| 1d0671b | Dr. Matthias St. Pierre | 21 October 2018, 16:49:19 UTC | RAND_load_file(): avoid adding small chunks to RAND_add() Increase the load buffer size such that it exceeds the chunk size by a comfortable amount. This is done to avoid calling RAND_add() with a small final chunk. Instead, such a small final chunk will be added together with the previous chunk (unless it's the only one). Related-to: #7449 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7456) | 26 October 2018, 06:50:26 UTC |
| 13ce862 | Dr. Matthias St. Pierre | 20 October 2018, 14:53:57 UTC | RAND_load_file(): return error if reseeding failed The failure of RAND_load_file was only noticed because of the heap corruption which was reported in #7499 and fixed in commit 5b4cb385c18a. To prevent this in the future, RAND_load_file() now explicitly checks RAND_status() and reports an error if it fails. Related-to: #7449 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7456) | 26 October 2018, 06:50:26 UTC |
| 8529945 | Richard Levitte | 25 October 2018, 13:55:15 UTC | Windows: Produce a static version of the public libraries, always When building shared libraries on Windows, we had a clash between 'libcrypto.lib' the static routine library and 'libcrypto.lib' the import library. We now change it so the static versions of our libraries get '_static' appended to their names. These will never get installed, but can still be used for our internal purposes, such as internal tests. When building non-shared, the renaming mechanism doesn't come into play. In that case, the static libraries 'libcrypto.lib' and 'libssl.lib' are installed, just as always. Fixes #7492 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7496) (cherry picked from commit b3023ced6b6a4aece6f4d4ec1f6a93b1c03712b6) | 25 October 2018, 21:30:52 UTC |
| 28361a0 | Richard Levitte | 23 October 2018, 08:15:12 UTC | RAND: ensure INT32_MAX is defined This value is used to set DRBG_MAX_LENGTH Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7467) (cherry picked from commit f81b043ad856d8b9af5239a4978f8bd4b965dab9) | 23 October 2018, 08:56:59 UTC |
| ece482f | Dr. Matthias St. Pierre | 20 October 2018, 14:53:09 UTC | RAND_add(): fix heap corruption in error path This bug was introduced by #7382 which enhanced RAND_add() to accept large buffer sizes. As a consequence, RAND_add() now fails for buffer sizes less than 32 bytes (i.e. less than 256 bits). In addition, rand_drbg_get_entropy() forgets to reset the attached drbg->pool in the case of an error, which leads to the heap corruption. The problem occurred with RAND_load_file(), which reads the file in chunks of 1024 bytes each. If the size of the final chunk is less than 32 bytes, then RAND_add() fails, whence RAND_load_file() fails silently for buffer sizes n = k * 1024 + r with r = 1,...,31. This commit fixes the heap corruption only. The other issues will be addressed in a separate pull request. Thanks to Gisle Vanem for reporting this issue. Fixes #7449 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7455) (cherry picked from commit 5b4cb385c18a5bb4e118e300f1c746bf7c2a5628) | 22 October 2018, 12:57:04 UTC |
| 132fd51 | Richard Levitte | 21 October 2018, 09:03:02 UTC | build file templates: have targets for all shared library names We only had targets for the "simple" shared library names (libfoo.so and not libfoo.so.x.y on Unix, import library libfoo.lib but not libfoo.dll on Windows). This has created some confusion why it wasn't possible to rebuild the less "simple" name directly (just as an example, someone who mistook the import library on Windows for a static library, removed the DLL and then found it was difficult to rebuild directly), so we change the target to include all possible names. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7451) (cherry picked from commit d8cac50b023be249cdaba054f43acecf17025ce4) | 21 October 2018, 13:49:48 UTC |
| 8c6371f | Matt Caswell | 18 October 2018, 13:45:59 UTC | Don't complain and fail about unknown TLSv1.3 PSK identities in s_server An unknown PSK identity could be because its actually a session resumption attempt. Sessions resumptions and external PSKs are indistinguishable so the callbacks need to fail gracefully if they don't recognise the identity. Fixes #7433 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7434) (cherry picked from commit 2d015189b97c60b67e10aed320230357bf6b200f) | 19 October 2018, 14:24:14 UTC |
| d1bfd80 | Matt Caswell | 09 October 2018, 09:22:06 UTC | Buffer a ClientHello with a cookie received via DTLSv1_listen Previously when a ClientHello arrives with a valid cookie using DTLSv1_listen() we only "peeked" at the message and left it on the underlying fd. This works fine for single threaded applications but for multi-threaded apps this does not work since the fd is typically reused for the server thread, while a new fd is created and connected for the client. By "peeking" we leave the message on the server fd, and consequently we think we've received another valid ClientHello and so we create yet another fd for the client, and so on until we run out of fds. In this new approach we remove the ClientHello and buffer it in the SSL object. Fixes #6934 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/7375) (cherry picked from commit 079ef6bd534d2f708d8013cfcd8ea0d2f600c788) | 19 October 2018, 13:29:52 UTC |
