| 52c587d | Matt Caswell | 16 February 2021, 15:24:01 UTC | Prepare for 1.1.1j release Reviewed-by: Richard Levitte <levitte@openssl.org> | 16 February 2021, 15:24:01 UTC |
| 2b2e310 | Matt Caswell | 16 February 2021, 15:04:45 UTC | Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> | 16 February 2021, 15:17:22 UTC |
| 8b02603 | Matt Caswell | 16 February 2021, 12:17:04 UTC | Update CHANGES and NEWS for new release Reviewed-by: Richard Levitte <levitte@openssl.org> | 16 February 2021, 12:33:40 UTC |
| 6a51b9e | Matt Caswell | 02 February 2021, 17:17:23 UTC | Don't overflow the output length in EVP_CipherUpdate calls CVE-2021-23840 Reviewed-by: Paul Dale <pauli@openssl.org> | 16 February 2021, 11:42:35 UTC |
| 481a88f | Matt Caswell | 22 January 2021, 16:50:11 UTC | Fix rsa_test to properly test RSA_SSLV23_PADDING We test all three cases: - An SSLv2 only client talking to a TLS capable server - A TLS capable client talking to an SSLv2 only server - A TLS capable client talking to a TLS capable server (should fail due to detecting a rollback attack) Reviewed-by: Paul Dale <pauli@openssl.org> | 16 February 2021, 11:38:22 UTC |
| 901f1ef | Matt Caswell | 22 January 2021, 16:38:50 UTC | Fix the RSA_SSLV23_PADDING padding type This also fixes the public function RSA_padding_check_SSLv23. Commit 6555a89 changed the padding check logic in RSA_padding_check_SSLv23 so that padding is rejected if the nul delimiter byte is not immediately preceded by at least 8 bytes containing 0x03. Prior to that commit the padding is rejected if it *is* preceded by at least 8 bytes containing 0x03. Presumably this change was made to be consistent with what it says in appendix E.3 of RFC 5246. Unfortunately that RFC is in error, and the original behaviour was correct. This is fixed in later errata issued for that RFC. This has no impact on libssl for modern versions of OpenSSL because there is no protocol support for SSLv2 in these versions. However applications that call RSA_paddin_check_SSLv23 directly, or use the RSA_SSLV23_PADDING mode may still be impacted. The effect of the original error is that an RSA message encrypted by an SSLv2 only client will fail to be decrypted properly by a TLS capable server, or a message encrypted by a TLS capable client will fail to decrypt on an SSLv2 only server. Most significantly an RSA message encrypted by a TLS capable client will be successfully decrypted by a TLS capable server. This last case should fail due to a rollback being detected. Thanks to D. Katz and Joel Luellwitz (both from Trustwave) for reporting this issue. CVE-2021-23839 Reviewed-by: Paul Dale <pauli@openssl.org> | 16 February 2021, 11:38:22 UTC |
| 16c15c7 | Matt Caswell | 22 January 2021, 15:49:31 UTC | Refactor rsa_test Reduce code copying by factoring out common code into a separate function. Reviewed-by: Paul Dale <pauli@openssl.org> | 16 February 2021, 11:38:22 UTC |
| df1defb | Matt Caswell | 10 February 2021, 16:36:57 UTC | Test that X509_issuer_and_serial_hash doesn't crash Provide a certificate with a bad issuer and check that X509_issuer_and_serial_hash doesn't crash. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (cherry picked from commit 55869f594f052561b11a2db6a7c42690051868de) | 16 February 2021, 11:34:03 UTC |
| 122a19a | Matt Caswell | 10 February 2021, 16:10:36 UTC | Fix Null pointer deref in X509_issuer_and_serial_hash() The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. CVE-2021-23841 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (cherry picked from commit 8130d654d1de922ea224fa18ee3bc7262edc39c0) | 16 February 2021, 11:34:02 UTC |
| c8c6e74 | Richard Levitte | 11 January 2021, 07:51:43 UTC | VMS documentation fixes This mostly clarifies details. Fixes #13789 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13834) | 12 February 2021, 14:54:31 UTC |
| 1881643 | Richard Levitte | 11 January 2021, 07:31:21 UTC | Configurations/descrip.mms.tmpl: avoid enormous PIPE commands DCL has a total command line limitation that's too easily broken by them. We solve them by creating separate message scripts and using them. Fixes #13789 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13834) | 12 February 2021, 14:54:31 UTC |
| ee833fe | Benjamin Kaduk | 27 January 2021, 20:19:08 UTC | Remove unused 'peer_type' from SSL_SESSION This field has not been used since #3858 was merged in 2017 when we moved to a table-based lookup for certificate type properties instead of an index-based one. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/13991) (cherry picked from commit 3bc0b621a7baf1a11bc5cad69a287ad093674d68) | 10 February 2021, 06:15:18 UTC |
| b5aff22 | Richard Levitte | 05 February 2021, 14:32:42 UTC | Configuration: ensure that 'no-tests' works correctly 'no-tests' wasn't entirely respected by test/build.info. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14081) | 07 February 2021, 06:20:39 UTC |
