Skip to main content
swh:1:snp:dc2a5002442a00b1c0eda7c65d04ea7455e166cd
sort by:
RevisionAuthorDateMessageCommit Date
97c0959 Matt Caswell14 August 2018, 12:45:05 UTCPrepare for 1.1.0i release Reviewed-by: Richard Levitte <levitte@openssl.org>14 August 2018, 12:45:05 UTC
6244f53 Matt Caswell14 August 2018, 12:25:55 UTCUpdate copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6954)14 August 2018, 12:37:41 UTC
825dbd0 Matt Caswell14 August 2018, 09:39:19 UTCUpdates to CHANGES and NEWS for the new release Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6950)14 August 2018, 09:57:00 UTC
cc08075 Andy Polyakov27 June 2018, 09:57:45 UTCcrypto/o_fopen.c: alias fopen to fopen64. Originally fopen(3) was called from bio/bss_file.c, which performed the aliasing. Then fopen(3) was moved to o_fopen.c, while "magic" definition was left behind. It's still useful on 32-bit platforms, so pull it to o_fopen.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6596) (cherry picked from commit 2369111fd94ebc9b7d37e68f3ea9629f2fe5fa2e)13 August 2018, 19:38:16 UTC
6114041 Richard Levitte11 August 2018, 07:59:20 UTCi2d_ASN1_OBJECT(): allocate memory if the user didn't provide a buffer Since 0.9.7, all i2d_ functions were documented to allocate an output buffer if the user didn't provide one, under these conditions (from the 1.0.2 documentation): For OpenSSL 0.9.7 and later if B<*out> is B<NULL> memory will be allocated for a buffer and the encoded data written to it. In this case B<*out> is not incremented and it points to the start of the data just written. i2d_ASN1_OBJECT was found not to do this, and would crash if a NULL output buffer was provided. Fixes #6914 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6918) (cherry picked from commit cba024dc685d13dbcbd0577bed028ee6b295b56a)11 August 2018, 10:33:19 UTC
9553d96 Andy Polyakov29 July 2018, 12:37:17 UTCx509v3/v3_purp.c: re-implement lock-free check for extensions cache validity. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6891) (back-ported from commit f21b5b64cbbc279ef31389e6ae312690575187da)10 August 2018, 19:53:05 UTC
80158ae Andy Polyakov29 July 2018, 12:13:32 UTCx509v3/v3_purp.c: resolve Thread Sanitizer nit. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6891) (cherry picked from commit 0da7358b0757fa35f2c3a8f51fa036466ae50fd7)10 August 2018, 19:52:38 UTC
a0f443a Rich Salz07 August 2018, 19:28:59 UTCIncrease CT_NUMBER values Also add build-time errors to keep them in sync. Thanks to GitHub user YuDudysheva for reporting this. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6874) (cherry picked from commit b5ee517794cf546dc7e3d5a82b400955a7381053)07 August 2018, 19:55:01 UTC
f48e0ef Rich Salz07 August 2018, 19:08:03 UTCFix setting of ssl_strings_inited. Thanks to GitHub user zsergey105 for reporting this. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6875) (cherry picked from commit 10281e83eac0fb96de3f14855154197aa33bb800)07 August 2018, 19:19:42 UTC
32096fd Richard Levitte07 August 2018, 10:38:16 UTCCheck early that the config target exists and isn't a template Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6885) (cherry picked from commit 4e360445473c3da938703a8142a36cf6ee86a191)07 August 2018, 15:22:55 UTC
29cbeb9 Richard Levitte07 August 2018, 02:55:47 UTCMake EVP_PKEY_asn1_new() stricter with its input Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6880) (cherry picked from commit 38eca7fed09a57c1b7a05d651af2c667b3e87719)07 August 2018, 05:56:19 UTC
831a2b0 Bernd Edlinger02 August 2018, 17:47:42 UTCFix uninitialized value $s warning in windows static builds Fixes: #6826 [extended tests] Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/pr6849)06 August 2018, 14:51:01 UTC
f96d3c1 Pauli05 August 2018, 21:31:49 UTCAvoid errors when loading a cert multiple times. Manual backport of #2830 to 1.1.0 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6861)05 August 2018, 21:36:08 UTC
e0a79ae Rich Salz03 August 2018, 22:03:22 UTCUse auto-null-initializer Thanks to GitHub user YuDudysheva for reporting this. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6853)03 August 2018, 22:03:22 UTC
c700d1f Andy Polyakov02 August 2018, 07:02:47 UTCasn1/tasn_utl.c: fix logical error in asn1_do_lock. CRYPTO_atomic_add was assumed to return negative value on error, while it returns 0. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6843)03 August 2018, 07:01:08 UTC