| 585e691 | Matt Caswell | 08 October 2018, 14:46:51 UTC | Use the read and write buffers in DTLSv1_listen() Rather than using init_buf we use the record layer read and write buffers in DTLSv1_listen(). These seem more appropriate anyway and will help with the next commit. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/7375) (cherry picked from commit 2fc4c77c3f06443f4c476f6f58d83e5e108d1dce) | 19 October 2018, 13:29:52 UTC |
| 6c52987 | Matt Caswell | 18 October 2018, 09:12:20 UTC | Test DTLS cookie generation and verification Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7431) (cherry picked from commit edcd29efd32c51f298ad5ab438e2d4cc5411e9a9) | 19 October 2018, 13:19:22 UTC |
| a6a8382 | Matt Caswell | 18 October 2018, 09:12:07 UTC | Fix a DTLS memory leak Fixes #7428 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7431) (cherry picked from commit 01666a8c1db3ecfb999e1a8f2c5436d114f95681) | 19 October 2018, 13:19:22 UTC |
| a66c361 | Andy Polyakov | 14 October 2018, 13:19:41 UTC | Configurations/15-android.conf: add support for "standalone toolchain". Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7400) (cherry picked from commit 03ad7c009e16a233c733098db3169c560142ccd3) | 19 October 2018, 08:36:48 UTC |
| fc762e7 | Andy Polyakov | 17 October 2018, 08:09:33 UTC | arch/async_posix.h: improve portability. {make|swap|get|set}context are removed in POSIX.1-2008, but glibc apparently keeps providing it. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7420) (cherry picked from commit 9d71a24ebf57e7157888af1ca587eafe914bf96f) | 19 October 2018, 08:31:04 UTC |
| aa51985 | armfazh | 18 October 2018, 22:26:58 UTC | Fix tls_cbc_digest_record is slow using SHA-384 and short messages The formula used for this is now kVarianceBlocks = ((255 + 1 + md_size + md_block_size - 1) / md_block_size) + 1 Notice that md_block_size=64 for SHA256, which results on the magic constant kVarianceBlocks = 6. However, md_block_size=128 for SHA384 leading to kVarianceBlocks = 4. CLA:trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7342) (cherry picked from commit cb8164b05e3bad5586c2a109bbdbab1ad65a1a6f) | 18 October 2018, 22:32:44 UTC |
| a190ea8 | Viktor Dukhovni | 08 October 2018, 16:05:14 UTC | Apply self-imposed path length also to root CAs Also, some readers of the code find starting the count at 1 for EE cert confusing (since RFC5280 counts only non-self-issued intermediate CAs, but we also counted the leaf). Therefore, never count the EE cert, and adjust the path length comparison accordinly. This may be more clear to the reader. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit dc5831da59e9bfad61ba425d886a0b06ac160cd6) | 18 October 2018, 04:10:04 UTC |
| bb69239 | Viktor Dukhovni | 05 October 2018, 03:53:01 UTC | Only CA certificates can be self-issued At the bottom of https://tools.ietf.org/html/rfc5280#page-12 and top of https://tools.ietf.org/html/rfc5280#page-13 (last paragraph of above https://tools.ietf.org/html/rfc5280#section-3.3), we see: This specification covers two classes of certificates: CA certificates and end entity certificates. CA certificates may be further divided into three classes: cross-certificates, self-issued certificates, and self-signed certificates. Cross-certificates are CA certificates in which the issuer and subject are different entities. Cross-certificates describe a trust relationship between the two CAs. Self-issued certificates are CA certificates in which the issuer and subject are the same entity. Self-issued certificates are generated to support changes in policy or operations. Self- signed certificates are self-issued certificates where the digital signature may be verified by the public key bound into the certificate. Self-signed certificates are used to convey a public key for use to begin certification paths. End entity certificates are issued to subjects that are not authorized to issue certificates. that the term "self-issued" is only applicable to CAs, not end-entity certificates. In https://tools.ietf.org/html/rfc5280#section-4.2.1.9 the description of path length constraints says: The pathLenConstraint field is meaningful only if the cA boolean is asserted and the key usage extension, if present, asserts the keyCertSign bit (Section 4.2.1.3). In this case, it gives the maximum number of non-self-issued intermediate certificates that may follow this certificate in a valid certification path. (Note: The last certificate in the certification path is not an intermediate certificate, and is not included in this limit. Usually, the last certificate is an end entity certificate, but it can be a CA certificate.) This makes it clear that exclusion of self-issued certificates from the path length count applies only to some *intermediate* CA certificates. A leaf certificate whether it has identical issuer and subject or whether it is a CA or not is never part of the intermediate certificate count. The handling of all leaf certificates must be the same, in the case of our code to post-increment the path count by 1, so that we ultimately reach a non-self-issued intermediate it will be the first one (not zeroth) in the chain of intermediates. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit ed422a2d0196ada0f5c1b6e296f4a4e5ed69577f) | 18 October 2018, 04:10:03 UTC |
