swh:1:snp:dc2a5002442a00b1c0eda7c65d04ea7455e166cd
- HEAD
- refs/heads/OpenSSL-engine-0_9_6-stable
- refs/heads/OpenSSL-fips-0_9_7-stable
- refs/heads/OpenSSL-fips-0_9_8-stable
- refs/heads/OpenSSL-fips-1_2-stable
- refs/heads/OpenSSL-fips-2_0-dev
- refs/heads/OpenSSL-fips-2_0-stable
- refs/heads/OpenSSL-fips2-0_9_7-stable
- refs/heads/OpenSSL_0_9_6-stable
- refs/heads/OpenSSL_0_9_7-stable
- refs/heads/OpenSSL_0_9_8-stable
- refs/heads/OpenSSL_0_9_8fg-stable
- refs/heads/OpenSSL_1_0_0-stable
- refs/heads/OpenSSL_1_0_1-stable
- refs/heads/OpenSSL_1_0_2-stable
- refs/heads/OpenSSL_1_1_0-stable
- refs/heads/OpenSSL_1_1_1-stable
- refs/heads/SSLeay
- refs/heads/feature/dtls-1.3
- refs/heads/feature/ech
- refs/heads/feature/quic-server
- refs/heads/master
- refs/heads/openssl-3.0
- refs/heads/openssl-3.1
- refs/heads/openssl-3.2
- refs/heads/openssl-3.3
- refs/heads/openssl-3.4
- refs/heads/tls1.3-draft-18
- refs/heads/tls1.3-draft-19
- refs/tags/AFTER_COMPAQ_PATCH
- refs/tags/BEFORE_COMPAQ_PATCH
- refs/tags/BEFORE_engine
- refs/tags/BEN_FIPS_TEST_1
- refs/tags/BEN_FIPS_TEST_2
- refs/tags/BEN_FIPS_TEST_3
- refs/tags/BEN_FIPS_TEST_4
- refs/tags/BEN_FIPS_TEST_5
- refs/tags/BEN_FIPS_TEST_6
- refs/tags/BEN_FIPS_TEST_7
- refs/tags/BEN_FIPS_TEST_8
- refs/tags/FIPS_098_TEST_1
- refs/tags/FIPS_098_TEST_2
- refs/tags/FIPS_098_TEST_3
- refs/tags/FIPS_098_TEST_4
- refs/tags/FIPS_098_TEST_5
- refs/tags/FIPS_098_TEST_6
- refs/tags/FIPS_098_TEST_7
- refs/tags/FIPS_098_TEST_8
- refs/tags/FIPS_TEST_10
- refs/tags/FIPS_TEST_9
- refs/tags/LEVITTE_after_const
- refs/tags/LEVITTE_before_const
- refs/tags/OpenSSL-engine-0_9_6
- refs/tags/OpenSSL-engine-0_9_6-beta1
- refs/tags/OpenSSL-engine-0_9_6-beta2
- refs/tags/OpenSSL-engine-0_9_6-beta3
- refs/tags/OpenSSL-engine-0_9_6a
- refs/tags/OpenSSL-engine-0_9_6a-beta1
- refs/tags/OpenSSL-engine-0_9_6a-beta2
- refs/tags/OpenSSL-engine-0_9_6a-beta3
- refs/tags/OpenSSL-engine-0_9_6b
- refs/tags/OpenSSL-engine-0_9_6c
- refs/tags/OpenSSL-engine-0_9_6d
- refs/tags/OpenSSL-engine-0_9_6d-beta1
- refs/tags/OpenSSL-engine-0_9_6e
- refs/tags/OpenSSL-engine-0_9_6f
- refs/tags/OpenSSL-engine-0_9_6g
- refs/tags/OpenSSL-engine-0_9_6h
- refs/tags/OpenSSL-engine-0_9_6i
- refs/tags/OpenSSL-engine-0_9_6j
- refs/tags/OpenSSL-engine-0_9_6k
- refs/tags/OpenSSL-engine-0_9_6l
- refs/tags/OpenSSL-engine-0_9_6m
- refs/tags/OpenSSL-fips-1_2_0
- refs/tags/OpenSSL-fips-1_2_1
- refs/tags/OpenSSL-fips-1_2_2
- refs/tags/OpenSSL-fips-1_2_3
- refs/tags/OpenSSL-fips-2_0
- refs/tags/OpenSSL-fips-2_0-pl1
- refs/tags/OpenSSL-fips-2_0-rc1
- refs/tags/OpenSSL-fips-2_0-rc2
- refs/tags/OpenSSL-fips-2_0-rc3
- refs/tags/OpenSSL-fips-2_0-rc4
- refs/tags/OpenSSL-fips-2_0-rc5
- refs/tags/OpenSSL-fips-2_0-rc6
- refs/tags/OpenSSL-fips-2_0-rc7
- refs/tags/OpenSSL-fips-2_0-rc8
- refs/tags/OpenSSL-fips-2_0-rc9
- refs/tags/OpenSSL-fips-2_0_1
- refs/tags/OpenSSL_0_9_1c
- refs/tags/OpenSSL_0_9_2b
- refs/tags/OpenSSL_0_9_3
- refs/tags/OpenSSL_0_9_3a
- refs/tags/OpenSSL_0_9_3beta1
- refs/tags/OpenSSL_0_9_3beta2
- refs/tags/OpenSSL_0_9_4
- refs/tags/OpenSSL_0_9_5
- refs/tags/OpenSSL_0_9_5a
- refs/tags/OpenSSL_0_9_5a-beta1
- refs/tags/OpenSSL_0_9_5a-beta2
- refs/tags/OpenSSL_0_9_5beta1
- refs/tags/OpenSSL_0_9_5beta2
- refs/tags/OpenSSL_0_9_6
- refs/tags/OpenSSL_0_9_6-beta1
- refs/tags/OpenSSL_0_9_6-beta2
- refs/tags/OpenSSL_0_9_6-beta3
- refs/tags/OpenSSL_0_9_6a
- refs/tags/OpenSSL_0_9_6a-beta1
- refs/tags/OpenSSL_0_9_6a-beta2
- refs/tags/OpenSSL_0_9_6a-beta3
- refs/tags/OpenSSL_0_9_6b
- refs/tags/OpenSSL_0_9_6c
- refs/tags/OpenSSL_0_9_6d
- refs/tags/OpenSSL_0_9_6d-beta1
- refs/tags/OpenSSL_0_9_6e
- refs/tags/OpenSSL_0_9_6f
- refs/tags/OpenSSL_0_9_6g
- refs/tags/OpenSSL_0_9_6h
- refs/tags/OpenSSL_0_9_6i
- refs/tags/OpenSSL_0_9_6j
- refs/tags/OpenSSL_0_9_6k
- refs/tags/OpenSSL_0_9_6l
- refs/tags/OpenSSL_0_9_6m
- refs/tags/OpenSSL_0_9_7
- refs/tags/OpenSSL_0_9_7-beta1
- refs/tags/OpenSSL_0_9_7-beta2
- refs/tags/OpenSSL_0_9_7-beta3
- refs/tags/OpenSSL_0_9_7-beta4
- refs/tags/OpenSSL_0_9_7-beta5
- refs/tags/OpenSSL_0_9_7-beta6
- refs/tags/OpenSSL_0_9_7a
- refs/tags/OpenSSL_0_9_7b
- refs/tags/OpenSSL_0_9_7c
- refs/tags/OpenSSL_0_9_7d
- refs/tags/OpenSSL_0_9_7e
- refs/tags/OpenSSL_0_9_7f
- refs/tags/OpenSSL_0_9_7g
- refs/tags/OpenSSL_0_9_7h
- refs/tags/OpenSSL_0_9_7i
- refs/tags/OpenSSL_0_9_7j
- refs/tags/OpenSSL_0_9_7k
- refs/tags/OpenSSL_0_9_7l
- refs/tags/OpenSSL_0_9_7m
- refs/tags/OpenSSL_0_9_8
- refs/tags/OpenSSL_0_9_8-beta1
- refs/tags/OpenSSL_0_9_8-beta2
- refs/tags/OpenSSL_0_9_8-beta3
- refs/tags/OpenSSL_0_9_8-beta4
- refs/tags/OpenSSL_0_9_8-beta5
- refs/tags/OpenSSL_0_9_8-beta6
- refs/tags/OpenSSL_0_9_8a
- refs/tags/OpenSSL_0_9_8b
- refs/tags/OpenSSL_0_9_8c
- refs/tags/OpenSSL_0_9_8d
- refs/tags/OpenSSL_0_9_8e
- refs/tags/OpenSSL_0_9_8f
- refs/tags/OpenSSL_0_9_8g
- refs/tags/OpenSSL_0_9_8h
- refs/tags/OpenSSL_0_9_8i
- refs/tags/OpenSSL_0_9_8j
- refs/tags/OpenSSL_0_9_8k
- refs/tags/OpenSSL_0_9_8l
- refs/tags/OpenSSL_0_9_8m
- refs/tags/OpenSSL_0_9_8m-beta1
- refs/tags/OpenSSL_0_9_8n
- refs/tags/OpenSSL_0_9_8o
- refs/tags/OpenSSL_0_9_8p
- refs/tags/OpenSSL_0_9_8q
- refs/tags/OpenSSL_0_9_8r