4e7ade9 Andy Polyakov02 August 2018, 06:59:48 UTCRevert "asn1/tasn_utl.c: fix logical error in and overhaul asn1_do_lock." This reverts commit 24233a0f3c491919ee3a38e2567271ccc041ee1d. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6843)03 August 2018, 07:00:11 UTC
24233a0 Andy Polyakov31 July 2018, 12:59:14 UTCasn1/tasn_utl.c: fix logical error in and overhaul asn1_do_lock. CRYPTO_atomic_add was assumed to return negative value on error, while it returns 0. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 680b9d45b005c2d0a48fd574db903bf4486b49ae)01 August 2018, 14:09:25 UTC
c0cc23a Pauli31 July 2018, 03:11:00 UTCCheck return from BN_sub Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6823) (cherry picked from commit 3d3cbce550ff5d6172cf28dbbf80bda93f6577a9)31 July 2018, 04:50:55 UTC
35fa31c Pauli31 July 2018, 01:37:05 UTCCheck conversion return in ASN1_INTEGER_print_bio. Also streamline the code by relying on ASN1_INTEGER_to_BN to allocate the BN instead of doing it separately. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6821) (cherry picked from commit 35c9408108f3608eb572acd7f64a93cf4f43f4f6)31 July 2018, 03:18:52 UTC
34515e8 Bryan Donlan17 July 2018, 20:38:17 UTCRemove DSA digest length checks when no digest is passed FIPS 186-4 does not specify a hard requirement on DSA digest lengths, and in any case the current check rejects the FIPS recommended digest lengths for key sizes != 1024 bits. Fixes: #6748 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6749) (cherry picked from commit 665d9d1c0655d6f709c99e1211c1e11fcebfeecd)29 July 2018, 19:28:48 UTC
3c0addb Andy Polyakov20 July 2018, 11:23:42 UTCcrypto/init.c: use destructor_key even as guard in OPENSSL_thread_stop. Problem was that Windows threads that were terminating before libcrypto was initialized were referencing uninitialized or possibly even unrelated thread local storage index. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6799) (cherry picked from commit 80ae7285e1994d35c84519bf9e038b11d9942875) Resolved conflicts: crypto/init.c29 July 2018, 19:08:33 UTC
8111628 Andy Polyakov20 July 2018, 11:15:48 UTCcrypto/cryptlib.c: make OPENSS_cpuid_setup safe to use as constructor. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6799) (cherry picked from commit b86d57bb0b23253c720db38ab18ca97cb888f701) Resolved conflicts: crypto/cryptlib.c29 July 2018, 19:06:48 UTC
9da6f31 Andy Polyakov26 July 2018, 12:38:53 UTCCHANGES: mention blinding reverting in ECDSA. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6796)27 July 2018, 12:50:35 UTC
ed04bcf Andy Polyakov25 July 2018, 08:29:51 UTCbn/bn_mod.c: harmonize BN_mod_add_quick with original implementation. New implementation failed to correctly reset r->neg flag. Spotted by OSSFuzz. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6796) (cherry picked from commit 70a579ae2f37437a1e02331eeaa84e1b68ba021e)27 July 2018, 12:50:24 UTC
e1c495d Andy Polyakov12 July 2018, 20:27:43 UTCec/ecdsa_ossl.c: switch to fixed-length Montgomery multiplication. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6796) (cherry picked from commit 37132c9702328940a99b1307f742ab094ef754a7)27 July 2018, 12:50:16 UTC
63ad271 Andy Polyakov06 July 2018, 14:13:29 UTCec/ecdsa_ossl.c: formatting and readability fixes. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6796) (cherry picked from commit fff7a0dcf6e3135c7f93e6cb5fb35e37dd0b384d)27 July 2018, 12:50:08 UTC
6040bd3 Andy Polyakov06 July 2018, 13:55:34 UTCec/ecdsa_ossl.c: revert blinding in ECDSA signature. Originally suggested solution for "Return Of the Hidden Number Problem" is arguably too expensive. While it has marginal impact on slower curves, none to ~6%, optimized implementations suffer real penalties. Most notably sign with P-256 went more than 2 times[!] slower. Instead, just implement constant-time BN_mod_add_quick. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6796) (cherry picked from commit 3fc7a9b96cbed0c3da6f53c08e34d8d0c982745f) Resolved conflicts: crypto/ec/ecdsa_ossl.c27 July 2018, 12:49:35 UTC