| 8710396 | Antoine Salon | 01 October 2018, 21:11:57 UTC | EVP module documentation pass Replace ECDH_KDF_X9_62() with internal ecdh_KDF_X9_63() Signed-off-by: Antoine Salon <asalon@vmware.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7345) (cherry picked from commit ffd89124bdfc9e69349492c3f15383bb35520a11) | 17 October 2018, 10:31:59 UTC |
| 135e806 | Dr. Matthias St. Pierre | 16 October 2018, 21:50:16 UTC | Fix: 'openssl ca' command crashes when used with 'rand_serial' option Commit ffb46830e2df introduced the 'rand_serial' option. When it is used, the 'serialfile' does not get initialized, i.e. it remains a NULL pointer. This causes a crash when the NULL pointer is passed to the rotate_serial() call. This commit fixes the crash and unifies the pointer checking before calling the rotate_serial() and save_serial() commands. Fixes #7412 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7417) (cherry picked from commit aeec793b4bee929cef8ae35ec4b5a783a6e1d7ed) | 17 October 2018, 10:04:17 UTC |
| 695bc60 | Richard Levitte | 15 October 2018, 15:38:26 UTC | Build file templates: look at *all* defines When looking at configured macro definitions, we must look at both what comes from the config target AND what comes from user configuration. Fixes #7396 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/7402) (cherry picked from commit 92ebf6c4c21ff4b41ba1fd69af74b2039e138114) | 17 October 2018, 08:58:10 UTC |
| 72a859c | Mansour Ahmadi | 15 October 2018, 19:11:24 UTC | Add a missing check on s->s3->tmp.pkey Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7405) (cherry picked from commit 61bef9bde09dc6099a7c59baa79898e3b003fec3) | 17 October 2018, 08:29:50 UTC |
| 391f76f | cclauss | 16 October 2018, 04:57:41 UTC | print() is a function in Python 3 CLA: trivial Discovered via #7410 @ https://travis-ci.org/openssl/openssl/jobs/442003489#L440 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7403) (cherry picked from commit 83e4533a71c5c78278e9763552a5e5f1806473ee) | 17 October 2018, 05:32:25 UTC |
| dbf0a49 | Dr. Matthias St. Pierre | 09 October 2018, 23:53:29 UTC | DRBG: fix reseeding via RAND_add()/RAND_seed() with large input In pull request #4328 the seeding of the DRBG via RAND_add()/RAND_seed() was implemented by buffering the data in a random pool where it is picked up later by the rand_drbg_get_entropy() callback. This buffer was limited to the size of 4096 bytes. When a larger input was added via RAND_add() or RAND_seed() to the DRBG, the reseeding failed, but the error returned by the DRBG was ignored by the two calling functions, which both don't return an error code. As a consequence, the data provided by the application was effectively ignored. This commit fixes the problem by a more efficient implementation which does not copy the data in memory and by raising the buffer the size limit to INT32_MAX (2 gigabytes). This is less than the NIST limit of 2^35 bits but it was chosen intentionally to avoid platform dependent problems like integer sizes and/or signed/unsigned conversion. Additionally, the DRBG is now less permissive on errors: In addition to pushing a message to the openssl error stack, it enters the error state, which forces a reinstantiation on next call. Thanks go to Dr. Falko Strenzke for reporting this issue to the openssl-security mailing list. After internal discussion the issue has been categorized as not being security relevant, because the DRBG reseeds automatically and is fully functional even without additional randomness provided by the application. Fixes #7381 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7382) (cherry picked from commit 3064b55134434a0b2850f07eff57120f35bb269a) | 16 October 2018, 20:32:42 UTC |
| 26d97bf | Matt Caswell | 08 October 2018, 11:16:22 UTC | Fix no-engine Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7365) (cherry picked from commit 5f9f67b9d494e26941aa8d66d28a6a993c557643) | 15 October 2018, 23:36:47 UTC |
| 84eb73e | Pauli | 07 October 2018, 21:23:44 UTC | Indentation fixes. The PR #7329 left some indentation slightly off. This fixes it. Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7360) (cherry picked from commit 5b639d4cb3b9a33536e2ebadf6a03149ea26ba32) | 15 October 2018, 23:35:19 UTC |
| 9044cb0 | Mykola Baibuz | 07 October 2018, 21:14:08 UTC | Remove useless check. Hash can be longer than EC group degree and it will be truncated. CLA: trivial Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7329) (cherry picked from commit b770a80f6d0b08659cd03f26388b45512adb84f3) | 15 October 2018, 23:34:09 UTC |