- refs/tags/OpenSSL_0_9_8s
- refs/tags/OpenSSL_0_9_8t
- refs/tags/OpenSSL_0_9_8u
- refs/tags/OpenSSL_0_9_8v
- refs/tags/OpenSSL_0_9_8w
- refs/tags/OpenSSL_0_9_8x
- refs/tags/OpenSSL_1_0_0
- refs/tags/OpenSSL_1_0_0-beta1
- refs/tags/OpenSSL_1_0_0-beta2
- refs/tags/OpenSSL_1_0_0-beta3
- refs/tags/OpenSSL_1_0_0-beta4
- refs/tags/OpenSSL_1_0_0-beta5
- refs/tags/OpenSSL_1_0_0a
- refs/tags/OpenSSL_1_0_0b
- refs/tags/OpenSSL_1_0_0c
- refs/tags/OpenSSL_1_0_0d
- refs/tags/OpenSSL_1_0_0e
- refs/tags/OpenSSL_1_0_0f
- refs/tags/OpenSSL_1_0_0g
- refs/tags/OpenSSL_1_0_0h
- refs/tags/OpenSSL_1_0_0i
- refs/tags/OpenSSL_1_0_0j
- refs/tags/OpenSSL_1_0_1
- refs/tags/OpenSSL_1_0_1-beta1
- refs/tags/OpenSSL_1_0_1-beta2
- refs/tags/OpenSSL_1_0_1-beta3
- refs/tags/OpenSSL_1_0_1a
- refs/tags/OpenSSL_1_0_1b
- refs/tags/OpenSSL_1_0_1c
- refs/tags/OpenSSL_FIPS_1_0
- refs/tags/SSLeay_0_8_1b
- refs/tags/SSLeay_0_9_0b
- refs/tags/SSLeay_0_9_1b
- refs/tags/STATE_after_zlib
- refs/tags/STATE_before_zlib
- refs/tags/rsaref
- openssl-3.4.0-alpha1
- openssl-3.3.2
- openssl-3.3.1
- openssl-3.3.0-beta1
- openssl-3.3.0-alpha1
- openssl-3.3.0
- openssl-3.2.3
- openssl-3.2.2
- openssl-3.2.1
- openssl-3.2.0-beta1
- openssl-3.2.0-alpha2
- openssl-3.2.0-alpha1
- openssl-3.2.0
- openssl-3.1.7
- openssl-3.1.6
- openssl-3.1.5
- openssl-3.1.4
- openssl-3.1.3
- openssl-3.1.2
- openssl-3.1.1
- openssl-3.1.0-beta1
- openssl-3.1.0-alpha1
- openssl-3.1.0
- openssl-3.0.9
- openssl-3.0.8
- openssl-3.0.7
- openssl-3.0.6
- openssl-3.0.5
- openssl-3.0.4
- openssl-3.0.3
- openssl-3.0.2
- openssl-3.0.15
- openssl-3.0.14
- openssl-3.0.13
- openssl-3.0.12
- openssl-3.0.11
- openssl-3.0.10
- openssl-3.0.1
- openssl-3.0.0-beta2
- openssl-3.0.0-beta1
- openssl-3.0.0-alpha9
- openssl-3.0.0-alpha8
- openssl-3.0.0-alpha7
- openssl-3.0.0-alpha6
- openssl-3.0.0-alpha5
- openssl-3.0.0-alpha4
- openssl-3.0.0-alpha3
- openssl-3.0.0-alpha2
- openssl-3.0.0-alpha17
- openssl-3.0.0-alpha16
- openssl-3.0.0-alpha15
- openssl-3.0.0-alpha14
- openssl-3.0.0-alpha13
- openssl-3.0.0-alpha12
- openssl-3.0.0-alpha11
- openssl-3.0.0-alpha10
- openssl-3.0.0-alpha1
- openssl-3.0.0
- master-pre-reformat
- master-pre-auto-reformat
- master-post-reformat
- master-post-auto-reformat
- OpenSSL_1_1_1w
- OpenSSL_1_1_1v
- OpenSSL_1_1_1u
- OpenSSL_1_1_1t
- OpenSSL_1_1_1s
- OpenSSL_1_1_1r
- OpenSSL_1_1_1q
- OpenSSL_1_1_1p
- OpenSSL_1_1_1o
- OpenSSL_1_1_1n
- OpenSSL_1_1_1m
- OpenSSL_1_1_1l
- OpenSSL_1_1_1k
- OpenSSL_1_1_1j
- OpenSSL_1_1_1i
- OpenSSL_1_1_1h
- OpenSSL_1_1_1g
- OpenSSL_1_1_1f
- OpenSSL_1_1_1e
- OpenSSL_1_1_1d
- OpenSSL_1_1_1c
- OpenSSL_1_1_1b
- OpenSSL_1_1_1a
- OpenSSL_1_1_1-pre9
- OpenSSL_1_1_1-pre8
- OpenSSL_1_1_1-pre7
- OpenSSL_1_1_1-pre6
- OpenSSL_1_1_1-pre5
- OpenSSL_1_1_1-pre4
- OpenSSL_1_1_1-pre3
- OpenSSL_1_1_1-pre2
- OpenSSL_1_1_1-pre1
- OpenSSL_1_1_1
- OpenSSL_1_1_0l
- OpenSSL_1_1_0k
- OpenSSL_1_1_0j
- OpenSSL_1_1_0i
- OpenSSL_1_1_0h
- OpenSSL_1_1_0g
- OpenSSL_1_1_0f
- OpenSSL_1_1_0e
- OpenSSL_1_1_0d
- OpenSSL_1_1_0c
- OpenSSL_1_1_0b
- OpenSSL_1_1_0a
- OpenSSL_1_1_0-pre6
- OpenSSL_1_1_0-pre5
- OpenSSL_1_1_0-pre4
- OpenSSL_1_1_0-pre3
- OpenSSL_1_1_0-pre2
- OpenSSL_1_1_0-pre1
- OpenSSL_1_1_0
- OpenSSL_1_0_2u
- OpenSSL_1_0_2t
- OpenSSL_1_0_2s
- OpenSSL_1_0_2r
- OpenSSL_1_0_2q
- OpenSSL_1_0_2p
- OpenSSL_1_0_2o
- OpenSSL_1_0_2n
- OpenSSL_1_0_2m
- OpenSSL_1_0_2l
- OpenSSL_1_0_2k
- OpenSSL_1_0_2j
- OpenSSL_1_0_2i
- OpenSSL_1_0_2h
- OpenSSL_1_0_2g
- OpenSSL_1_0_2f
- OpenSSL_1_0_2e
- OpenSSL_1_0_2d
- OpenSSL_1_0_2c
- OpenSSL_1_0_2b
- OpenSSL_1_0_2a
- OpenSSL_1_0_2-pre-reformat
- OpenSSL_1_0_2-pre-auto-reformat
- OpenSSL_1_0_2-post-reformat
- OpenSSL_1_0_2-post-auto-reformat
- OpenSSL_1_0_2-beta3
- OpenSSL_1_0_2-beta2
- OpenSSL_1_0_2-beta1
- OpenSSL_1_0_2
- OpenSSL_1_0_1u
- OpenSSL_1_0_1t
- OpenSSL_1_0_1s
- OpenSSL_1_0_1r
- OpenSSL_1_0_1q
- OpenSSL_1_0_1p
- OpenSSL_1_0_1o
- OpenSSL_1_0_1n
- OpenSSL_1_0_1m
- OpenSSL_1_0_1l
- OpenSSL_1_0_1k
- OpenSSL_1_0_1j
- OpenSSL_1_0_1i
- OpenSSL_1_0_1h
- OpenSSL_1_0_1g
- OpenSSL_1_0_1f
- OpenSSL_1_0_1e
- OpenSSL_1_0_1d
- OpenSSL_1_0_1-pre-reformat
- OpenSSL_1_0_1-pre-auto-reformat
- OpenSSL_1_0_1-post-reformat
- OpenSSL_1_0_1-post-auto-reformat
- OpenSSL_1_0_0t
- OpenSSL_1_0_0s
- OpenSSL_1_0_0r
- OpenSSL_1_0_0q
- OpenSSL_1_0_0p
- OpenSSL_1_0_0o
- OpenSSL_1_0_0n
- OpenSSL_1_0_0m
- OpenSSL_1_0_0l
- OpenSSL_1_0_0k
- OpenSSL_1_0_0-pre-reformat
- OpenSSL_1_0_0-pre-auto-reformat
- OpenSSL_1_0_0-post-reformat
- OpenSSL_1_0_0-post-auto-reformat
- OpenSSL_0_9_8zh
- OpenSSL_0_9_8zg
- OpenSSL_0_9_8zf
- OpenSSL_0_9_8ze
- OpenSSL_0_9_8zd
- OpenSSL_0_9_8zc
- OpenSSL_0_9_8zb
- OpenSSL_0_9_8za
- OpenSSL_0_9_8y
- OpenSSL_0_9_8-pre-reformat
- OpenSSL_0_9_8-pre-auto-reformat
- OpenSSL_0_9_8-post-reformat
- OpenSSL_0_9_8-post-auto-reformat
- OpenSSL-fips-2_0_9
- OpenSSL-fips-2_0_8
- OpenSSL-fips-2_0_7
- OpenSSL-fips-2_0_6
- OpenSSL-fips-2_0_5
- OpenSSL-fips-2_0_4
- OpenSSL-fips-2_0_3
- OpenSSL-fips-2_0_2
- OpenSSL-fips-2_0_16
- OpenSSL-fips-2_0_15
- OpenSSL-fips-2_0_14
- OpenSSL-fips-2_0_13
- OpenSSL-fips-2_0_12
- OpenSSL-fips-2_0_11
- OpenSSL-fips-2_0_10
Permalinks
To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.