2f19065 Andy Polyakov06 July 2018, 13:13:15 UTCbn/bn_{mont|exp}.c: switch to zero-padded intermediate vectors. Note that exported functions maintain original behaviour, so that external callers won't observe difference. While internally we can now perform Montogomery multiplication on fixed-length vectors, fixed at modulus size. The new functions, bn_to_mont_fixed_top and bn_mul_mont_fixed_top, are declared in bn_int.h, because one can use them even outside bn, e.g. in RSA, DSA, ECDSA... Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6707) (cherry picked from commit 71883868ea5b33416ae8283bcc38dd2d97e5006b) Resolved conflicts: crypto/bn/bn_exp.c crypto/bn/bn_mont.c crypto/include/internal/bn_int.h26 July 2018, 12:19:30 UTC
b786289 Andy Polyakov06 July 2018, 13:02:29 UTCbn/bn_lib.c: add BN_FLG_FIXED_TOP flag. The new flag marks vectors that were not treated with bn_correct_top, in other words such vectors are permitted to be zero padded. For now it's BN_DEBUG-only flag, as initial use case for zero-padded vectors would be controlled Montgomery multiplication/exponentiation, not general purpose. For general purpose use another type might be more appropriate. Advantage of this suggestion is that it's possible to back-port it... bn/bn_div.c: fix memory sanitizer problem. bn/bn_sqr.c: harmonize with BN_mul. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6707) (cherry picked from commit 305b68f1a2b6d4d0aa07a6ab47ac372f067a40bb) Resolved conflicts: crypto/bn/bn_lcl.h26 July 2018, 12:19:06 UTC
616153f Kurt Roeckx26 July 2018, 09:10:24 UTCFix inconsistent use of bit vs bits Reviewed-by: Tim Hudson <tjh@openssl.org> GH: #6794 (cherry picked from commit b9e54e98066c1ff8adab5d68b6c114b14d2f74e5)26 July 2018, 09:28:24 UTC
707efcd Kurt Roeckx25 July 2018, 16:55:16 UTCMake number of Miller-Rabin tests for a prime tests depend on the security level of the prime The old numbers where all generated for an 80 bit security level. But the number should depend on security level you want to reach. For bigger primes we want a higher security level and so need to do more tests. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> GH: #6075 Fixes: #6012 (cherry picked from commit feac7a1c8be49fbcb76fcb721ec9f02fdd91030e)26 July 2018, 04:35:45 UTC
acaa6ae Kurt Roeckx25 April 2018, 19:47:20 UTCChange the number of Miller-Rabin test for DSA generation to 64 This changes the security level from 100 to 128 bit. We only have 1 define, this sets it to the highest level supported for DSA, and needed for keys larger than 3072 bit. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> GH: #6075 (cherry picked from commit 74ee379651fb2bb12c6f7eb9fa10e70be89ac7c8)26 July 2018, 04:29:20 UTC
e18da72 Rich Salz25 July 2018, 19:57:18 UTCCheck for failures, to avoid memory leak Thanks to Jiecheng Wu, Zuxing Gu for the report. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6791) (cherry picked from commit 037241bf046be8cfc7e9216959393dd20b06fc21)25 July 2018, 20:09:39 UTC
1de6818 Andy Polyakov20 July 2018, 11:19:11 UTCcrypto/cryptlib.c: resolve possible race in OPENSSL_isservice. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6752) (cherry picked from commit 9e4a1c3f65863b0175ddc534e232e63c4f82ea5c)25 July 2018, 14:49:51 UTC
793e7ea Andy Polyakov23 July 2018, 20:26:30 UTCapps/dsaparam.c: make dsaparam -C output strict-warnings-friendly. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit d6b50b6e2ebc0c198877b5c56ae0a54cb9036088)25 July 2018, 08:40:36 UTC
36e732b Richard Levitte24 July 2018, 19:46:55 UTCConfigure death handler: instead of printing directly, amend the message This is done by calling die again, just make sure to reset the __DIE__ handler first. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6776) (cherry picked from commit eb807d5383fd228a5c4cf9afc2fec487e0d22cee)24 July 2018, 20:15:29 UTC
f65389a Richard Levitte24 July 2018, 17:29:49 UTCConfigure death handler: remember to call original death handler Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6776) (cherry picked from commit 88accfe6dccf904fec5a17db4a59cd2c4c480382)24 July 2018, 20:15:28 UTC
64eae74 Richard Levitte24 July 2018, 17:29:06 UTCConfigure death handler: bail out early when run in eval block Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6776) (cherry picked from commit 1a6c30029802179ebe0ec1eedfdc9d78bb6dc4dd)24 July 2018, 20:15:28 UTC
bb8befc Richard Levitte24 July 2018, 08:45:05 UTCConfigure: print generic advice when dying On the same note, change the 'NASM not found' message to give specific advice on how to handle the failure. Fixes #6765 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6771) (cherry picked from commit 8937a4ed8ac3fd64be61e9ce7a16bccccf3d2273)24 July 2018, 14:31:58 UTC
