authored
HP-UX provides sockets symbols with incompatible prototypes under same names. Additional macros force unambitious symbols with unambitious prototypes. Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
- 07 Apr, 2018 1 commit
-
-
Rich Salz authored
Reviewed-by:
-
- 06 Apr, 2018 2 commits
-
-
Neel Goyal authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
- 05 Apr, 2018 5 commits
-
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
There are two undocumented DSA parameter generation options available in the genpkey command line app: dsa_paramgen_md and dsa_paramgen_q_bits. These can also be accessed via the EVP API but only by using EVP_PKEY_CTX_ctrl() or EVP_PKEY_CTX_ctrl_str() directly. There are no helper macros for these options. dsa_paramgen_q_bits sets the length of q in bits (default 160 bits). dsa_paramgen_md sets the digest that is used during the parameter generation (default SHA1). In particular the output length of the digest used must be equal to or greater than the number of bits in q because of this code: if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL)) goto err; if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) goto err; for (i = 0; i < qsize; i++) md[i] ^= buf2[i]; /* step 3 */ md[0] |= 0x80; md[qsize - 1] |= 0x01; if (!BN_bin2bn(md, qsize, q)) goto err; qsize here is the number of bits in q and evpmd is the digest set via dsa_paramgen_md. md and buf2 are buffers of length SHA256_DIGEST_LENGTH. buf2 has been filled with qsize bits of random seed data, and md is uninitialised. If the output size of evpmd is less than qsize then the line "md[i] ^= buf2[i]" will be xoring an uninitialised value and the random seed data together to form the least significant bits of q (and not using the output of the digest at all for those bits) - which is probably not what was intended. The same seed is then used as an input to generating p. If the uninitialised data is actually all zeros (as seems quite likely) then the least significant bits of q will exactly match the least significant bits of the seed. This problem only occurs if you use these undocumented and difficult to find options and you set the size of q to be greater than the message digest output size. This is for parameter generation only not key generation. This scenario is considered highly unlikely and therefore the security risk of this is considered negligible. Reviewed-by: -
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
The GOST engine needs to be loaded before we initialise libssl. Otherwise the GOST ciphersuites are not enabled. However the SSL conf module must be loaded before we initialise libcrypto. Otherwise we will fail to read the SSL config from a config file properly. Another problem is that an application may make use of both libcrypto and libssl. If it performs libcrypto stuff first and OPENSSL_init_crypto() is called and loads a config file it will fail if that config file has any libssl stuff in it. This commit separates out the loading of the SSL conf module from the interpretation of its contents. The loading piece doesn't know anything about SSL so this can be moved to libcrypto. The interpretation of what it means remains in libssl. This means we can load the SSL conf data before libssl is there and interpret it when it later becomes available. Fixes #5809 Reviewed-by:
-
- 04 Apr, 2018 2 commits
-
-
cedral authored
Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5861)
-
Richard Levitte authored
We started using $(CPP) instead of $(CC) -E, with the assumption that CPP would be predefined. This is, however, not always true, and rather depends on the 'make' implementation. Furthermore, on platforms where CPP=cpp or something else other than '$(CC) -E', there's a risk that it won't understand machine specific flags that we pass to it. So it turns out that trying to use $(CPP) was a mistake, and we therefore revert that use back to using $(CC) -E directly. Fixes #5867 Note: this affects config targets that use Alpha, ARM, IA64, MIPS, s390x or SPARC assembler modules. Reviewed-by:
-
- 03 Apr, 2018 8 commits
-
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Where a CMS detached signature is used with text content the text goes through a canonicalisation process first prior to signing or verifying a signature. This process strips trailing space at the end of lines, converts line terminators to CRLF and removes additional trailing line terminators at the end of a file. A bug in the canonicalisation process meant that some characters, such as form-feed, were incorrectly treated as whitespace and removed. This is contrary to the specification (RFC5485). This fix could mean that detached text data signed with an earlier version of OpenSSL 1.1.0 may fail to verify using the fixed version, or text data signed with a fixed OpenSSL may fail to verify with an earlier version of OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data and use the "-binary" flag (for the "cms" command line application) or set the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()). Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Thanks to Sem Voigtländer for reporting this issue. Reviewed-by:
-
- 02 Apr, 2018 1 commit
-
-
FdaSilvaYY authored
in methods : - EVP_PBE_scrypt - EVP_PKEY_meth_add0 - EVP_PKEY_meth_new - EVP_PKEY_CTX_dup Backport of 3484236d Reviewed-by:
-
- 01 Apr, 2018 2 commits
-
-
Daniel Bevenius authored
It looks like the usage of these functions were removed in in commit 0a4edb93 ("Unified - adapt the generation of cpuid, uplink and buildinf to use GENERATE"). This commit removes the import/use of File::Spec::Functions module as it is no longer needed by crypto/build.info. Reviewed-by:
-
Richard Levitte authored
Because many of our test programs use internal headers, we need to make sure they know how, exactly, to mangle the symbols. So far, we've done so by specifying it in the affected test programs, but as things change, that will develop into a goose chase. Better then to declare once and for all how symbols belonging in our libraries are meant to be treated, internally as well as publically. Reviewed-by:
-
- 31 Mar, 2018 1 commit
-
-
Richard Levitte authored
test/cipherlist_test.c is an internal consistency check, and therefore requires that the shared library it runs against matches what it was built for. test/recipes/test_cipherlist.t is made to refuse running unless library version and build version match. This adds a helper program test/versions.c, that simply displays the library and the build version. Partially fixes #5751 Reviewed-by:
-
- 29 Mar, 2018 3 commits
-
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Instead of invoking the fuzz test programs once for every corpora file, we invoke them once for each directory of corpora files. This dramatically reduces the number of program invokations, as well as the time 90-test_fuzz.t takes to complete. fuzz/test-corpus.c was enhanced to handle directories as well as regular files. Reviewed-by:
-
Richard Levitte authored
This wasn't a good solution, too many things depend on the quotes being there consistently. This reverts commit 49cd47ea . Fixes #5772 Reviewed-by:
-
- 28 Mar, 2018 1 commit
-
-
Matt Caswell authored
If a server has been configured to use an ECDSA certificate, we should allow it regardless of whether the server's own supported groups list includes the certificate's group. Fixes #2033 Reviewed-by:
-
- 27 Mar, 2018 5 commits
-
-
Philippe Antoine authored
Reviewed-by:
-
Miroslav Suk authored
ts/ts_rsp_sign.c: change to OPENSSL_gmtime. Reviewed-by:
-
Rich Salz authored
CLA: trivial Reviewed-by:
-
Matt Caswell authored
If we don't have OID data for an object then we should fail if we are asked to encode the ASN.1 for that OID. Fixes #5723 Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