| Revision | Author | Date | Message | Commit Date |
|---|---|---|---|---|
| f123043 | Matt Caswell | 22 September 2020, 12:55:07 UTC | Prepare for 1.1.1h release Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 22 September 2020, 12:55:07 UTC |
| 24a535e | Matt Caswell | 22 September 2020, 12:14:20 UTC | Update copyright year Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12949) | 22 September 2020, 12:45:08 UTC |
| 6f26a76 | Matt Caswell | 22 September 2020, 12:13:17 UTC | Updates CHANGES and NEWS for the new release Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12949) | 22 September 2020, 12:45:08 UTC |
| 256989c | olszomal | 19 June 2020, 13:00:32 UTC | Add const to 'ppin' function parameter CLA: trivial Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> GH: #12205 (cherry picked from commit 434343f896a2bb3e5857cc9831c38f8cd1cceec1) | 21 September 2020, 14:56:18 UTC |
| 56e8fe0 | Norman Ashley | 10 July 2020, 23:01:32 UTC | Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign OCSP_basic_sign_ctx() in ocsp_srv.c , does not check for RSA_METHOD_FLAG_NO_CHECK. If a key has RSA_METHOD_FLAG_NO_CHECK set, OCSP sign operations can fail because the X509_check_private_key() can fail. The check for the RSA_METHOD_FLAG_NO_CHECK was moved to crypto/rsa/rsa_ameth.c as a common place to check. Checks in ssl_rsa.c were removed. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12419) | 21 September 2020, 09:29:52 UTC |
| fdcddd9 | Tomas Mraz | 11 September 2020, 07:09:29 UTC | Disallow certs with explicit curve in verification chain The check is applied only with X509_V_FLAG_X509_STRICT. Fixes #12139 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12909) | 21 September 2020, 08:32:59 UTC |
| 398c8da | Tomas Mraz | 21 August 2020, 12:50:52 UTC | EC_KEY: add EC_KEY_decoded_from_explicit_params() The function returns 1 when the encoding of a decoded EC key used explicit encoding of the curve parameters. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12909) | 21 September 2020, 08:32:42 UTC |
| ee617d0 | Henry N | 10 September 2020, 21:55:28 UTC | Fix: ecp_nistz256-armv4.S bad arguments Fix this error: crypto/ec/ecp_nistz256-armv4.S:3853: Error: bad arguments to instruction -- `orr r11,r10' crypto/ec/ecp_nistz256-armv4.S:3854: Error: bad arguments to instruction -- `orr r11,r12' crypto/ec/ecp_nistz256-armv4.S:3855: Error: bad arguments to instruction -- `orrs r11,r14' CLA: trivial Fixes #12848 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> GH: #12854 (cherry picked from commit b5f82567afa820bac55b7dd7eb9dd510c32c3ef6) | 20 September 2020, 12:22:15 UTC |
| 8380f45 | Dr. Matthias St. Pierre | 31 August 2020, 22:55:36 UTC | Revert two renamings backported from master The original names were more intuitive: the generate_counter counts the number of generate requests, and the reseed_counter counts the number of reseedings (of the principal DRBG). reseed_gen_counter -> generate_counter reseed_prop_counter -> reseed_counter This partially reverts commit 35a34508ef4d649ace4e373e1d019192b7e38c36. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12759) | 10 September 2020, 21:01:16 UTC |
| 958fec7 | Dr. Matthias St. Pierre | 31 August 2020, 21:36:22 UTC | Fix the DRBG seed propagation In a nutshell, reseed propagation is a compatibility feature with the sole purpose to support the traditional way of (re-)seeding manually by calling 'RAND_add()' before 'RAND_bytes(). It ensures that the former has an immediate effect on the latter *within the same thread*, but it does not care about immediate reseed propagation to other threads. The implementation is lock-free, i.e., it works without taking the lock of the primary DRBG. Pull request #7399 not only fixed the data race issue #7394 but also changed the original implementation of the seed propagation unnecessarily. This commit reverts most of the changes of commit 1f98527659b8 and intends to fix the data race while retaining the original simplicity of the seed propagation. - use atomics with relaxed semantics to load and store the seed counter - add a new member drbg->enable_reseed_propagation to simplify the overflow treatment of the seed propagation counter - don't handle races between different threads This partially reverts commit 1f98527659b8290d442c4e1532452b9ba6463f1e. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12759) | 10 September 2020, 20:57:34 UTC |
| 526cf60 | luxinyou | 07 September 2020, 08:06:45 UTC | Fix memory leaks in conf_def.c Fixes #12471 CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12533) (cherry picked from commit 4348995b0d818203f37ffa51c9bdf4488cf24bad) | 07 September 2020, 08:13:01 UTC |
| 309e73d | Shane Lontis | 07 September 2020, 07:44:38 UTC | Coverity Fixes x_algor.c: Explicit null dereferenced cms_sd.c: Resource leak ts_rsp_sign.c Resource Leak extensions_srvr.c: Resourse Leak v3_alt.c: Resourse Leak pcy_data.c: Resource Leak cms_lib.c: Resource Leak drbg_lib.c: Unchecked return code Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12531) | 07 September 2020, 07:44:38 UTC |
| 56456c3 | Richard Levitte | 27 August 2020, 05:18:55 UTC | Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 PEM_write_bio_PrivateKey_traditional() uses i2d_PrivateKey() to do the actual encoding to DER. However, i2d_PrivateKey() is a generic function that will do what it can to produce output according to what the associated EVP_PKEY_ASN1_METHOD offers. If that method offers a function 'old_priv_encode', which is expected to produce the "traditional" encoded form, then i2d_PrivateKey() uses that. If not, i2d_PrivateKey() will go on and used more modern methods, which are all expected to produce PKCS#8. To ensure that PEM_write_bio_PrivateKey_traditional() never produces more modern encoded forms, an extra check that 'old_priv_encode' is non-NULL is added. If it is NULL, an error is returned. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12729) | 28 August 2020, 18:51:17 UTC |
| 28499ba | Jung-uk Kim | 26 August 2020, 18:00:56 UTC | Ignore vendor name in Clang version number. For example, FreeBSD prepends "FreeBSD" to version string, e.g., FreeBSD clang version 11.0.0 (git@github.com:llvm/llvm-project.git llvmorg-11.0.0-rc2-0-g414f32a9e86) Target: x86_64-unknown-freebsd13.0 Thread model: posix InstalledDir: /usr/bin This prevented us from properly detecting AVX support, etc. CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/12725) (cherry picked from commit cd84d8832d274357a5ba5433640d7ef76691b1ac) | 28 August 2020, 03:29:58 UTC |
| 46a9ee8 | Tomas Mraz | 06 August 2020, 13:14:29 UTC | sslapitest: Add test for premature call of SSL_export_keying_material Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12594) (cherry picked from commit ea9f6890eb54e4b9e8b81cc1318ca3a6fc0c8356) | 13 August 2020, 08:19:55 UTC |
| 925a9d0 | Tomas Mraz | 06 August 2020, 09:20:43 UTC | Avoid segfault in SSL_export_keying_material if there is no session Fixes #12588 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12594) (cherry picked from commit dffeec1c10a874d7c7b83c221dbbce82f755edb1) | 13 August 2020, 08:19:25 UTC |
| ea7a58a | Matt Caswell | 28 July 2020, 14:28:06 UTC | Fix a test_verify failure A recently added certificate in test/certs expired causing test_verify to fail. This add a replacement certificate with a long expiry date. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12561) | 30 July 2020, 14:49:52 UTC |
| 6328d36 | Gustaf Neumann | 04 July 2020, 19:58:30 UTC | Fix typos and repeated words Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12370) | 24 July 2020, 19:06:32 UTC |
| 7a989af | Read Hughes | 23 July 2020, 14:25:28 UTC | Update EVP_EncodeInit.pod Fix EVP_EncodeBlock description using incorrect parameter name for encoding length CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12518) (cherry picked from commit 1660c8fa6be2d7c4587e490c88a44a870e9b4298) | 24 July 2020, 15:16:26 UTC |
| 72a9868 | Vitezslav Cizek | 10 July 2020, 19:33:00 UTC | test/drbgtest.c: Fix error check test The condition in test_error_checks() was inverted, so the test succeeded as long as error_check() failed. Incidently, error_check() contained several bugs that assured it always failed, thus giving overall drbg test success. Remove the broken explicit zero check. RAND_DRBG_uninstantiate() cleanses the data via drbg_ctr_uninstantiate(), but right after that it resets drbg->data.ctr using RAND_DRBG_set(), so TEST_mem_eq(zero, sizeof(drbg->data)) always failed. (backport from https://github.com/openssl/openssl/pull/11195) Signed-off-by: Vitezslav Cizek <vcizek@suse.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12517) | 22 July 2020, 23:16:50 UTC |
| 48fc6cd | Nihal Jere | 21 July 2020, 16:31:01 UTC | fixed swapped parameters descriptions for x509 CLA: trivial Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12505) | 22 July 2020, 20:05:22 UTC |
| c6c9f88 | Viktor Dukhovni | 17 July 2020, 01:30:43 UTC | Avoid errors with a priori inapplicable protocol bounds The 'MinProtocol' and 'MaxProtocol' configuration commands now silently ignore TLS protocol version bounds when configurign DTLS-based contexts, and conversely, silently ignore DTLS protocol version bounds when configuring TLS-based contexts. The commands can be repeated to set bounds of both types. The same applies with the corresponding "min_protocol" and "max_protocol" command-line switches, in case some application uses both TLS and DTLS. SSL_CTX instances that are created for a fixed protocol version (e.g. TLSv1_server_method()) also silently ignore version bounds. Previously attempts to apply bounds to these protocol versions would result in an error. Now only the "version-flexible" SSL_CTX instances are subject to limits in configuration files in command-line options. Expected to resolve #12394 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> GH: #12507 | 22 July 2020, 14:03:04 UTC |