eff1c8a Andy Polyakov18 July 2018, 13:22:07 UTCec/ecp_nistz256.c: fix ecp_nistz256_set_from_affine. ecp_nistz256_set_from_affine is called when application attempts to use custom generator, i.e. rarely. Even though it was wrong, it didn't affect point operations, they were just not as fast as expected. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6738) (cherry picked from commit 8fc4aeb9521270ac74b29ce7f569939b0b39e685)22 July 2018, 13:24:52 UTC
5c2bac9 Andy Polyakov18 July 2018, 13:14:44 UTCec/asm/ecp_nistz256-{!x86_64}.pl: fix scatter_w7 function. The ecp_nistz256_scatter_w7 function is called when application attempts to use custom generator, i.e. rarely. Even though non-x86_64 versions were wrong, it didn't affect point operations, they were just not as fast as expected. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6738) (cherry picked from commit 87a75b3e5c04a1696208c279f32d1114b862cfed)22 July 2018, 13:24:23 UTC
08a1d30 Andy Polyakov18 July 2018, 13:13:27 UTCbn/bn_intern.c: const-ify bn_set_{static}_words. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6738) (cherry picked from commit f40e0a342cbca8bb71d0fe3f19e1b4bfd853aff1)22 July 2018, 13:23:45 UTC
1ef7cb2 Andy Polyakov21 July 2018, 11:50:14 UTCapps/dsaparam.c: fix -C output. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6758) (cherry picked from commit 708c28f2f0598af6bccbeb60fb46086784aed7da)22 July 2018, 13:16:01 UTC
a0d893f Richard Levitte22 July 2018, 08:56:25 UTCConfigure: Display error/warning on deprecated/unsupported options after loop Fixes #6755 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6759) (cherry picked from commit ddbe700e93e34694519d303e1b4e4525184c9dad)22 July 2018, 09:07:39 UTC
46905cd Richard Levitte12 July 2018, 20:55:03 UTCPKCS12: change safeContentsBag from a SET OF to a SEQUENCE OF As per RFC 7292. Fixes #6665 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6708) (cherry picked from commit b709babbca0498cd2b05f543b09f57f4a670298e)22 July 2018, 09:02:39 UTC
821c3ba Andy Polyakov16 July 2018, 16:17:44 UTCbn/bn_lib.c address Coverity nit in bn2binpad. It was false positive, but one can as well view it as readability issue. Switch even to unsigned indices because % BN_BYTES takes 4-6 instructions with signed dividend vs. 1 (one) with unsigned. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 83e034379fa3f6f0d308ec75fbcb137e26154aec)18 July 2018, 14:05:26 UTC
0b139e4 Andy Polyakov04 February 2018, 14:24:54 UTCrsa/*: switch to BN_bn2binpad. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5254) (cherry picked from commit 582ad5d4d9b7703eb089016935133e3a18ea8205)14 July 2018, 11:40:37 UTC
75a67a0 Andy Polyakov04 February 2018, 14:20:29 UTCbn/bn_lib.c: make BN_bn2binpad computationally constant-time. "Computationally constant-time" means that it might still leak information about input's length, but only in cases when input is missing complete BN_ULONG limbs. But even then leak is possible only if attacker can observe memory access pattern with limb granularity. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5254) (cherry picked from commit 89d8aade5f4011ddeea7827f08ec544c914f275a)14 July 2018, 11:40:25 UTC
db9926f Alexandre Perrin13 July 2018, 08:32:42 UTCDocumentation typo fix in BN_bn2bin.pod Change the description for BN_hex2bn() so that it uses the same BIGNUM argument name as its prototype. CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6712)13 July 2018, 12:53:36 UTC
88af716 Andy Polyakov06 July 2018, 12:54:34 UTCbn/bn_mont.c: improve readability of post-condition code. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: David Benjamin <davidben@google.com> (Merged from https://github.com/openssl/openssl/pull/6662) (cherry picked from commit 6c90182a5f87af1a1e462536e7123ad2afb84c43)12 July 2018, 13:08:40 UTC
308447e Andy Polyakov06 July 2018, 11:46:07 UTCbn/bn_mont.c: move boundary condition check closer to caller. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: David Benjamin <davidben@google.com> (Merged from https://github.com/openssl/openssl/pull/6662) (cherry picked from commit 3c97e4121ecec20cfac433883cd4709580a05620)12 July 2018, 13:08:28 UTC
