- Mar 29, 2018
-
-
Benjamin Kaduk authored
Add some more exposition on why unlocked access to the global rand_fork_count is safe, and provide a comment for the struct rand_drbg_st fork_count field. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/4110)
-
Andy Polyakov authored
picker() is type agnostic, but its output consumer is not. Or rather it doesn't work if picker() picks nothing when consumer expects array. So ensure array is returned when array is expected. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5770)
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5770)
-
Richard Levitte authored
The VMS C RTL has setbuf() working for short pointers only, probably the FILE pointer will always be in P0 (the lower 4GB). Fortunately, this only generates a warning about possible data loss (doesn't apply in this case) that we can simply turn off. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5789)
-
Richard Levitte authored
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5776)
-
Richard Levitte authored
Instead of invoking the fuzz test programs once for every corpora file, we invoke them once for each directory of corpora files. This dramatically reduces the number of program invikations, as well as the time 99-test_fuzz.t takes to complete. fuzz/test-corpus.c was enhanced to handle directories as well as regular files. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5776)
-
Richard Levitte authored
This wasn't a good solution, too many things depend on the quotes being there consistently. This reverts commit 49cd47ea . Fixes #5772 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5773)
-
- Mar 28, 2018
-
-
Patrick Steuer authored
... to compute s390x aes function code from keylength. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5250)
-
Patrick Steuer authored
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5250)
-
Patrick Steuer authored
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5250)
-
Patrick Steuer authored
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5250)
-
Patrick Steuer authored
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5250)
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5780)
-
Matt Caswell authored
This commit removes the contribution of a user that we cannot trace to gain their consent for the licence change. After this commit the various IS_*() macros in the auto-generated file conf_def.h may incorrectly return true if the supplied character has its most significant bit set. The IS_*() macros should be able to correctly handle 8-bit characters. Note that UTF-8 support is not a requirement. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5767)
-
Matt Caswell authored
If a server has been configured to use an ECDSA certificate, we should allow it regardless of whether the server's own supported groups list includes the certificate's group. Fixes #2033 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5601)
-
Matt Caswell authored
This reverts commit 37a38595. These tests should now be fixed by commit e6e9170d . Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5765)
-
- Mar 27, 2018
-
-
Rich Salz authored
Based on the description in https://github.com/openssl/openssl/pull/5757 , this re-implements the "allow NULL to be passed" behavior of a number of xxx_free routines. I also fixed up some egregious formatting errors that were nearby. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5761)
-
Miroslav Suk authored
ts/ts_rsp_sign.c: change to OPENSSL_gmtime. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5720)
-
Konstantin Shemyak authored
When the "certificate purpose" is checked and KeyUsage extension is present, either 'digitalSignature' or 'nonRepudiation' is accepted. Manual page corrected to reflect the above. Signed-off-by: Konstantin Shemyak <konstantin@shemyak.com> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5727)
-
Philippe Antoine authored
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5729)
-
Andy Polyakov authored
Apparently applications rely on RAND_load_file's ability to work with non-regular files, customarily with /dev/urandom, so that the ban was not exactly appropriate. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5737)
-
Andy Polyakov authored
This is quick-n-dirty ad-hoc solution, the problem asks for more elegant one... Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5755)
-
Matt Caswell authored
The previous commit causes some tests to hang so we temporarily disable them. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5757)
-
Matt Caswell authored
This removes some code because we cannot trace the original contributor to get their agreement for the licence change (original commit e03ddfae ). After this change there will be numerous failures in the test cases until someone rewrites the missing code. All *_free functions should accept a NULL parameter. After this change the following *_free functions will fail if a NULL parameter is passed: BIO_ACCEPT_free() BIO_CONNECT_free() BN_BLINDING_free() BN_CTX_free() BN_MONT_CTX_free() BN_RECP_CTX_free() BUF_MEM_free() COMP_CTX_free() ERR_STATE_free() TXT_DB_free() X509_STORE_free() ssl3_free() ssl_cert_free() SSL_SESSION_free() SSL_free() [skip ci] Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5757)
-
Matt Caswell authored
The alpn_selected value in the session should be NULL before we first populate it if this is a new session. We assert to make sure it is. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5715)
-
Matt Caswell authored
If we don't have OID data for an object then we should fail if we are asked to encode the ASN.1 for that OID. Fixes #5723 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5725)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
Comparison was effectively reduced to least significant bits. CVE-2018-0733 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Constructed types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. Therefore we limit the stack depth. CVE-2018-0739 Credit to OSSFuzz for finding this issue. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Mar 26, 2018
-
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5756)
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Bernd Edlinger authored
openssl x509 -in server.pem -signkey privkey.pem -out server.pem Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5746)
-
Bernd Edlinger authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5744)
-
- Mar 25, 2018
-
-
Bernd Edlinger authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5741)
-
Philippe Antoine authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5675)
-
- Mar 24, 2018
-
-
Andy Polyakov authored
'nmake clean' was leaving some artefacts behind. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Mar 23, 2018
-
-
Richard Levitte authored
myDSO_dsobyaddr and myDSO_free are only used in a narrow block of code, and can therefore be made local to that block. Otherwise, some compilers may warn that they are unused. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5733)
-
Richard Levitte authored
These errors were hidden because compiling this file didn't get the macros derived from the dso_scheme attribute, and therefore, some code never got compiled. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5733)
-