| 335266f | Dimitri John Ledkov | 14 July 2020, 16:55:49 UTC | man3: Drop warning about using security levels higher than 1. Today, majority of web-browsers reject communication as allowed by the security level 1. Instead key sizes and algorithms from security level 2 are required. Thus remove the now obsolete warning against using security levels higher than 1. For example Ubuntu, compiles OpenSSL with security level set to 2, and further restricts algorithm versions available at that security level. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/12444) (cherry picked from commit 02e14a65fd6cc63204b43a79d510e95a63bdd901) | 20 July 2020, 19:39:28 UTC |
| a47dd08 | Pauli | 13 July 2020, 22:39:32 UTC | doc: Fix documentation of EVP_EncryptUpdate(). The documentation was off by one for the length this function could return. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12435) (cherry picked from commit 3fc164e8d18dcdef57d297956debf8d966e7fbef) | 17 July 2020, 12:23:42 UTC |
| 42bb51e | Dr. David von Oheimb | 03 July 2020, 19:19:55 UTC | x509_vfy.c: Improve key usage checks in internal_verify() of cert chains If a presumably self-signed cert is last in chain we verify its signature only if X509_V_FLAG_CHECK_SS_SIGNATURE is set. Upon this request we do the signature verification, but not in case it is a (non-conforming) self-issued CA certificate with a key usage extension that does not include keyCertSign. Make clear when we must verify the signature of a certificate and when we must adhere to key usage restrictions of the 'issuing' cert. Add some comments for making internal_verify() easier to understand. Update the documentation of X509_V_FLAG_CHECK_SS_SIGNATURE accordingly. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12357) | 16 July 2020, 19:48:22 UTC |
| e2590c3 | Dr. David von Oheimb | 24 December 2019, 10:25:15 UTC | Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() Move check that cert signing is allowed from x509v3_cache_extensions() to where it belongs: internal_verify(), generalize it for proxy cert signing. Correct and simplify check_issued(), now checking self-issued (not: self-signed). Add test case to 25-test_verify.t that demonstrates successful fix. As prerequisites, this adds the static function check_sig_alg_match() and the internal functions x509_likely_issued() and x509_signing_allowed(). This is a backport of the core of PR #10587. Fixes #1418 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12357) | 16 July 2020, 19:47:48 UTC |
| e215192 | aSoujyuTanaka | 11 April 2020, 19:10:57 UTC | Enable WinCE build without deceiving _MSC_VER. Reviewed-by: Mark J. Cox <mark@awe.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11526) (cherry picked from commit c35b8535768e22cd3b7743f4887a72e53a621a5f) | 15 July 2020, 21:09:24 UTC |
| be4c423 | aSoujyuTanaka | 11 April 2020, 19:00:17 UTC | To generate makefile with correct parameters for WinCE. Reviewed-by: Mark J. Cox <mark@awe.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11526) (cherry picked from commit a1736f37aee855fecf463b9f15519e12c333ecfc) | 15 July 2020, 21:06:13 UTC |
| 88bc703 | aSoujyuTanaka | 11 April 2020, 18:58:44 UTC | Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html Reviewed-by: Mark J. Cox <mark@awe.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11526) (cherry picked from commit 7a09fab2b3d201062a2cc07c1a40d09d61ea31bd) | 15 July 2020, 21:06:03 UTC |
| 4da1981 | aSoujyuTanaka | 11 April 2020, 18:58:02 UTC | Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. Reviewed-by: Mark J. Cox <mark@awe.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11526) (cherry picked from commit 6c2a56beec847da18e5ac60a30219f0dea39baf9) | 15 July 2020, 21:05:55 UTC |
| a5b8c19 | Nicola Tuveri | 13 July 2020, 16:22:18 UTC | [1.1.1][test] Avoid missing EC_GROUP wrappers Backport of https://github.com/openssl/openssl/pull/12096 to 1.1.1 broke the build as the following functions are missing: const BIGNUM *EC_GROUP_get0_field(const EC_GROUP *group); int EC_GROUP_get_field_type(const EC_GROUP *group); Turns out that for the purposes of the test code, we don't really need to differentiate between prime and binary fields, and we can directly use the existing `EC_GROUP_get_degree()` in the same fashion as was being done for binary fields also for prime fields. Fixes https://github.com/openssl/openssl/issues/12432 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12433) | 13 July 2020, 16:22:18 UTC |
| 2688dfb | Billy Brumley | 09 June 2020, 10:16:15 UTC | [test] ectest: check custom generators Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12096) (cherry picked from commit a01cae99ac384cb6a74b46ccdc90736fe0754958) | 12 July 2020, 08:10:10 UTC |
| 32adaca | Glenn Strauss | 05 June 2020, 21:14:08 UTC | improve SSL_CTX_set_tlsext_ticket_key_cb ref impl improve reference implementation code in SSL_CTX_set_tlsext_ticket_key_cb man page change EVP_aes_128_cbc() to EVP_aes_256_cbc(), with the implication of requiring longer keys. Updating this code brings the reference implementation in line with implementation in openssl committed in 2016: commit 05df5c20 Use AES256 for the default encryption algorithm for TLS session tickets add comments where user-implementation is needed to complete code (backport from https://github.com/openssl/openssl/pull/12063) Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12391) | 09 July 2020, 11:02:58 UTC |
| e1c246b | Nicola Tuveri | 28 June 2020, 17:23:29 UTC | [test][15-test_genec] Improve EC tests with genpkey Test separately EC parameters and EC key generation. Some curves only support explicit params encoding. For some curves we have had cases in which generating the parameters under certain conditions failed, while generating and serializing a key under the same conditions did not. See <https://github.com/openssl/openssl/issues/12306> for more details. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12308) | 07 July 2020, 08:58:31 UTC |
| 1940c09 | Nicola Tuveri | 26 June 2020, 22:42:49 UTC | [apps/genpkey] exit status should not be 0 on output errors If the key is to be serialized or printed as text and the framework returns an error, the app should signal the failure to the user using a non-zero exit status. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12305) (cherry picked from commit 466d30c0d7fa861a5fcbaebd2e2010a8c2aea322) | 07 July 2020, 08:57:57 UTC |
| 2797fea | Nicola Tuveri | 28 June 2020, 21:53:46 UTC | [EC][ASN1] Detect missing OID when serializing EC parameters and keys The following built-in curves do not have an assigned OID: - Oakley-EC2N-3 - Oakley-EC2N-4 In general we shouldn't assume that an OID is always available. This commit detects such cases, raises an error and returns appropriate return values so that the condition can be detected and correctly handled by the callers, when serializing EC parameters or EC keys with the default `ec_param_enc:named_curve`. Fixes #12306 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12312) | 04 July 2020, 11:56:25 UTC |
| a98fa84 | Richard Levitte | 01 July 2020, 08:06:59 UTC | Configure: Check source and build dir equality a little more thoroughly 'absolutedir' does a thorough job ensuring that we have a "real" path to both source and build directory, unencumbered by symbolic links. However, that isn't enough on case insensitive file systems on Unix flavored platforms, where it's possible to stand in, for example, /PATH/TO/Work/openssl, and then do this: perl ../../work/openssl/Configure ... and thereby having it look like the source directory and the build directory aren't the same. We solve this by having a closer look at the computed source and build directories, and making sure they are exactly the same strings if they are in fact the same directory. This is especially important when making symbolic links based on this directories, but may have other ramifications as well. Fixes #12323 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12337) (cherry picked from commit 610e2b3b7019b11d97f1dcda13575254a2c65c3d) | 02 July 2020, 16:56:33 UTC |
| bfbf06c | Miłosz Kaniewski | 30 June 2020, 19:46:38 UTC | Free pre_proc_exts in SSL_free() Usually it will be freed in tls_early_post_process_client_hello(). However if a ClientHello callback will be used and will return SSL_CLIENT_HELLO_RETRY then tls_early_post_process_client_hello() may never come to the point where pre_proc_exts is freed. Fixes #12194 CLA: trivial Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/12330) (cherry picked from commit 94941cada25433a7dca35b5b9f8cbb751ab65ab3) | 02 July 2020, 00:26:32 UTC |
| f924b29 | Pauli | 30 June 2020, 01:17:20 UTC | doc: remove reference to the predecessor of SHA-1. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12322) (cherry picked from commit 69f982679ec0c8887a4324d8518a33808fee1cd7) | 01 July 2020, 23:09:36 UTC |
| 0c3d024 | Matt Caswell | 25 June 2020, 09:43:20 UTC | Fix a typo on the SSL_dup page Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12245) | 30 June 2020, 09:54:02 UTC |
| 45f02e9 | Matt Caswell | 16 June 2020, 16:19:40 UTC | Add an SSL_dup test Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12245) | 30 June 2020, 09:54:02 UTC |