cc1fef6 Andy Polyakov06 July 2018, 11:16:40 UTCbn/bn_lib.c: remove bn_check_top from bn_expand2. Trouble is that addition is postponing expansion till carry is calculated, and if addition carries, top word can be zero, which triggers assertion in bn_check_top. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: David Benjamin <davidben@google.com> (Merged from https://github.com/openssl/openssl/pull/6662) (cherry picked from commit e42395e637c3507b80b25c7ed63236898822d2f1)12 July 2018, 13:08:16 UTC
dcb8333 Richard Levitte10 July 2018, 14:05:55 UTCAvoid __GNUC__ warnings when defining DECLARE_DEPRECATED We need to check that __GNUC__ is defined before trying to use it. This demands a slightly different way to define DECLARE_DEPRECATED. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6688)11 July 2018, 13:32:15 UTC
5c06c7d Richard Levitte11 July 2018, 09:05:15 UTCWindows: avoid using 'rem' in the nmake makefile To avoid the possibility that someone creates rem.exe, rem.bat or rem.cmd, simply don't use it. In the cases it was used, it was to avoid empty lines, but it turns out that nmake handles those fine, so no harm done. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/6686) (cherry picked from commit 1b6a0a261e22eb5a574bdb75da208817ffa2fbba)11 July 2018, 12:55:18 UTC
566e333 Richard Levitte10 July 2018, 12:12:33 UTCWindows: fix echo for nmake It seems that nmake first tries to run executables on its own, and only pass commands to cmd if that fails. That means it's possible to have nmake run something like 'echo.exe' when the builtin 'echo' command was expected, which might give us unexpected results. To get around this, we create our own echoing script and call it explicitly from the nmake makefile. Fixes #6670 Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/6686) (cherry picked from commit 9abce88b4b0055d6238a838aa00360152e185f02)11 July 2018, 12:53:54 UTC
356d634 Richard Levitte09 July 2018, 19:10:10 UTCutil/dofile.pl: require Text::Template 1.46 or newer The reason is that we override Text::Template::append_text_to_output(), and it didn't exist before Text::Template 1.46. Fixes #6641 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6682) (cherry picked from commit 4e351ca92e3a1f447cef3d2e330f13941f9412c6)10 July 2018, 14:34:35 UTC
374976e Richard Levitte09 July 2018, 19:09:30 UTCExisting transfer modules must have a package and a $VERSION Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6682) (cherry picked from commit f7dce50f21c13520d36f51bed83d19d3eb0bf698)10 July 2018, 14:34:26 UTC
546574b Richard Levitte09 July 2018, 19:07:25 UTCMake 'with_fallback' use 'use' instead of 'require' This enables us to require module versions, and to fall back to a bundled version if the system version is too low. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6682) (cherry picked from commit e9bc5706744213a1a6748dbbcd1b43a6ad4ca09e)10 July 2018, 14:34:12 UTC
7725c76 Bernd Edlinger05 July 2018, 13:38:28 UTCFix minor windows build issues [extended tests] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6663)06 July 2018, 13:59:07 UTC
03998dc Richard Levitte04 July 2018, 07:26:05 UTCDocument more EVP_MD_CTX functions Fixes #6644 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6645) (cherry picked from commit a9cf71a3716f8f624b711faa0d5ea391bb26d9f6)04 July 2018, 16:42:10 UTC
9d41672 Matt Caswell02 July 2018, 13:09:03 UTCDon't create an invalid CertificateRequest We should validate that the various fields we put into the CertificateRequest are not too long. Otherwise we will construct an invalid message. Fixes #6609 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6628)03 July 2018, 10:22:06 UTC
1e8cb18 Matt Caswell26 June 2018, 14:40:54 UTCFix a NULL ptr deref in error path in tls_process_cke_dhe() Fixes #6574 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6594)02 July 2018, 13:52:43 UTC
e35e594 Andy Polyakov30 June 2018, 10:52:10 UTCtest/evp_test.c: address sanitizer errors in pderive_test_run. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6614)02 July 2018, 08:48:35 UTC
a80f76a Andy Polyakov29 June 2018, 15:48:54 UTCmodes/asm/ghash-armv4.pl: address "infixes are deprecated" warnings. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6615) (cherry picked from commit ce5eb5e8149d8d03660575f4b8504c993851988a)01 July 2018, 09:54:00 UTC
c7b9e7b Pauli28 June 2018, 23:55:23 UTCCheck return from BN_set_word. In ssl/t1_lib.c. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6613) (cherry picked from commit 8eab767a718f44ccba9888eeb81a5328cff47bab)29 June 2018, 03:25:49 UTC