| a2a7647 | Richard Levitte | 05 February 2021, 14:00:17 UTC | configdata.pm: Better display of enabled/disabled options The options listed in the array @disablables are regular expressions. For most of them, it's not visible, but there are a few. However, configdata.pm didn't quite treat them that way, which meant that the few that are visibly regular expressions, there's a difference between that and the corresponding the key in %disabled, which is never a regular expression. To correctly display the enabled and disabled options with --dump, we must therefore go through a bit of Perl gymnastics to get the output correct enough, primarly so that disabled features don't look enabled. Fixes #13790 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14081) | 07 February 2021, 06:20:39 UTC |
| fb97b8e | Jay Satiro | 05 February 2021, 08:42:06 UTC | NOTES.WIN: fix typo CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/14078) | 05 February 2021, 18:43:23 UTC |
| 8d5ace5 | Bernd Edlinger | 31 January 2021, 18:35:42 UTC | Prevent creating empty folder "../apps/include" This folder "../apps/include" is accidentally created. This prevents this glitch. Fixes 19b4fe5844b ("Add a CMAC test") Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14051) | 04 February 2021, 07:02:37 UTC |
| dabea54 | Armin Fuerst | 29 January 2021, 18:16:14 UTC | apps/ca: Properly handle certificate expiration times in do_updatedb Fixes #13944 + changed ASN1_UTCTIME to ASN1_TIME + removed all Y2K code from do_updatedb + changed compare to ASN1_TIME_compare Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14026) | 03 February 2021, 10:27:36 UTC |
| 2d8109f | Dr. Matthias St. Pierre | 31 January 2021, 21:08:33 UTC | Add some missing committers to the AUTHORS list Fixes #13815 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14029) (cherry picked from commit af403db090ee66715e81f0062d1ef614e8d921b5) | 02 February 2021, 15:50:16 UTC |
| c2fc111 | Dr. David von Oheimb | 26 January 2021, 10:53:15 UTC | check_sig_alg_match(): weaken sig nid comparison to base alg This (re-)allows RSA-PSS signers Fixes #13931 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13982) | 28 January 2021, 18:27:42 UTC |
| a7222fc | Richard Levitte | 24 January 2021, 07:48:22 UTC | Drop Travis At this point, we have transitioned completely from Travis to GitHub Actions Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13941) | 25 January 2021, 12:44:45 UTC |
| 76e30a4 | Tomas Mraz | 19 January 2021, 14:59:22 UTC | CI: Add some legacy stuff that we do not test in GitHub CI yet There are some options that seem to belong to the legacy build. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13903) (cherry picked from commit adcaebc3148fe0fde3f7641c4b607f30e1479986) | 21 January 2021, 16:10:52 UTC |
| b8cee4c | Tim Hitchins | 20 January 2021, 11:35:33 UTC | Fix typo in crl2pkcs documentation Fixes #13910 CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13911) (cherry picked from commit 6857058016e91d3182c2117922dd8001b27f5639) | 21 January 2021, 14:33:47 UTC |
| 0a31723 | Matt Caswell | 06 January 2021, 17:03:44 UTC | Ensure SRP BN_mod_exp follows the constant time path SRP_Calc_client_key calls BN_mod_exp with private data. However it was not setting BN_FLG_CONSTTIME and therefore not using the constant time implementation. This could be exploited in a side channel attack to recover the password. Since the attack is local host only this is outside of the current OpenSSL threat model and therefore no CVE is assigned. Thanks to Mohammed Sabt and Daniel De Almeida Braga for reporting this issue. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13889) | 20 January 2021, 16:27:10 UTC |
| 69b3a65 | Tomas Mraz | 19 January 2021, 13:56:16 UTC | Fix regression in no-deprecated build Also add a new no-deprecated CI build to test it. Fixes #13896 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/13902) | 19 January 2021, 14:45:34 UTC |
| a83690c | Richard Levitte | 18 January 2021, 09:51:11 UTC | DOCS: Fix incorrect pass phrase options references There were a number of older style references to the pass phrase options section, now streamlined with the current openssl(1). Fixes #13883 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/13886) | 19 January 2021, 11:35:44 UTC |
| 76ed0c0 | Dr. David von Oheimb | 28 December 2020, 10:25:59 UTC | x509_vfy.c: Fix a regression in find_isser() ...in case the candidate issuer cert is identical to the target cert. Fixes #13739 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13749) | 14 January 2021, 13:44:21 UTC |