| 4864a23 | Matt Caswell | 16 June 2020, 16:40:40 UTC | Don't attempt to duplicate the BIO state in SSL_dup SSL_dup attempted to duplicate the BIO state if the source SSL had BIOs configured for it. This did not work. Firstly the SSL_dup code was passing a BIO ** as the destination argument for BIO_dup_state. However BIO_dup_state expects a BIO * for that parameter. Any attempt to use this will either (1) fail silently, (2) crash or fail in some other strange way. Secondly many BIOs do not implement the BIO_CTRL_DUP ctrl required to make this work. Thirdly, if rbio == wbio in the original SSL object, then an attempt is made to up-ref the BIO in the new SSL object - even though it hasn't been set yet and is NULL. This results in a crash. This appears to have been broken for a very long time with at least some of the problems described above coming from SSLeay. The simplest approach is to just remove this capability from the function. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12245) | 30 June 2020, 09:54:02 UTC |
| d3ef3d0 | Matt Caswell | 15 June 2020, 11:11:46 UTC | Update the SSL_dup documentation to match reality Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12245) | 30 June 2020, 09:54:02 UTC |
| 32d738c | Matt Caswell | 12 June 2020, 09:52:41 UTC | Ensure that SSL_dup copies the min/max protocol version With thanks to Rebekah Johnson for reporting this issue. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12245) | 30 June 2020, 09:54:02 UTC |
| 943c6da | Benny Baumann | 24 June 2020, 19:54:05 UTC | Force ssl/tls protocol flags to use stream sockets Prior to this patch doing something like openssl s_client -dtls1 -tls1 ... could cause s_client to speak TLS on a UDP socket which does not normally make much sense. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12266) (cherry picked from commit 2c9ba46c90e9d25040260bbdc43e87921f08c788) | 30 June 2020, 01:14:14 UTC |
| c437fc2 | Attila Szakacs | 25 June 2020, 11:40:33 UTC | Configuration: do not overwrite BASE_unix ex_libs in AIX BASE_unix sets ex_libs to `-lz` based the on zlib linking. AIX platforms overwrote this instead of adding to it. CLA: Trivial Signed-off-by: Attila Szakacs <attila.szakacs@oneidentity.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12271) (cherry picked from commit b1f9db698011e5a178d53483eccfd0a44f132baf) | 27 June 2020, 07:25:40 UTC |
| 7bdf1ee | pedro martelletto | 24 June 2020, 15:48:00 UTC | doc/man3: fix types taken by HMAC(), HMAC_Update() HMAC() and HMAC_Update() take size_t for 'n' and 'len' respectively. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12264) (cherry picked from commit cc63865f336e0144f8501aa0a862ba0247a50622) | 26 June 2020, 08:38:46 UTC |
| b295a4d | Tristan Bauer | 18 June 2020, 09:45:24 UTC | Fix wrong return value check of mmap function The mmap function never returns NULL. If an error occurs, the function returns MAP_FAILED. CLA: trivial Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12187) (cherry picked from commit 1d78129dd205e3e85083a91c33540a70c51b0a23) | 23 June 2020, 00:09:24 UTC |
| 35bb0e4 | Nicola Tuveri | 13 June 2020, 14:29:09 UTC | Refactor BN_R_NO_INVERSE logic in internal functions Closes #12129 As described in https://github.com/openssl/openssl/issues/12129 the readability of the internal functions providing the two alternative implementations for `BN_mod_inverse()` is a bit lacking. Both these functions are now completely internal, so we have the flexibility needed to slightly improve readability and remove unnecessary NULL checks. The main changes here are: - rename `BN_mod_inverse_no_branch()` as `bn_mod_inverse_no_branch()`: this function is `static` so it is not even visible within the rest of libcrypto. By convention upcase prefixes are reserved for public functions. - remove `if (pnoinv == NULL)` checks in `int_bn_mod_inverse()`: this function is internal to the BN module and we can guarantee that all callers pass non-NULL arguments. - `bn_mod_inverse_no_branch()` takes an extra `int *pnoinv` argument, so that it can signal if no inverse exists for the given inputs: in this way the caller is in charge of raising `BN_R_NO_INVERSE` as it is the case for the non-consttime implementation of `int_bn_mod_inverse()`. - `BN_mod_inverse()` is a public function and must guarantee that the internal functions providing the actual implementation receive valid arguments. If the caller passes a NULL `BN_CTX` we create a temporary one for internal use. - reorder function definitions in `crypto/bn/bn_gcd.c` to avoid forward declaration of `static` functions (in preparation for inlining) - inline `bn_mod_inverse_no_branch()`. (Backport to 1.1.1 from https://github.com/openssl/openssl/pull/12142) (cherry picked from commit 5d8b3a3ef2941b8822523742a0408ca6896aa65d) Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12169) | 21 June 2020, 12:46:54 UTC |
| 4dcfdfc | Matt Caswell | 27 May 2020, 10:50:05 UTC | Make it clear that you can't use all ciphers for CMAC Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12107) | 19 June 2020, 10:41:23 UTC |
| 19b4fe5 | Matt Caswell | 27 May 2020, 10:40:24 UTC | Add a CMAC test We did not have a test of the low level CMAC APIs so we add one. This is heavily based on the HMAC test. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12107) | 19 June 2020, 10:41:23 UTC |
| ce7bd71 | Matt Caswell | 27 May 2020, 10:38:39 UTC | Correctly handle the return value from EVP_Cipher() in the CMAC code EVP_Cipher() is a very low level routine that directly calls the underlying cipher function. It's return value semantics are very odd. Depending on the type of cipher 0 or -1 is returned on error. We should just check for <=0 for a failure. Fixes #11957 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12107) | 19 June 2020, 10:41:23 UTC |
| 86863f2 | Matt Caswell | 27 May 2020, 10:37:39 UTC | Ensure we never use a partially initialised CMAC_CTX If the CMAC_CTX is partially initialised then we make a note of this so that future operations will fail if the initialisation has not been completed. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12107) | 19 June 2020, 10:41:23 UTC |
| e705b92 | Hubert Kario | 05 June 2020, 18:21:55 UTC | use safe primes in ssl_get_auto_dh() DH_get_1024_160() and DH_get_2048_224() return parameters from RFC5114. Those parameters include primes with known small subgroups, making them unsafe. Change the code to use parameters from RFC 2409 and RFC 3526 instead (group 2 and 14 respectively). This patch also adds automatic selection of 4096 bit params for 4096 bit RSA keys backport of 7646610 Signed-off-by: Hubert Kario <hkario@redhat.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12160) | 17 June 2020, 16:37:55 UTC |
| 4151e30 | olszomal | 12 June 2020, 10:09:02 UTC | CMS_get0_signers() description CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12055) (cherry picked from commit 9ac916c7529a21cd01d1b539362abf8402719e30) | 16 June 2020, 14:16:47 UTC |
| 92cef3f | Richard Levitte | 13 June 2020, 20:16:14 UTC | EVP: allow empty strings to EVP_Decode* functions This is a simple check order correction. Fixes #12143 Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12144) (cherry picked from commit 0800288e6e1d9f44d471043a970ba57743ca8f4c) | 15 June 2020, 22:24:31 UTC |
| ac4f465 | Sebastian Andrzej Siewior | 25 April 2020, 21:57:00 UTC | doc: Random spellchecking A little spell checking. Backport of commit af0d413654d19 ("doc: Random spellchecking") Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <paul.dale@oracle.com> GH: #12075 | 13 June 2020, 10:04:11 UTC |
| 4b70970 | Tomas Mraz | 04 June 2020, 09:40:29 UTC | Do not allow dropping Extended Master Secret extension on renegotiaton Abort renegotiation if server receives client hello with Extended Master Secret extension dropped in comparison to the initial session. Fixes #9754 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12099) | 11 June 2020, 07:07:28 UTC |
| 5bd03af | Nicola Tuveri | 07 June 2020, 15:00:33 UTC | Test genpkey app for EC keygen with various args This commit adds a new recipe to test EC key generation with the `genpkey` CLI app. For each built-in curve, it tests key generation with text output, in PEM and in DER format, using `explicit` and `named_curve` for parameters encoding. The list of built-in curves is static at the moment, as this allows to differentiate between prime curves and binary curves to avoid failing when ec2m is disabled. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/12085) | 10 June 2020, 13:01:06 UTC |
| 0fef6d5 | Dr. David von Oheimb | 04 June 2020, 10:34:00 UTC | Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c Fixes #12033 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/12041) | 10 June 2020, 08:39:26 UTC |
| 1349865 | Dr. David von Oheimb | 05 June 2020, 14:34:51 UTC | Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/12041) | 10 June 2020, 08:39:26 UTC |
| 7f699cb | Dr. David von Oheimb | 03 June 2020, 05:49:27 UTC | Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12036) | 09 June 2020, 10:13:14 UTC |
| 46fe1c7 | Dr. David von Oheimb | 03 June 2020, 19:38:20 UTC | Replace BUF_strdup() call by OPENSSL_strdup() adding failure check in bss_acpt.c Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12036) | 09 June 2020, 10:13:14 UTC |
| 49eebbc | Nicola Tuveri | 02 June 2020, 18:06:48 UTC | [crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation `crypto/ec/ecp_nistz256.c` contained code sections guarded by a `ECP_NISTZ256_AVX2` define. The relevant comment read: > /* > * Note that by default ECP_NISTZ256_AVX2 is undefined. While it's great > * code processing 4 points in parallel, corresponding serial operation > * is several times slower, because it uses 29x29=58-bit multiplication > * as opposite to 64x64=128-bit in integer-only scalar case. As result > * it doesn't provide *significant* performance improvement. Note that > * just defining ECP_NISTZ256_AVX2 is not sufficient to make it work, > * you'd need to compile even asm/ecp_nistz256-avx.pl module. > */ Without diminishing the quality of the original submission, it's evident that this code has been basically unreachable without modifications to the library source code and is under-tested. This commit removes these sections from the codebase. (cherry picked from commit 00da0f69890874feaa555fafb99b967b861e9118 , backported from https://github.com/openssl/openssl/pull/12019 ) Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/12046) | 07 June 2020, 11:48:33 UTC |