e216028 Rich Salz28 June 2018, 22:13:54 UTCZero-fill IV by default. Fixes uninitialized memory read reported by Nick Mathewson Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6603) (cherry picked from commit 10c3c1c1ec41ce16e51b92bb18fab92d1a42b49c)28 June 2018, 23:46:38 UTC
2f1ad5c Richard Levitte25 June 2018, 15:14:12 UTCMove documentation to its correct location for this branch The 1.1.1 branch has a different location for documentation, this is the obvious result of a cherry-pick from there. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6589)25 June 2018, 15:50:42 UTC
a6c1b41 Richard Levitte25 June 2018, 15:08:20 UTCOpenSSL_add_ssl_algorithm-is-deprecated() is deprecated, make it so This function is documented to be deprecated since OpenSSL 1.1.0. We need to make it so in openssl/ssl.h as well. Fixes #6565 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6588) (cherry picked from commit 71419442a279a12c2e19a097b5c7e01c29d1fc9c)25 June 2018, 15:18:08 UTC
ad6edb2 Bernd Edlinger23 June 2018, 20:17:19 UTCFix a new gcc-9 warning [-Wstringop-truncation] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6581) (cherry picked from commit dc6c374bdb4872f6d5d727e73a2ed834e972842c)24 June 2018, 16:04:45 UTC
2ab5cb0 Kurt Roeckx23 June 2018, 08:24:00 UTCFix prototype of ASN1_INTEGER_get and ASN1_INTEGER_set The parameters where switched Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #6578 (cherry picked from commit eaf39a9fe6f55feb5251e235069e02f7f50d9a49)23 June 2018, 18:30:03 UTC
7fe7601 Richard Levitte22 June 2018, 07:33:29 UTCOpenSSL-II style for emacs: don't indent because of extern block We don't want an indentation step inside a 'extern "C" {' .. '}' block. Apparently, cc-mode has a c-offsets-alist keyword to allow exactly this. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6557) (cherry picked from commit 8973112884e67feb46384b573db14e62ad18d4cb)23 June 2018, 06:00:11 UTC
1f3f79e Andy Polyakov21 June 2018, 11:52:04 UTCsha/asm/sha{256|512}-armv4.pl: harmonize thumb2 support with the rest. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 2e51557bc93f90ca2274230b042acb53cc3a268d)22 June 2018, 12:30:14 UTC
2b45131 David von Oheimb10 February 2018, 14:45:11 UTCadd documentation for OCSP_basic_verify() Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6227) (cherry picked from commit b8c32081e02b7008a90d878eccce46da256dfe86)21 June 2018, 18:41:42 UTC
50d06d1 Nick Mathewson24 May 2018, 19:23:15 UTCImprove the example getpass() implementation to show an error return Also, modernize the code, so that it isn't trying to store a size_t into an int, and then check the int's sign. :/ Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6271) (cherry picked from commit c8c250333cd254ab3f4d709ebc5ed86a7c065721)21 June 2018, 16:50:47 UTC
e4b47f7 Nick Mathewson16 May 2018, 15:07:48 UTCUpdate documentation for PEM callback: error is now -1. In previous versions of OpenSSL, the documentation for PEM_read_* said: The callback B<must> return the number of characters in the passphrase or 0 if an error occurred. But since c82c3462267afdbbaa5, 0 is now treated as a non-error return value. Applications that want to indicate an error need to return -1 instead. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6271) (cherry picked from commit bbbf752a3c8b5a966bcb48fc71a3dc03832e7b27)21 June 2018, 16:47:39 UTC
7b3e775 Billy Brumley20 June 2018, 07:56:37 UTC[crypto/ec] don't assume points are of order group->order (cherry picked from commit 01fd5df77d401c87f926552ec24c0a09e5735006) Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6549)21 June 2018, 09:58:24 UTC
cc39f92 Andy Polyakov07 May 2018, 08:27:45 UTCec/ec_mult.c: get BN_CTX_start,end sequence right. Triggered by Coverity analysis. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 7d859d1c8868b81c5d810021af0b40f355af4e1f) Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6549)21 June 2018, 09:58:24 UTC
77b6b17 Matt Caswell19 June 2018, 14:07:02 UTCAdd blinding to a DSA signature This extends the recently added ECDSA signature blinding to blind DSA too. This is based on side channel attacks demonstrated by Keegan Ryan (NCC Group) for ECDSA which are likely to be able to be applied to DSA. Normally, as in ECDSA, during signing the signer calculates: s:= k^-1 * (m + r * priv_key) mod order In ECDSA, the addition operation above provides a sufficient signal for a flush+reload attack to derive the private key given sufficient signature operations. As a mitigation (based on a suggestion from Keegan) we add blinding to the operation so that: s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order Since this attack is a localhost side channel only no CVE is assigned. This commit also tweaks the previous ECDSA blinding so that blinding is only removed at the last possible step. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6523)21 June 2018, 09:24:31 UTC