| 4ccb641 | Matt Caswell | 24 September 2018, 11:00:10 UTC | Fix no-psk Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7306) (cherry picked from commit 734af93a278a7a06710167219e1f05e525c9dd49) | 15 October 2018, 14:23:52 UTC |
| 89b0402 | Matt Caswell | 24 September 2018, 11:20:45 UTC | Fix no-tls1_2 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7308) (cherry picked from commit 7f1d923aa9dc55dd23a7741e4341ec421c683941) | 15 October 2018, 14:18:28 UTC |
| 3924d69 | Mykola Baibuz | 11 October 2018, 04:07:26 UTC | Safer memory cleanup in (crypto/rsa/rsa_lib.c) We don't need to use secure clean for public key. CLA: trivial Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7363) (cherry picked from commit c033101db39c93cf41d80dfee4357f2617ede1a0) | 13 October 2018, 13:19:24 UTC |
| 2b03114 | Tomas Mraz | 09 October 2018, 16:37:10 UTC | Fix copy&paste error found in Coverity scan Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7377) (cherry picked from commit 628ee796389b555ddb5fc28355e16e9417ab1724) | 13 October 2018, 03:43:23 UTC |
| a9e4192 | Andy Polyakov | 05 September 2018, 12:33:21 UTC | rsa/rsa_ossl.c: fix and extend commentary [skip ci]. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7123) (cherry picked from commit d1c008f66bad435b18aa45aa59f72bed7c682849) | 12 October 2018, 20:28:52 UTC |
| 7055086 | Andy Polyakov | 02 September 2018, 11:07:58 UTC | ssl/s3_enc.c: fix logical errors in ssl3_final_finish_mac. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7085) (cherry picked from commit 7d0effeacbb50b12bfc24df7614d7cf5c8686f51) | 12 October 2018, 19:04:49 UTC |
| 7ed9ad1 | Andy Polyakov | 17 September 2018, 10:36:37 UTC | sha/asm/keccak1600-s390x.pl: resolve -march=z900 portability issue. Negative displacement in memory references was not originally specified, so that for maximum coverage one should abstain from it, just like with any other extension. [Unless it's guarded by run-time switch, but there is no switch in keccak1600-s390x.] Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7239) (cherry picked from commit fc97c882f443060dffd8eb56a6b8784e52096c86) | 12 October 2018, 18:53:57 UTC |
| ed5108a | Matt Caswell | 11 October 2018, 10:59:57 UTC | Fix a typo in a macro Fixes #7385 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7385) (cherry picked from commit 990fe909949a58398b3a0cbbdc52b9bbb9cefaa0) | 12 October 2018, 08:49:45 UTC |
| a53561e | Paul Yang | 08 October 2018, 08:36:49 UTC | Fix compiling warnings in example code The example code in EVP_DigestInit.pod generates warnings if users try to compile it. [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7362) (cherry picked from commit 19ac1bf2de07214ee7ee6d2e118fa3aa8e5850f3) | 11 October 2018, 03:22:14 UTC |
| 7f0e220 | FdaSilvaYY | 15 September 2017, 19:14:34 UTC | crypto/rand: fix some style nit's Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7378) (cherry picked from commit c2e33a05b1eb9dda988aebdeaa529973d7c22142) | 10 October 2018, 12:02:45 UTC |
| b99f047 | Dr. Matthias St. Pierre | 10 October 2018, 00:31:37 UTC | rand_unix.c: fix --with-rand-seed=none build Fixes a compiler warning about an unused syscall_random() and cleans up the OPENSSL_RAND_SEED preprocessor logic. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/779) (cherry picked from commit d90e128be6e584d319931c78cb8f8f68d17b6a34) | 10 October 2018, 10:40:52 UTC |
| 8848b14 | Paul Yang | 08 October 2018, 09:04:14 UTC | Fix a nit of copyright date range Should be 2018 instead of 20018. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7364) | 10 October 2018, 01:51:03 UTC |
| a7ee1ef | Benjamin Kaduk | 04 October 2018, 18:49:21 UTC | apps: allow empty attribute values with -subj Historically (i.e., OpenSSL 1.0.x), the openssl applications would allow for empty subject attributes to be passed via the -subj argument, e.g., `opensl req -subj '/CN=joe/O=/OU=local' ...`. Commit db4c08f0194d58c6192f0d8311bf3f20e251cf4f applied a badly needed rewrite to the parse_name() helper function that parses these strings, but in the process dropped a check that would skip attributes with no associated value. As a result, such strings are now treated as hard errors and the operation fails. Restore the check to skip empty attribute values and restore the historical behavior. Document the behavior for empty subject attribute values in the corresponding applications' manual pages. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7349) (cherry picked from commit 3d362f190306b62a17aa2fd475b2bc8b3faa8142) | 08 October 2018, 21:41:33 UTC |
| 521738e | Ԝеѕ | 05 October 2018, 18:58:30 UTC | Cleanup typos and grammar in DES_random_key.pod CLA: trivial Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7356) (cherry picked from commit 4fef4981f8cc614559b86a06532b0eeac6ffd0d9) | 08 October 2018, 07:10:26 UTC |