| ad178c1 | Benjamin Kaduk | 28 May 2020, 21:34:10 UTC | Fix a typo in SSL_CTX_set_session_ticket_cb.pod "SSL" takes two esses, not three. [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12038) (cherry picked from commit 09527c493596060544bda92ecd0d8ef40a366c5e) | 06 June 2020, 00:11:58 UTC |
| 8354f53 | Vladimir Kotal | 12 August 2019, 12:02:52 UTC | enable DECLARE_DEPRECATED macro for Oracle Developer Studio compiler Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9575) | 04 June 2020, 14:43:46 UTC |
| e6a80cb | Bernd Edlinger | 02 June 2020, 09:52:24 UTC | Fix a buffer overflow in drbg_ctr_generate This can happen if the 32-bit counter overflows and the last block is not a multiple of 16 bytes. Fixes #12012 [extended tests] Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/12016) (cherry picked from commit 42fa3e66697baa121220b4eacf03607280e4ff89) | 03 June 2020, 11:16:57 UTC |
| 315170f | Jack O'Connor | 28 May 2020, 16:42:15 UTC | fix a docs typo Correct "EC_KEY_point2buf" to "EC_POINT_point2buf". The former does not exist. CLA: trivial Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11988) (cherry picked from commit a5a87011baeef71c86938a2bae54f89fbe99e5dc) | 02 June 2020, 11:02:31 UTC |
| 3476de9 | Bernd Edlinger | 28 May 2020, 09:20:50 UTC | Prevent extended tests run unexpectedly in appveyor Reason turns out that "git log -2" is picking up a merge commit and a random commit message from the master branch. Restore the expected behavior by using git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11981) (cherry picked from commit d805b83166538907535862372c16ff6ceb648b21) | 02 June 2020, 09:35:47 UTC |
| 3fc83fe | Bernd Edlinger | 31 May 2020, 05:51:23 UTC | Revert the check for NaN in %f format Unfortunately -Ofast seems to break that check. Fixes #11994 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12003) (cherry picked from commit 41dccd68b9b9b7622b26d264c5fa190aa5bd4201) | 01 June 2020, 16:21:12 UTC |
| ec5aad1 | Dr. David von Oheimb | 28 May 2020, 17:03:37 UTC | Make BIO_do_connect() and friends handle multiple IP addresses Backport of #11971 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11989) | 01 June 2020, 07:26:52 UTC |
| 7d76c1f | Bernd Edlinger | 25 May 2020, 18:13:47 UTC | bio printf: Avoid using rounding errors in range check There is a problem casting ULONG_MAX to double which clang-10 is warning about. ULONG_MAX typically cannot be exactly represented as a double. ULONG_MAX + 1 can be and this fix uses the latter, however since ULONG_MAX cannot be represented exactly as a double number we subtract 65535 from this number, and the result has at most 48 leading one bits, and can therefore be represented as a double integer without rounding error. By adding 65536.0 to this number we achive the correct result, which should avoid the warning. The addresses a symptom of the underlying problem: we print doubles via an unsigned long integer. Doubles have a far greater range and should be printed better. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11955) (cherry picked from commit 082c041b4233b17b80129d4ac6b33a28014442b0) | 29 May 2020, 13:24:36 UTC |
| 3c09a5b | Patrick Steuer | 27 May 2020, 14:32:43 UTC | EVP_EncryptInit.pod: fix example Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11976) (cherry picked from commit d561b84143f5e7956454090e15de0c5e1425ceac) | 28 May 2020, 18:53:28 UTC |
| 53eb05b | Patrick Steuer | 15 November 2019, 22:27:09 UTC | AES CTR-DRGB: performance improvement Optimize the the AES-based implementation of the CTR_DRBG construction, see 10.2.1 in [1]. Due to the optimizations, the code may deviate (more) from the pseudocode in [1], but it is functional equivalence being decisive for compliance: "All DRBG mechanisms and algorithms are described in this document in pseudocode, which is intended to explain functionality. The pseudocode is not intended to constrain real-world implementations." [9 in [1]]. The following optimizations are done: - Replace multiple plain AES encryptions by a single AES-ECB encryption of a corresponding pre-initialized buffer, where possible. This allows platform-specific AES-ECB support to be used and reduces the overhead of multiple EVP calls. - Replace the generate operation loop (which is a counter increment followed by a plain AES encryption) by a loop which does a plain AES encryption followed by a counter increment. The latter loop is just a description of AES-CTR, so we replace it by a single AES-CTR encryption. This allows for platform-specific AES-CTR support to be used and reduces the overhead of multiple EVP calls. This change, that is, going from a pre- to a post- counter increment, requires the counter in the internal state to be kept at "+1" (compared to the pseudocode in [1]) such that it is in the correct state, when a generate operation is called. That in turn also requires all other operations to be changed from pre- to post-increment to keep functional equivalence. [1] NIST SP 800-90A Revision 1 Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (cherry picked from commit 28bdbe1aaa474ae8cd83e520d02e463e46ce89d9) Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11968) | 28 May 2020, 18:24:05 UTC |
| d03ffea | Bernd Edlinger | 24 April 2018, 19:10:13 UTC | Avoid undefined behavior with unaligned accesses Fixes: #4983 [extended tests] Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11781) | 27 May 2020, 18:14:24 UTC |
| efdfc39 | Nicola Tuveri | 11 November 2019, 10:13:10 UTC | More testing for CLI usage of Ed25519 and Ed448 keys Add testing for the `req` app and explicit conversion tests similar to what is done for ECDSA keys. The included test keys for Ed25519 are from the examples in RFC 8410 (Sec. 10) The key for Ed448 is derived from the first of the test vectors in RFC 8032 (Sec. 7.4) using OpenSSL to encode it into PEM format. (cherry picked from commit 81722fdf2e01cfa71c46abbcc19e65aa003e083f) This is originally a cherry-pick from https://github.com/openssl/openssl/pull/10410, with trivial changes from the original commit to account for the differences in 1.1.1. Fixes #10687 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11939) | 25 May 2020, 23:11:22 UTC |
| e7bab42 | Nicola Tuveri | 11 November 2019, 13:52:52 UTC | More testing for sign/verify through `dgst` Add tests for signature generation and verification with `dgst` CLI for common key types: - RSA - DSA - ECDSA (cherry picked from commit ef1e59ed833e8ed1d5f4de5b0c734da8561890e3) This is a backport from https://github.com/openssl/openssl/pull/10410. Support for testing EdDSA through `pkeyutl` was dropped as the required `-rawin` option is not supported in 1.1.1. Fixes #10687 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11939) | 25 May 2020, 23:11:22 UTC |
| b7bc412 | Pauli | 24 May 2020, 21:43:45 UTC | Coverity 1463830: Resource leaks (RESOURCE_LEAK) Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11941) (cherry picked from commit bbc3c22c0e2b3b4b6f069712dc8322a48506b775) | 25 May 2020, 22:25:02 UTC |
| 1bde3c6 | Dr. David von Oheimb | 23 May 2020, 12:23:14 UTC | Fix B<..> vs. I<..> and add two remarks in OSSL_STORE_open.pod Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11912) | 25 May 2020, 18:59:42 UTC |
| 767b86e | Dr. David von Oheimb | 22 May 2020, 12:56:06 UTC | Allow NULL arg to OSSL_STORE_close() Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11912) | 25 May 2020, 18:59:42 UTC |
| 294beba | mettacrawler | 21 May 2020, 13:21:12 UTC | There is no -signreq option in CA.pl CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11897) | 25 May 2020, 06:08:53 UTC |
| e512efe | Tomas Mraz | 21 May 2020, 11:16:57 UTC | Prevent use after free of global_engine_lock If buggy application calls engine functions after cleanup of engines already happened the global_engine_lock will be used although already freed. See for example: https://bugzilla.redhat.com/show_bug.cgi?id=1831086 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11896) (cherry picked from commit e12813d0d31f4f7be2ccc592d382ef3e94bdb842) | 22 May 2020, 12:50:35 UTC |
| 2f4023e | Richard Levitte | 19 May 2020, 13:42:07 UTC | STORE: Make try_decode_PrivateKey() ENGINE aware This function only considered the built-in and application EVP_PKEY_ASN1_METHODs, and is now amended with a loop that goes through all loaded engines, using whatever table of methods they each have. Fixes #11861 (cherry picked from commit b84439b06a1b9a7bfb47e230b70a6d3ee46e8a19) Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11887) | 22 May 2020, 09:29:47 UTC |
| 176eb40 | Richard Levitte | 11 May 2020, 07:14:11 UTC | Fix d2i_PrivateKey() to work as documented d2i_PrivateKey() is documented to return keys of the type given as first argument |type|, unconditionally. Most specifically, the manual says this: > An error occurs if the decoded key does not match type. However, when faced of a PKCS#8 wrapped key, |type| was ignored, which may lead to unexpected results. (cherry picked from commit b2952366dd0248bf35c83e1736cd203033a22378) Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11888) | 20 May 2020, 19:27:53 UTC |