56c91e6 Richard Levitte21 June 2018, 04:24:33 UTCopenssl ca: open the output file as late as possible Fixes #6544 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6546) (cherry picked from commit 63871d9f810fec1e8a441d82c9ac79c58b19e2ad)21 June 2018, 04:59:58 UTC
c35608e Andy Polyakov16 June 2018, 14:25:40 UTCec/asm/ecp_nistz256-avx2.pl: harmonize clang version detection. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6499) (cherry picked from commit 575045f59fc393abc9d49604d82ccd17c82925fa)18 June 2018, 18:03:08 UTC
1d5e108 Andy Polyakov16 June 2018, 14:24:55 UTC{chacha|poly1305}/asm/*-x64.pl: harmonize clang version detection. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6499) (cherry picked from commit 27635a4ecb1bc4852ccf456a9374a68931dc330f)18 June 2018, 18:01:48 UTC
0e41c2a Andy Polyakov16 June 2018, 14:23:34 UTCsha/asm/sha{1|256}-586.pl: harmonize clang version detection. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6499) (cherry picked from commit b55e21b357902959ae8ec0255952402f5ccaa515)18 June 2018, 18:01:12 UTC
3bce5b0 Andy Polyakov16 June 2018, 14:22:19 UTCbn/asm/rsaz-avx2.pl: harmonize clang version detection. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6499) (cherry picked from commit 9e97f61dec312084abe03226e5c962d818c9fc2b)18 June 2018, 18:00:58 UTC
f0f0abe Jack Bates05 January 2017, 16:58:18 UTCConvert _meth_get_ functions to const getters Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 693be9a2cb0fc79fe856259feea54772c18a3637) (Merged from https://github.com/openssl/openssl/pull/5750)18 June 2018, 09:52:46 UTC
1eeb882 Bernd Edlinger03 April 2018, 21:47:10 UTCBackport of commit 6b49b30811f4afa0340342af9400b8d0357b5291 Prevent a possible recursion in ERR_get_state and fix the problem that was pointed out in commit aef84bb4efbddfd95d042f3f5f1d362ed7d4faeb differently. Fixes: #6493 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6494)15 June 2018, 11:21:42 UTC
0c27d79 Matt Caswell25 May 2018, 11:10:13 UTCAdd blinding to an ECDSA signature Keegan Ryan (NCC Group) has demonstrated a side channel attack on an ECDSA signature operation. During signing the signer calculates: s:= k^-1 * (m + r * priv_key) mod order The addition operation above provides a sufficient signal for a flush+reload attack to derive the private key given sufficient signature operations. As a mitigation (based on a suggestion from Keegan) we add blinding to the operation so that: s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order Since this attack is a localhost side channel only no CVE is assigned. Reviewed-by: Rich Salz <rsalz@openssl.org>13 June 2018, 15:23:54 UTC
cd396d2 Nicola Tuveri12 June 2018, 01:27:28 UTCDeprecate DSA_sign_setup() in the documentation Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6460) (cherry picked from commit 8fe4c0b001f85c5a918c6a6d4687813ea3d2945f)12 June 2018, 12:29:33 UTC
ea7abee Guido Vranken11 June 2018, 17:38:54 UTCReject excessively large primes in DH key generation. CVE-2018-0732 Signed-off-by: Guido Vranken <guidovranken@gmail.com> (cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe) Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6457)12 June 2018, 09:27:24 UTC
9a236d5 Richard Levitte11 June 2018, 08:33:09 UTCVMS: have mkdef.pl parse lettered versions properly Fixes #6449 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6450)11 June 2018, 14:44:30 UTC
e13d8f7 Andy Polyakov08 June 2018, 13:02:39 UTCbn/asm/sparcv9-mont.pl: iron another glitch in squaring code path. This module is used only with odd input lengths, i.e. not used in normal PKI cases, on contemporary processors. The problem was "illuminated" by fuzzing tests. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6440) (cherry picked from commit f55ef97b5c0f8559f393b72ebd4b2de32ad6d231)09 June 2018, 12:49:22 UTC