| e9a4fb4 | Richard Levitte | 24 September 2018, 10:18:31 UTC | /dev/crypto engine: give CIOCFSESSION the actual sess-id We passed that ioctl a pointer to the whole session_op structure, which wasn't quite right. Notified by David Legault. Fixes #7302 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/7304) (cherry picked from commit 470096e576941566fd094f2fd793dc2948804ea8) | 05 October 2018, 19:55:38 UTC |
| 5e130ae | Dr. Matthias St. Pierre | 04 October 2018, 23:05:54 UTC | test/secmemtest: test secure memory only if it is implemented Fixes #7322 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7351) (cherry picked from commit 8529b156421805415bc7b17758255394de580c61) | 05 October 2018, 10:23:34 UTC |
| c11c280 | Matt Caswell | 03 October 2018, 14:29:47 UTC | Extend the BIO callback tests to check the return value semantics Check that different return values passed to the BIO callback are correctly handled. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7344) (cherry picked from commit 52d78cc5ebc1d4fc021cabbcb09f4efb4c6ae82d) | 04 October 2018, 13:20:27 UTC |
| 9089352 | Matt Caswell | 03 October 2018, 14:27:31 UTC | Fix the BIO callback return code handling The BIO callback handling incorrectly wrote over the return code passed to the callback, meaning that an incorrect result was (eventually) returned to the caller. Fixes #7343 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7344) (cherry picked from commit d97ce8d9a0619c1d9d1222dc1b44dbebb58dd966) | 04 October 2018, 13:20:27 UTC |
| 236119c | Richard Levitte | 30 September 2018, 00:18:47 UTC | Clean out aliases in include/openssl/symhacks.h Only a few clashing ones remain Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7331) (cherry picked from commit b44882a0bd0717e0aab84f5dc3ef81ab673155e9) | 04 October 2018, 07:59:00 UTC |
| 6babfb2 | Richard Levitte | 29 September 2018, 23:59:11 UTC | Small cleanup (util/mkdef.pl, crypto/bio/bss_log.c, include/openssl/ocsp.h) BIO_s_log() is declared for everyone, so should return NULL when not actually implemented. Also, it had explicit platform limitations in util/mkdef.pl that didn't correspond to what was actually in code. While at it, a few other hard coded things that have lost their relevance were removed. include/openssl/ocsp.h had a few duplicate declarations. Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7331) (cherry picked from commit 7e09c5eaa57295f87453286ffe25277c2f2bc73f) | 04 October 2018, 07:59:00 UTC |
| acb0367 | Matt Caswell | 01 October 2018, 12:16:55 UTC | Fix some Coverity warnings Check some return values on some functions. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7335) (cherry picked from commit 434893af2bd4c1fa72655f8e5262c8a432713968) | 02 October 2018, 09:58:05 UTC |
| cb853a6 | Matt Caswell | 01 October 2018, 11:06:06 UTC | Fix a mem leak in the ocsp app Free memory allocated in the parent process that is not needed in the child. We also free it in the parent. Technically this isn't really required since we end up calling exit() soon afterwards - but to prevent false positives we free it anyway. Fixes a Coverity issue. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7335) (cherry picked from commit c20a76f695922f409c316399f7290530f7728f19) | 02 October 2018, 09:58:05 UTC |
| a2516f0 | Antoine Salon | 26 September 2018, 08:56:05 UTC | Add missing cipher aliases to openssl(1) And references to other manpages are also added in openssl(1). Signed-off-by: Antoine Salon <asalon@vmware.com> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7314) | 26 September 2018, 08:59:35 UTC |
| 5224df0 | James Callahan | 23 August 2018, 02:12:05 UTC | doc/man3/SSL_set_bio.pod: Fix wrong function name in return values section Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7035) | 26 September 2018, 03:34:42 UTC |
| 37e9944 | Antoine Salon | 17 September 2018, 22:42:19 UTC | Update enc(1) examples to more recent ciphers and key derivation algorithms Signed-off-by: Antoine Salon <asalon@vmware.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7248) (cherry picked from commit eadde90bff01a6755399a4e1f6a3e4a9ed0fd61d) | 25 September 2018, 18:20:36 UTC |
| 3ac2549 | Bernd Edlinger | 23 September 2018, 07:20:54 UTC | Reduce stack usage in tls13_hkdf_expand Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7297) (cherry picked from commit ec0c5f5693e39c5a013f81e6dd9dfd09ec65162d) | 24 September 2018, 14:01:48 UTC |
| 23fca6c | Daniel Bevenius | 24 September 2018, 06:43:35 UTC | Document OPENSSL_VERSION_TEXT macro This commit documents the OPENSSL_VERSION_TEXT which is currently missing in the man page. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7301) (cherry picked from commit 7c69495712e3dc9aa8db38271f0c3faeb2037165) | 24 September 2018, 10:01:56 UTC |
| 79c2c74 | Pauli | 24 September 2018, 01:21:18 UTC | Use secure_getenv(3) when available. Change all calls to getenv() inside libcrypto to use a new wrapper function that use secure_getenv() if available and an issetugid then getenv if not. CPU processor override flags are unchanged. Extra checks for OPENSSL_issetugid() have been removed in favour of the safe getenv. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7047) (cherry picked from commit 5c39a55d04ea6e6f734b627a050b9e702788d50d) | 24 September 2018, 01:22:22 UTC |