| cf94e84 | Tomas Mraz | 19 May 2020, 08:52:53 UTC | t1_trce: Fix remaining places where the 24 bit shift overflow happens [extended tests] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11857) (cherry picked from commit 7486c718e54cc762edc5f1c7c526ab83d0f97ef7) | 20 May 2020, 15:58:31 UTC |
| 5156ecb | Tomas Mraz | 19 May 2020, 08:51:53 UTC | Avoid potential overflow to the sign bit when shifting left 24 places Although there are platforms where int is 64 bit, 2GiB large BIGNUMs instead of 4GiB should be "big enough for everybody". Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11857) (cherry picked from commit 1d05eb55caa8965a151360c2469c463ecd990987) | 20 May 2020, 15:58:06 UTC |
| e110729 | Tomas Mraz | 19 May 2020, 08:51:19 UTC | Cast the unsigned char to unsigned int before shifting left This is needed to avoid automatic promotion to signed int. Fixes #11853 [extended tests] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11857) (cherry picked from commit cbeb0bfa961412eebfbdf1e72900f05527e81e15) | 20 May 2020, 15:57:22 UTC |
| 5f10fce | Bernd Edlinger | 17 May 2020, 00:08:56 UTC | Fix egd and devrandom source configs ./config --with-rand-seed=egd need to defines OPENSSL_RAND_SEED_EGD and OPENSSL_NO_EGD so get rid of OPENSSL_NO_EGD (compiles but I did not really test EGD) ./config --with-rand-seed=devrandom does not work since wait_random_seeded works under the assumption that OPENSSL_RAND_SEED_GETRANDOM is supposed to be enabled as well, that is usually the case, but not when only devrandom is enabled. Skip the wait code in this special case. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11848) (cherry picked from commit ddec332f329a432a45c0131d83f3bfb46114532b) | 20 May 2020, 12:49:09 UTC |
| de5e2cb | raja-ashok | 13 May 2020, 18:07:14 UTC | Update early data exchange scenarios in doc Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11816) (cherry picked from commit b2a5001d954e81e2a582f2a935212ab554a3cbbe) | 19 May 2020, 17:25:35 UTC |
| 76b0d1f | raja-ashok | 13 May 2020, 18:02:44 UTC | Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11816) (cherry picked from commit e0bcb4f97f7496af032013ead15b7472b60e85fa) | 19 May 2020, 17:25:35 UTC |
| 5cea584 | Bernd Edlinger | 17 May 2020, 12:45:28 UTC | Fix some places where X509_up_ref is used without error handling. This takes up the ball from #11278 without trying to solve everything at once. [extended tests] Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11852) | 19 May 2020, 06:47:52 UTC |
| da96ffd | Maxim Zakharov | 08 May 2020, 04:58:10 UTC | TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux) Signed-off-by: Maxim Zakharov <5158255+Maxime2@users.noreply.github.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11767) (cherry picked from commit 082394839ea32386abc7ee33aaa9da864287064c) | 18 May 2020, 09:05:21 UTC |
| 6b4b92d | raja-ashok | 10 May 2020, 17:17:00 UTC | Test TLSv1.3 out-of-band PSK with all 5 ciphersuites Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11809) | 15 May 2020, 16:13:37 UTC |
| dea4e33 | raja-ashok | 08 May 2020, 13:47:21 UTC | Fix crash in early data send with out-of-band PSK using AES CCM Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11809) | 15 May 2020, 16:13:37 UTC |
| 4268df6 | Nicolas Vigier | 05 March 2020, 19:39:05 UTC | If SOURCE_DATE_EPOCH is defined, use it for copyright year Using the date from SOURCE_DATE_EPOCH instead of the current date makes it possible to reproduce a build that was built on a different year: https://reproducible-builds.org/specs/source-date-epoch/ This is fixing an issue we had while building Tor Browser: https://trac.torproject.org/projects/tor/ticket/33535 CLA: trivial Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11296) (cherry picked from commit 11d7d903447ab866d037fb8bba4ceb49c7d89191) | 15 May 2020, 10:45:53 UTC |
| df94391 | Matt Caswell | 08 May 2020, 10:12:10 UTC | Correct alignment calculation in ssl3_setup_write The alignment calculation in ssl3_setup_write incorrectly results in an alignment allowance of (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1) bytes. This equals 3 in almost all cases. The maximum alignment actually used in do_ssl3_write is (SSL3_ALIGN_PAYLOAD - 1). This equals 7 bytes in almost all cases. So there is a potential to overrun the buffer by up to 4 bytes. Fortunately, the encryption overhead allowed for is 80 bytes which consists of 16 bytes for the cipher block size and 64 bytes for the MAC output. However the biggest MAC that we ever produce is HMAC-384 which is 48 bytes - so we have a headroom of 16 bytes (i.e. more than the 4 bytes of potential overrun). Thanks to Nagesh Hegde for reporting this. Fixes #11766 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11768) (cherry picked from commit d30ef639647ad263d09740c931a5bfb5a8b6a5f6) | 15 May 2020, 10:36:35 UTC |
| fa41bbe | Orgad Shaneh | 24 February 2020, 07:02:31 UTC | Configure: Avoid SIXTY_FOUR_BIT for linux-mips64 This is a 32-bit ABI build (as opposed to linux64-mips64). Setting SIXTY_FOUR_BIT breaks hardware optimizations, at least on octeon processors. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11154) | 15 May 2020, 10:23:58 UTC |
| 024035b | Bernd Edlinger | 10 May 2020, 04:37:12 UTC | Fix rsa8192.pem Q: How did I do that? A: That's a long story. Precondition: I used sage 8.1 for the math, it could probably done with simple python as well but I did not try. First I extract numbers from rsa8192.pem: openssl rsa -in rsa8192.pem -noout -text | sed "s/://g; s/ //g;" cut&paste the numbers into sage: modulus 00890d9fd57e81b5ed43283d0ea020 4a1229333d6fb9c37a179375b09c4f 7b5b1cf2eb025979b6d90b709928a0 6725e04caf2b0f7fe94afbdf9f3fa5 66f1ba75c2f6dc488039f410eb5fa8 ab152b8cfdb76791bb853059438edf ae56bc70a32a9f3e2d883e8b751d08 3797999dc81a9c4d6bdb3a75362fd1 d9c497cf5028dfcdd4cc3eb318e79f c0db45cbeed955da8a447f0872dee5 65bde4013340e767731441fae4fa54 51356bfbc84e1271b39f111f5f8ef3 a6c8973765b39addef80306194f4ea 89fdfc8e9744866323f6936de89b2f e2741578b8eb3c41676702fabc50ec c376e6b7b6e7f94e7d7b5c1bab3c9f 23bb0c8f04d8aca64c309fc063c406 553e1c1421cc45060df7f48c49f5c5 b459d572e273402d6a3ff008657fe9 1936714d1823c5cad53d80630b3216 9bf70feb2ebc1af6a35ee0bf059aed 49c4e367d567e130e2846859b271fd a8949b182e050819866b8e762ed29f fb3f7ca14cebfc2488662be4b3980f c8d31890a05f38ae9690cc7d9d3efc 4808e03da104a8c28bb480bb814995 a6e8b8978ab8350d90b3894e3abf7d c4ad0956335752c8d6944b38a1715e 7d9950f49e6cdba171fbe651a2ca26 65a7c70b6e8cf3a02c2f93dad8aa95 06481cdb032d04082a5a6c6a733b65 20fa80e2ef57b9cf858ca5ea11e084 bc31a386fc6b099f069786207f80d6 1f2bef294400d59394ad1006431366 a54ae09b0ecd3377dcd8af8fde9b94 fd559b0b7adc5113ba66fc4b3dc842 ee562cfcfd39b4ffc31576635873fc 59535b7aa98605772436c251834e23 4fb2347cc970a49818cac2a9ee95eb b55fa2da66edd53e11245c6732140a ae41491288cbf462eef8a807b46d0d affa38d9ccfe8033d2d4a3cf5c5b82 9df12183f7a05d3650153cd317a017 083ac641c2c3ad11305de0a032be45 c439bd7bbbe3cb97850f9d2c66f72a 4a66e9d434544fc6d294ca3c92627b e518bfa44e3017ac8ad9c0a26a227d 2e8677da0a4de8edb53ac9530adb63 83c72dbf562dc4d0fea4e492f09eb1 74548381a8686db3aeaaa3a9960cff 25e8c64701115da54fa7a1fb2c566a fcb4b2a63268d818c3391a62885d13 41b3492c4f0167291b3d026a44e68c 02f2d4d255d4c0906b92a2ced0c0bb f2bcdceaec1189895af4232dc386c9 75bf3477e5a70d3ab0ac0e5dc37024 0e34a276b155d5e290f77416a1986d ec47f8c78236ac7df249df9ba21a80 2e6bd75b4fb1c6ffe0f4cf548761a5 6a1fcccee156523a718987f3fdaedc 7171c9050db89a83f24c5a283695b9 c28de6d3b69fc1714b0add335a0ce6 fbbdbd0bbdb01e44969d775105bba3 d2947dca2f291250f9b851e76f514d dc5a3aa4498e6521314991568860eb ff1258d8b4aee9ee4159153684c0c0 16c60b17537a50b53cd59aad60678b d73f0714ab4ccae7416bab417b4907 36d59b2e9f I used echo `echo "<paste>" ` | sed "s/ //g" to get everything in one line, put that again into the clipboard and then start sage, type N=0x<paste><CR> sage: N=0x00890d9fd57e81b5ed43283d0ea0204a1229333d6fb9c37a179375b09c4f7b5b1cf2eb025979b6d90b709928a06725e04caf2b0f7fe94afbdf9f3fa566f1ba75c2f6dc488039f410eb5fa8ab152b8cfdb76791bb853059438edfae56bc70a32a9f3e2d883e8b751d083797999dc81a9c4d6bdb3a75362fd1d9c497cf5028dfcdd4cc3eb318e79fc0db45cbeed955da8a447f0872dee565bde4013340e767731441fae4fa5451356bfbc84e1271b39f111f5f8ef3a6c8973765b39addef80306194f4ea89fdfc8e9744866323f6936de89b2fe2741578b8eb3c41676702fabc50ecc376e6b7b6e7f94e7d7b5c1bab3c9f23bb0c8f04d8aca64c309fc063c406553e1c1421cc45060df7f48c49f5c5b459d572e273402d6a3ff008657fe91936714d1823c5cad53d80630b32169bf70feb2ebc1af6a35ee0bf059aed49c4e367d567e130e2846859b271fda8949b182e050819866b8e762ed29ffb3f7ca14cebfc2488662be4b3980fc8d31890a05f38ae9690cc7d9d3efc4808e03da104a8c28bb480bb814995a6e8b8978ab8350d90b3894e3abf7dc4ad0956335752c8d6944b38a1715e7d9950f49e6cdba171fbe651a2ca2665a7c70b6e8cf3a02c2f93dad8aa9506481cdb032d04082a5a6c6a733b6520fa80e2ef57b9cf858ca5ea11e084bc31a386fc6b099f069786207f80d61f2bef294400d59394ad1006431366a54ae09b0ecd3377dcd8af8fde9b94fd559b0b7adc5113ba66fc4b3dc842ee562cfcfd39b4ffc31576635873fc59535b7aa98605772436c251834e234fb2347cc970a49818cac2a9ee95ebb55fa2da66edd53e11245c6732140aae41491288cbf462eef8a807b46d0daffa38d9ccfe8033d2d4a3cf5c5b829df12183f7a05d3650153cd317a017083ac641c2c3ad11305de0a032be45c439bd7bbbe3cb97850f9d2c66f72a4a66e9d434544fc6d294ca3c92627be518bfa44e3017ac8ad9c0a26a227d2e8677da0a4de8edb53ac9530adb6383c72dbf562dc4d0fea4e492f09eb174548381a8686db3aeaaa3a9960cff25e8c64701115da54fa7a1fb2c566afcb4b2a63268d818c3391a62885d1341b3492c4f0167291b3d026a44e68c02f2d4d255d4c0906b92a2ced0c0bbf2bcdceaec1189895af4232dc386c975bf3477e5a70d3ab0ac0e5dc370240e34a276b155d5e290f77416a1986dec47f8c78236ac7df249df9ba21a802e6bd75b4fb1c6ffe0f4cf548761a56a1fcccee156523a718987f3fdaedc7171c9050db89a83f24c5a283695b9c28de6d3b69fc1714b0add335a0ce6fbbdbd0bbdb01e44969d775105bba3d2947dca2f291250f9b851e76f514ddc5a3aa4498e6521314991568860ebff1258d8b4aee9ee4159153684c0c016c60b17537a50b53cd59aad60678bd73f0714ab4ccae7416bab417b490736d59b2e9f