776ad43 Mingtao Yang06 June 2018, 16:34:18 UTCmodes/ocb128.c: Reset nonce-dependent variables on setiv Upon a call to CRYPTO_ocb128_setiv, either directly on an OCB_CTX or indirectly with EVP_CTRL_AEAD_SET_IVLEN, reset the nonce-dependent variables in the OCB_CTX. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6420) (cherry picked from commit bbb02a5b6d27f76931c3385321b2c594781c7a1b)08 June 2018, 13:57:33 UTC
6849421 Marcus Huewe11 May 2018, 10:24:56 UTCDo not free a session before calling the remove_session_cb If the remove_session_cb accesses the session's data (for instance, via SSL_SESSION_get_protocol_version), a potential use after free can occur. For this, consider the following scenario when adding a new session via SSL_CTX_add_session: - The session cache is full (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) - Only the session cache has a reference to ctx->session_cache_tail (that is, ctx->session_cache_tail->references == 1) Since the cache is full, remove_session_lock is called to remove ctx->session_cache_tail from the cache. That is, it SSL_SESSION_free()s the session, which free()s the data. Afterwards, the free()d session is passed to the remove_session_cb. If the callback accesses the session's data, we have a use after free. The free before calling the callback behavior was introduced in commit e4612d02c53cccd24fa97b08fc01250d1238cca1 ("Remove sessions from external cache, even if internal cache not used."). CLA: trivial Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6222) (cherry picked from commit c0a58e034d3eff68ca5e0d36d7b4d147425b0599)07 June 2018, 12:12:39 UTC
853d245 Rich Salz05 June 2018, 15:17:59 UTCImprove wording Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6413) (cherry picked from commit 630fe1da888490b7dfef3fe0928b813ddff5d51a)05 June 2018, 15:18:27 UTC
cc28420 Rich Salz02 June 2018, 18:57:34 UTCMake OS/X more explicit, to avoid questions Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6404) (cherry picked from commit 886c2e614fc1e78e658122bf6f6bccdd7dd23857)05 June 2018, 15:17:08 UTC
78641aa Ken Goldman02 June 2018, 20:17:32 UTCDocument failure return for ECDSA_SIG_new ECDSA_SIG_new() returns NULL on error. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6398) (cherry picked from commit 6da34cfbddede5e46f9c9183b724c99999dcfb41)02 June 2018, 20:19:16 UTC
13b578a Richard Levitte31 May 2018, 09:12:34 UTCENGINE_pkey_asn1_find_str(): don't assume an engine implements ASN1 method Just because an engine implements algorithm methods, that doesn't mean it also implements the ASN1 method. Therefore, be careful when looking for an ASN1 method among all engines, don't try to use one that doesn't exist. Fixes #6381 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6383) (cherry picked from commit 1ac3cd6277f880fac4df313702d5e3b3814e56e2)31 May 2018, 10:02:31 UTC
7e2e10a Richard Levitte31 May 2018, 04:51:25 UTCapps: when the 'compat' nameopt has been set, leave it be XN_FLAG_COMPAT has a unique property, its zero for value. This means it needs special treatment; if it has been set (which can only be determined indirectly) and set alone (*), no other flags should be set. (*) if any other nameopt flag has been set by the user, compatibility mode is blown away. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6382) (cherry picked from commit 3190d1dca43ecfd748c06aa06752de06af3768b9)31 May 2018, 09:01:57 UTC
6912deb Mingtao Yang09 February 2018, 18:23:18 UTCAdd APIs for custom X509_LOOKUP_METHOD creation OpenSSL 1.1.0 made the X509_LOOKUP_METHOD structure opaque, so applications that were previously able to define a custom lookup method are not able to be ported. This commit adds getters and setters for each of the current fields of X509_LOOKUP_METHOD, along with getters and setters on several associated opaque types (such as X509_LOOKUP and X509_OBJECT). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6152) (cherry picked from commit 0124f32a01b2b4f4f7146f226b6a9dfe227c4008)30 May 2018, 13:59:01 UTC
ac35f28 Matt Caswell24 May 2018, 15:12:52 UTCThe result of a ^ 0 mod -1 is 0 not 1 Thanks to Guido Vranken and OSSFuzz for finding this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6355) (cherry picked from commit 4aa5b725d549b3ebc3a4f2f1c44e44a11f68752b)29 May 2018, 15:48:49 UTC
10fe37d Bernd Edlinger26 May 2018, 15:08:03 UTCTry to work around ubuntu gcc-5 ubsan build failure [extended tests] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6362)26 May 2018, 18:16:56 UTC
back to top