| 1fd6afb | Bernd Edlinger | 13 September 2018, 16:25:37 UTC | Create the .rnd file it it does not exist It's a bit annoying, since some commands try to read a .rnd file, and print an error message if the file does not exist. But previously a .rnd file was created on exit, and that does no longer happen. Fixed by continuing in app_RAND_load_conf regardless of the error in RAND_load_file. If the random number generator is still not initalized on exit, the function RAND_write_file will fail and no .rnd file would be created. Remove RANDFILE from openssl.cnf Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/7217) (cherry picked from commit 0f58220973a02248ca5c69db59e615378467b9c8) | 23 September 2018, 06:29:37 UTC |
| c257f61 | agnosticdev | 20 September 2018, 10:23:27 UTC | typo-fixes: miscellaneous typo fixes Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7277) (cherry picked from commit 46d085096c6ead624c61e4b8b301421301511e64) | 21 September 2018, 21:59:02 UTC |
| 11e1807 | Matt Caswell | 19 September 2018, 09:09:39 UTC | Fix the max psk len for TLSv1.3 If using an old style TLSv1.2 PSK callback then the maximum possible PSK len is PSK_MAX_PSK_LEN (256) - not 64. Fixes #7261 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7267) (cherry picked from commit f39a02c68abc8936db24499cb3cfcba206a2e7eb) | 21 September 2018, 16:56:57 UTC |
| aff58ee | Matt Caswell | 19 September 2018, 13:51:49 UTC | Add a test for the certificate callback Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/7257) (cherry picked from commit cd6fe29f5bad1a350a039673e06f83ec7a7ef619) | 21 September 2018, 16:44:37 UTC |
| ec6788f | Matt Caswell | 18 September 2018, 16:45:39 UTC | Delay setting the sig algs until after the cert_cb has been called Otherwise the sig algs are reset if SSL_set_SSL_CTX() gets called. Fixes #7244 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/7257) (cherry picked from commit 524006dd1b80c1a86a20119ad988666a80d8d8f5) | 21 September 2018, 16:44:37 UTC |
| 4ccd6c5 | Richard Levitte | 21 September 2018, 09:11:15 UTC | crypto/bn/asm/x86_64-gcc.c: remove unnecessary redefinition of BN_ULONG This module includes bn.h via other headers, so it picks up the definition from there and doesn't need to define them locally (any more?). Worst case scenario, the redefinition may be different and cause all sorts of compile errors. Fixes #7227 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7287) (cherry picked from commit dda5396aaec315bdbcb080e42fb5cd0191f2ad72) | 21 September 2018, 09:35:14 UTC |
| baa5cda | Richard Levitte | 20 September 2018, 13:33:21 UTC | /dev/crypto engine: add missing RC4 parameter Fixes #7280 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7281) (cherry picked from commit f52f2c1ae8f2ec378c5a20fb4104aa38edbabfcb) | 20 September 2018, 20:02:43 UTC |
| ea94f19 | Paul Yang | 20 September 2018, 09:04:15 UTC | Add some missing ciphers in 'enc' document The original issue is #7273 and this commit fixes part of that issue. [skip ci] Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7275) | 20 September 2018, 15:42:32 UTC |
| a2a9f88 | Richard Levitte | 12 September 2018, 00:38:22 UTC | util/mkdef.pl, util/add-depends.pl: don't lowercase file names It turns out to be detrimental on some file systems that may or may not be case sensitive (such as NTFS, which has a case sensitive mode). Fixes #7172 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7172) (cherry picked from commit d3c72e392ab72d418ea5147857701a8730def3fd) | 20 September 2018, 11:44:53 UTC |
| 226e6a2 | Richard Levitte | 19 September 2018, 19:33:45 UTC | crypto/ui/ui_openssl.c: make sure to recognise ENXIO and EIO too These both indicate that the file descriptor we're trying to use as a terminal isn't, in fact, a terminal. Fixes #7271 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7272) (cherry picked from commit 276bf8620ce35a613c856f2b70348f65ffe94067) | 20 September 2018, 04:40:52 UTC |
| 1766493 | Benjamin Kaduk | 19 September 2018, 14:02:04 UTC | Reset TLS 1.3 ciphers in SSL_CTX_set_ssl_version() Historically SSL_CTX_set_ssl_version() has reset the cipher list to the default. Splitting TLS 1.3 ciphers to be tracked separately caused a behavior change, in that TLS 1.3 cipher configuration was preserved across calls to SSL_CTX_set_ssl_version(). To restore commensurate behavior with the historical behavior, set the ciphersuites to the default as well as setting the cipher list to the default. Closes: #7226 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7270) (cherry picked from commit 2340ed277b7c5365e83a32eb7d5fa32c4071fb21) | 19 September 2018, 22:02:36 UTC |
| f560ff6 | Dr. Matthias St. Pierre | 18 September 2018, 05:56:27 UTC | ssl/ssl_ciph.c: make set_ciphersuites static Fixes #7252 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7253) (cherry picked from commit f9a22815f386dbe7a13822f0ac3629ae8521cd76) | 18 September 2018, 07:33:09 UTC |