likewise for prime1 (P), prime2 (Q) and privateExponent (D) and publicExponent (E) sage: P=0x00c6d6eb9c0f93f8b8de74b2799798c1c1ed47549426a0d76af61f04f0b455184acfeec354c1703709e8727ea0213001738e395b5ca5ed4deec30f8b1ae0e54a516777c5ae897a5562e77dfe378dbba32ee30bcdb275ab7f87f8b9af02712d371a6aa671b44e0f667a6f2d406e5099d942f592ff5c517d452d58cf3f51120062a878fb77066650275b897caf078a5353f1d714963ff90818b6b87c6db438681b4b315c4fd256c1bd383fcf8e67b49a3ee077373a66d77e4c02eebe9350478a51cdfa395d60d905c1189ed7041373f1609075faf9d9f39d3d7b0e7fc8b1d36cb8c5c48731ef5cd87e11f480cdfa4b3ee6cf7eebd3e13f4244647396d52030b82c39d69a3a4075ee90531d1ddb5f1284dc7ab09a3892de5c0ddeed115c7c9ee5fc008658830b0e6f7f366a72f215192498474ade046fc10e92591dfa133e4beff98758e0e92c05f999504a486e3f71c15b73adf7fe0d311f0d0dc1a8e2aff92572475a92e60f970174c80c4948a0cb86635cb438519b18c260ff9f212925e684ef151cc91fa1c4c8dbbc337c9b46f9a93c88cce49e49a670762186e8858051f93ebff7b0b50caadd9b32f93e396b5a6d1cd7f77b2e50e83fae5f3928433268f6cc28810071ce334025a24c7ebf92e631df0d26e99923018946de4ea5e30e868c33ea3d408d8c58815ecf9892fa3afa5f6fbef9a1dfda2da51b6f01f3dae588bdf17b sage: Q=0x00b073b35a3bba0954b242961630e8e0af8d3ea8aad80d55669e9e79c388983363d96fe471205743001b4798b81de1be3fb06353fd0c9c4fd43f91f9cb2162b00583cc94ff791a615348d01977ca05f4796d5bff41d94dda1cb3ef2433ff4f6500d15ab290a14e651efa91b7df5d5e50f8356188d9842dcdd67c89eb7d40baa78f045969b804f7a985d35a8a8ac32715cb212a34fb89e85e538275e53663fe675944d2b5dba77b7b7abfacd8fbddee4427db6460b728952af882992750c2542d2122247d7f431ec2fe64c0311b0de5290eb619c6ab476308d59f3efff7255d07ebb51fe64ac5967c0b79bae07d36283cf768c8eee2054349cefe90876da66a52e9e0ff20cc00a40fb0c69524e7a01e5c2f07239831a0fa2f56ad405b3a25537907d990e8f5a3e4f3df99dda6afc30d4565aa5881f64adcc6f6be4077893c7e7710623e6158359c3facfef5036779903065fd0d0a2ed8bf2e53a46758dbff06284670bf10bd2e13cba4323ce50fa43df373bd0940011c424f41c5035a10b8095f420ddb67189f6dad62f1257b0f46e353a90eacc145c7db74998a5d0d8772ba1286eb582504465290171e4db87f2e89564214a2317953a7307b1b4c8dad5920866087d7ae80845478813bdf5f6740d0f3b975a344272804b036e4fef09e91d60d1a730fda2f5c222f7636bbe252f9a6caa86d5e8be7e7db2cf912817a0898a4742d sage: D=0x3b900240c4a416aeb09b123e02f5457bb31023c9249081c5313edaac741686388492020964ce4471a653c9c63c4dc7b74c0188d0ec50bc3a29797da6c9b3616e83dea45ba5d41e6e4cba7eefca6791f45d3c86a491a899a5c42c7e61930a3681d281f34e4b49707e9bba74f68f7a91274c92904b546b5fe6267c5b8ad8d8bb199a523d7fbb5a40748b56dfccf074f3d664e705153dd903b7cd95bac556be3ab59a165d7cbb765e21a4a1d97e34b412baf1caacb57543d2bd8e5ae5cd2a86dc41e256f3f5c0073052859d1c8a12f4973caa88de2e5eb2eef8d6ebdb66fe154d8e383cba74693753affaf4dbc8e2988c08f947b1f8473a7163775656448572c325250ad2cd75c9f5d42721b91ae8fb427773605afa2f4297daf7ab34f5d71144185f3f5cbc94041081fae19fd5d47fc49421080edc5d658b5f223fb1e9b172f4da1a92263fa922225d4c0231e35d94d276fcb0e0999f5f26068528c83f49b0dd79fb157c49fe8b3d80e7cd2b3da76478ebd2ae2c8164583bee2f96591e2f41ad799ae0e2855a5699996fb2c7efb69f86874bca58628e512d579b247e43ee8db04b424e84e44cf753f86e12dd8d2e0ea0b800e6c313317c14658993b8e04c7fb5de1cba0829123dc518957be2a46f76f8ff305fee17b2310bfdd66a93c8b050451f8ceb26c518b7abb72faf08fca0bf6df8a80de511ffc00dc350cd87e52c9cf5771892300e420929da698b6b973da849c89410f089e9b39de79fc1a01a27d2f879ce5cd80ca0a3899d9f480c68d7a5f8c8b3c74936b19f0c7174987df437658046adaffdaddc3540be7fc06a1d2290f58ad9a2992d32e9ecbadf2eed961b4e68c8a89a5709a334082ad297348c4c31c54a3dadccb93afaa9f1786c4167021d4a16dd78afb41131bdd651357bd44f42cfee5d03fdfae087255d18a6a41c03aa6408b6097d8a6848cbbf05a7f20207d5673ea5e6dc849d5d3009c6e8a6c41285cd64f71b536d8345d61f404079278facde0d6e2264cbe655e877468bd3e76380d91f282f26ae17e41a1bac76c148c4c75dd22656816ab259e2c79920e27e6bcfa83732ac6e0a245dcd9cc82f69e45019cf53ac39bebca3ddea0f55ef97b6d8f7b7eadaae792fb1b55c73cf2ed644e651a22c60ed9c0bb063c50fadda6beccbf6c88c41ef1546bab5f21dbe4fbeeb11f3c5c40fa1cc3df2c11bfe7910d1d36a5ec6e66462c7e216481008931039299d23f2be4d838fb010b661a8541a8b7f7bf7d6c8032895e82133e24c835e5a3491249ec69f28e22cf9b0fab9be9ea17026fbadd470eee4676d7ac79976a1c6807e89b5dabab815ffa076caeaeb53f505a31129dac1e9f0b5d919f17aced63574c8524000022b6bc6cb9c8d6a06e44c72e055a1e2706e736af241ab3084fa56cf942aa139440f74e230be31cd8dd4bf0cbdd657f1 sage: E=0x10001 check: sage: is_pseudoprime(P) True sage: gcd(N,P) 811194519730394220204949383061971492284209477134487451053533919242408334468793875483685418435472924384137737409878754330061341487239404629370463160720071782806016579636145456953095810661706004899017496722730291178259805745059054744795252171022091469940626116746608128441399036310378334222880519662696558703165249434265697658704322903051581598088400258377253583825209022558177374913570364047051007093402547387492492645729748176160840842076964161794363721255756097675823463557162877865622894488049720201680509519072521257128596878592149455958732762099800396648453225220977153025222265023206761554302369499402146842619059859650958489842850140873473393484632985863967898676228674751576699965523367097641503814266418957281198265955430221973482931544501209059788536033857660452959160612655542331433647351037413298986228798018950712662579341162832440884265576141868775326408627532047094505284395403786932363148262901839514736964209136867574532808481484592060405175685831168554790879720280778881035860464184791941816702480873202940903024652495084770128062224279875598826600084633389722629461385386069921483006677287847102371176994910369378323222717613076771700378608286670543729473076010314569999636269167049088093674649352610884381826740603 sage: N%P 0 >> P seems to be a prime, and is indeed a factor of N. sage: is_pseudoprime(Q) False sage: gcd(N,Q) 1 sage: ecm(Q) Found composite factor of 3 digits: 675 Composite cofactor ... has 1231 digits. Q has a small factor. The large cofactor is way too large to be factorized (today). >> Q must be wrong. sage: pow(pow(2,E,N),D,N) 2 sage: pow(pow(3,E,N),D,N) 3 sage: pow(pow(5,E,N),D,N) 5 sage: pow(pow(7,E,N),D,N) 7 sage: pow(pow(11,E,N),D,N) 11 sage: pow(pow(1000,E,N),D,N) 1000 >> x^D mod N is indeed the inverse of x^E mod N >> D seems to be correct. >> now compute sage: Qcorrect = N/P sage: is_prime(Qcorrect) False sage: is_pseudoprime(Qcorrect) True >> surprise, this is a sage artefact. >> is_prime is supposed to tell if Qcorrect >> is a provable prime, but these numbers are >> too large for a proof. sage: help(Qcorrect) class Rational ... >> oops, it is of course not a rational number. sage: Qcorrect = Integer(N/P) class Integer ... >> okay now it is an integer. sage: is_prime(Qcorrect) >> takes way too long: press CTRL-C sage: is_pseudoprime(Qcorrect) True >> so the correct Q seems to be a prime. sage: Q-Qcorrect 4468358315186607582623830645994123175323958284313904132666602205502546750542721902065776801908141680869902222733839989940221831332787838985874881107673910358472026239723185949529735314601712865712198736991916521419325287976337589177915143787138292689484229106140251936135768934015263941567159094923493376 sage: hex(Q-Qcorrect) '1a10400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000' >> interesting, now figure out the bits that are flipped in Q: Q ...20ddb67189f6dad... Qcorrect ...20dd9c6149f6dad... $ openssl rsa -in rsa8192.pem -outform der -out rsa8192.der writing RSA key $ xxd -ps < rsa8192.der > rsa8192.hex $ sed "s/20ddb67189f6dad/20dd9c6149f6dad/" < rsa8192.hex > rsa8192.out $ diff rsa8192.hex rsa8192.out 100c100 < 10b8095f420ddb67189f6dad62f1257b0f46e353a90eacc145c7db74998a --- > 10b8095f420dd9c6149f6dad62f1257b0f46e353a90eacc145c7db74998a >> et voila $ xxd -ps -r < rsa8192.out > rsa8192.der $ openssl rsa -inform der -in rsa8192.der -out rsa8192.pem writing RSA key $ openssl rsa -check -noout -in rsa8192.pem RSA key ok $ git diff diff --git a/apps/rsa8192.pem b/apps/rsa8192.pem index 946a6e5..83d962f 100644 --- a/apps/rsa8192.pem +++ b/apps/rsa8192.pem @@ -1,5 +1,4 @@ -----BEGIN RSA PRIVATE KEY----- - MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY @@ -62,7 +61,7 @@ JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9 DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN -22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU +2cYUn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8 @@ -98,4 +97,3 @@ TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8= -----END RSA PRIVATE KEY----- - >> DONE. Fixes #11776 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11783) (cherry picked from commit 7ef43790617cb08b4bb4141df716dfb37385fe5c) | 13 May 2020, 04:29:53 UTC |
| 3ee36aa | Tomas Mraz | 11 May 2020, 15:15:40 UTC | Replace misleading error message when loading PEM The error message "short header" when the end line of PEM data cannot be identified is misleading. Replace it with already existing "bad end line" error. Fixes #8815 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11793) (cherry picked from commit f523ca66612e6712f287aa4b4ed722a5f2d4d960) | 12 May 2020, 17:25:14 UTC |
| 69296e2 | Maximilian Blenk | 07 April 2020, 17:33:39 UTC | Fix PEM certificate loading that sometimes fails As described in https://github.com/openssl/openssl/issues/9187, the loading of PEM certificates sometimes fails if a line of base64 content has the length of a multiple of 254. The problem is in get_header_and_data(). When such a line with a length of 254 (or a multiple) has been read, the next read will only read a newline. Due to this get_header_and_data() expects to be in the header not in the data area. This commit fixes that by checking if lines have been read completely or only partially. In case of a previous partial read, a newline will be ignored. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11741) (cherry picked from commit 0324ffc5d5d393111288eca2c9d67f2141ed65f5) | 08 May 2020, 20:55:09 UTC |