| cfacc73 | Tobias Nießen | 14 September 2018, 19:43:12 UTC | Trivial test improvements This commit reuses a variable instead of reevaluating the expression and updates an outdated comment in the EVP test. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7242) (cherry picked from commit 523fcfb4c081ec346f117fd493103ddcd521e431) | 18 September 2018, 07:26:07 UTC |
| 66228d5 | David Makepeace | 17 September 2018, 03:46:08 UTC | Fixed typos in hkdf documentation. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7236) (cherry picked from commit d474100af0827d9ba87f3bb25a34867244552df5) | 17 September 2018, 22:50:39 UTC |
| d2d3b5d | Pauli | 17 September 2018, 00:40:32 UTC | Add missing include file. Specifically, include e_os.h to pick up alloca definition for WIN32. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7234) (cherry picked from commit a825856ab719b0fcce229faad2b437fc88985251) | 17 September 2018, 02:54:20 UTC |
| 2490756 | Pauli | 16 September 2018, 21:47:42 UTC | Use 'i' as parameter name not 'I'. The latter causes problems when complex.h is #included. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7233) (cherry picked from commit 972f67889b5a10c33dbc3d500cfa65b544e68b46) | 16 September 2018, 23:53:15 UTC |
| 4978ecb | Pauli | 16 September 2018, 22:09:25 UTC | Add a compile time test to verify that openssl/rsa.h and complex.h can coexist. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7233) (cherry picked from commit da5fac72b1cba5651b871902eea234e693cf01e5) | 16 September 2018, 23:44:45 UTC |
| 9b977af | Matt Eaton | 14 September 2018, 02:11:14 UTC | Update RAND_DRBG.pod Fixed a minor typo while reading the documentation. I agree that this contribution is trivial can be freely used. CLA: trivial Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/7221) | 16 September 2018, 23:00:19 UTC |
| 00f561a | Kurt Roeckx | 11 September 2018, 21:39:25 UTC | Improve SSL_shutdown() documentation Reviewed-by: Ben Kaduk <kaduk@mit.edu> GH: #7188 (cherry picked from commit 8e593f0a0dbcb3193548ced3c2e78fbbd201b2db) | 16 September 2018, 11:43:17 UTC |
| d6d6aa3 | Richard Levitte | 15 September 2018, 12:59:06 UTC | VMS: only use the high precision on VMS v8.4 and up It simply isn't available on older versions. Issue submitted by Mark Daniels Fixes #7229 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7230) | 15 September 2018, 12:59:06 UTC |
| 2ccfcbf | Paul Yang | 13 September 2018, 02:17:14 UTC | Make some return checks consistent with others Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7209) | 13 September 2018, 14:23:18 UTC |
| 7686443 | Matt Caswell | 12 September 2018, 16:11:10 UTC | Don't allow -early_data with other options where it doesn't work -early_data is not compatible with -www, -WWW, -HTTP or -rev. Fixes #7200 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7206) (cherry picked from commit 6ef40f1fc08f0c4ffb08438d63eed83eae7eb2b8) | 13 September 2018, 09:10:13 UTC |
| 3e9a0eb | Matt Caswell | 12 September 2018, 15:49:19 UTC | Add an explicit cast to time_t Caused a compilation failure in some environments Fixes #7204 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7205) (cherry picked from commit bc278f30f0b766bfb82426c641dc1d51ace4a994) | 13 September 2018, 08:07:51 UTC |
| b262a00 | Dr. Matthias St. Pierre | 11 September 2018, 22:37:15 UTC | Replace the public RAND_DRBG_USED_FLAGS #define by an internal constant The new DRBG API added the aforementioned #define. However, it is used internally only and having it defined publicly does not serve any purpose except causing potential version compatibility problems. Fixes #7182 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7190) (cherry picked from commit c402e943cd0d748ca2a74a37caeccdfc59ce2870) | 12 September 2018, 21:48:18 UTC |
| 5538ba9 | Bernd Edlinger | 11 September 2018, 09:44:13 UTC | Fix a possible recursion in SSLfatal handling Fixes: #7161 (hopefully) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7175) (cherry picked from commit 6839a7a7f4973a3fc2f87b12664c26d524bef1f4) | 12 September 2018, 12:47:54 UTC |
| 18ef2db | Brian 'geeknik' Carpenter | 12 September 2018, 06:24:00 UTC | Update README.md Fixes a minor typo that would cause the linker to complain about not finding -lFuzzer CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7197) (cherry picked from commit 8e8fe187f1559a7fc9f50cc4af7f880273a4eea2) | 12 September 2018, 11:22:42 UTC |
| f8e1c19 | Viktor Szakats | 11 September 2018, 22:34:00 UTC | minor fixes for Windows - fix to use secure URL in generated Windows resources - fix a potentially uninitialized variable - fix an unused variable warning CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7189) | 12 September 2018, 07:18:25 UTC |
| 6258e24 | Richard Levitte | 12 September 2018, 00:06:26 UTC | crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined Fixes #7186 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7193) (cherry picked from commit 88ea3685e4bf30fc529fe46e19effc6317726de8) | 12 September 2018, 00:12:31 UTC |
| fc4e1ab | Matt Caswell | 11 September 2018, 12:49:46 UTC | Prepare for 1.1.1a-dev Reviewed-by: Richard Levitte <levitte@openssl.org> | 11 September 2018, 12:49:46 UTC |
| 1708e3e | Matt Caswell | 11 September 2018, 12:48:18 UTC | Prepare for 1.1.1 release Reviewed-by: Richard Levitte <levitte@openssl.org> | 11 September 2018, 12:48:18 UTC |
| 1212818 | Matt Caswell | 11 September 2018, 12:22:14 UTC | Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7176) | 11 September 2018, 12:45:17 UTC |
| 37f4928 | Richard Levitte | 11 September 2018, 09:00:30 UTC | CAPI engine: add support for RSA_NO_PADDING Since the SSL code started using RSA_NO_PADDING, the CAPI engine became unusable. This change fixes that. Fixes #7131 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7174) | 11 September 2018, 09:27:46 UTC |
| 512d811 | Matt Caswell | 10 September 2018, 15:23:14 UTC | Check the return value from ASN1_INTEGER_set Found by Coverity Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7169) | 10 September 2018, 16:33:02 UTC |
| d689f31 | Matt Caswell | 10 September 2018, 15:53:17 UTC | Validate the SM2 digest len before use Fixes a Coverity complaint. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7170) | 10 September 2018, 16:28:33 UTC |
| 52307f9 | Matt Caswell | 10 September 2018, 15:03:14 UTC | Don't cast an int * to a size_t * If sizeof(int) != sizeof(size_t) this may not work correctly. Fixes a Coverity issue. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7168) | 10 September 2018, 16:23:36 UTC |
| 6ccfc8f | Matt Caswell | 10 September 2018, 13:44:04 UTC | More updates to CHANGES and NEWS for the 1.1.1 release Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7167) | 10 September 2018, 16:05:29 UTC |
| 3f8b623 | Matt Caswell | 10 September 2018, 10:51:30 UTC | Updates NEWS for the 1.1.1 release Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7164) | 10 September 2018, 12:59:46 UTC |
| 7a8f6ca | Matt Caswell | 10 September 2018, 10:33:40 UTC | Update the pyca-cryptography submodule Hopefully this will resolve spurious travis failures. [extended tests] Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7163) | 10 September 2018, 11:04:03 UTC |
| a9ea8d4 | Paul Yang | 10 September 2018, 05:42:00 UTC | Add a sentence in CHANGES to note SM2 support Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7160) | 10 September 2018, 10:16:41 UTC |
| 35db366 | Dr. Matthias St. Pierre | 09 September 2018, 22:20:12 UTC | test/evp_extra_test.c: fix null pointer dereference It's actually not a real issue but caused by the absence of the default case which does not occur in reality but which makes coverity see a code path where pkey remains unassigned. Reported by Coverity Scan (CID 1423323) [extended tests] Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7158) | 10 September 2018, 10:11:43 UTC |
| 427e91d | Dr. Matthias St. Pierre | 09 September 2018, 14:33:12 UTC | crypto/rsa/rsa_pss.c: silence coverity warning Reported by Coverity Scan (CID 1439138) [extended tests] Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7156) | 10 September 2018, 10:03:50 UTC |
| 9ba9d81 | Dr. Matthias St. Pierre | 09 September 2018, 14:19:19 UTC | test/dhtest.c: fix resource leak Reported by Coverity Scan (CID 1439136) [extended tests] Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7155) | 10 September 2018, 09:32:33 UTC |
| ca89174 | Richard Levitte | 06 September 2018, 20:09:11 UTC | ASN.1 DER: Make INT32 / INT64 types read badly encoded LONG zeroes The deprecated ASN.1 type LONG / ZLONG (incorrectly) produced zero length INTEGER encoding for zeroes. For the sake of backward compatibility, we allow those to be read without fault when using the replacement types INT32 / UINT32 / INT64 / UINT64. Fixes #7134 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7144) | 09 September 2018, 01:39:37 UTC |
| c2278c8 | Richard Levitte | 08 September 2018, 08:09:32 UTC | TESTS: add test of decoding of invalid zero length ASN.1 INTEGER zero Confirms #7134 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7153) | 09 September 2018, 01:35:26 UTC |
| d74f23d | Richard Levitte | 06 September 2018, 20:52:38 UTC | SipHash: add separate setter for the hash size This was originally part of SipHash_Init. However, there are cases where there isn't any key material to initialize from when setting the hash size, and we do allow doing so with a EVP_PKEY control. The solution is to provide a separate hash_size setter and to use it in the corresponding EVP_PKEY_METHOD. Fixes #7143 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7145) | 08 September 2018, 23:47:56 UTC |
| 2725232 | Richard Levitte | 08 September 2018, 21:19:39 UTC | TESTS: add SipHash tests with digestsize controls Confirms #7143 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7154) | 08 September 2018, 23:47:56 UTC |
| d012352 | Richard Levitte | 08 September 2018, 21:19:06 UTC | SipHash: make it possible to control the hash size through string controls Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7154) | 08 September 2018, 23:47:56 UTC |