| fb1e241 | Dr. David von Oheimb | 30 December 2020, 08:57:49 UTC | X509_cmp(): Fix comparison in case x509v3_cache_extensions() failed to due to invalid cert This is the backport of #13755 to v1.1.1. Fixes #13698 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13756) | 14 January 2021, 13:36:09 UTC |
| 2a9785c | Dmitry Belyavskiy | 13 January 2021, 07:51:39 UTC | Skip BOM when reading the config file Fixes #13840 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13857) (cherry picked from commit 4369a882a565c42673b28c586a5c46a8bca98d17) | 14 January 2021, 10:23:50 UTC |
| cfd7225 | Todd Short | 02 September 2020, 20:57:46 UTC | Fix -static builds Pull in check from #10878 Move disabling of pic, threads and statics up higher before they are checked. Fixes #12772 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12773) | 14 January 2021, 09:35:16 UTC |
| dfe0718 | David Carlier | 09 December 2020, 20:23:32 UTC | OPENSSL_cpuid_setup FreeBSD arm update. when possible using the getauxval equivalent which has similar ids as Linux, instead of bad instructions catch approach. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13650) (cherry picked from commit 5eb24fbd1c3e0d130ba7f81f1ccf457a2b9d75ad) | 14 January 2021, 08:37:19 UTC |
| fc4ca44 | David Carlier | 09 January 2021, 14:17:29 UTC | OPENSSL_cpuid_setup FreeBSD PowerPC update Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13821) (cherry picked from commit b57ec7394aace731c460b509aa84039274337600) | 14 January 2021, 08:31:03 UTC |
| 6e3ba20 | Billy Brumley | 08 January 2021, 11:45:49 UTC | [crypto/dh] side channel hardening for computing DH shared keys (1.1.1) Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13772) | 10 January 2021, 19:58:39 UTC |
| 212d711 | anupamam13 | 02 November 2020, 12:20:11 UTC | Fix for negative return value from `SSL_CTX_sess_accept()` Fixes #13183 From the original issue report, before this commit, on master and on 1.1.1, the issue can be detected with the following steps: - Start with a default SSL_CTX, initiate a TLS 1.3 connection with SNI, "Accept" count of default context gets incremented - After servername lookup, "Accept" count of default context gets decremented and that of SNI context is incremented - Server sends a "Hello Retry Request" - Client sends the second "Client Hello", now again "Accept" count of default context is decremented. Hence giving a negative value. This commit fixes it by adding a check on `s->hello_retry_request` in addition to `SSL_IS_FIRST_HANDSHAKE(s)`, to ensure the counter is moved only on the first ClientHello. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13297) | 08 January 2021, 23:05:24 UTC |
| 37d9e3d | Matt Caswell | 10 December 2020, 10:36:23 UTC | Ensure DTLS free functions can handle NULL Our free functions should be able to deal with the case where the object being freed is NULL. This turns out to not be quite the case for DTLS related objects. Fixes #13649 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13655) (cherry picked from commit d0afb30ef3950cacff50ec539e90073b95a276df) | 08 January 2021, 10:36:53 UTC |
| a953f26 | Ole André Vadla Ravnås | 30 December 2020, 21:14:23 UTC | poly1305/asm/poly1305-armv4.pl: fix Clang compatibility issue I.e.: error: out of range immediate fixup value This fix is identical to one of the changes made in 3405db9, which I discovered right after taking a quick stab at fixing this. CLA: trivial Fixes #7878 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13757) | 07 January 2021, 08:58:25 UTC |
| 80d5bad | Dr. David von Oheimb | 02 January 2021, 20:23:12 UTC | Update copyright years of auto-generated headers (make update) This backports #13764. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13769) | 04 January 2021, 14:06:52 UTC |
| 9be1063 | David Carlier | 08 December 2020, 17:43:10 UTC | CRYPTO_secure_malloc_init: BSD support improvements. Backport of #13394 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13637) | 30 December 2020, 23:26:18 UTC |
| 64a1b94 | Ingo Schwarze | 04 June 2020, 22:30:00 UTC | Fix NULL pointer access caused by X509_ATTRIBUTE_create() When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), return failure rather than silently constructing a broken X509_ATTRIBUTE object that might cause NULL pointer accesses later on. This matters because X509_ATTRIBUTE_create() is used by API functions like PKCS7_add_attribute(3) and the NID comes straight from the user. This bug was found while working on LibreSSL documentation. Reviewed-by: Theo Buehler <tb@openbsd.org> CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12052) (cherry picked from commit c4b2c53fadb158bee34aef90d5a7d500aead1f70) | 21 December 2020, 14:27:53 UTC |
| 5a5d87a | Richard Levitte | 17 December 2020, 20:55:07 UTC | GitHub CI: Add 'check-update' and 'check-docs' 'check-update' runs a 'make update' to check that it wasn't forgotten. 'check-docs' runs 'make doc-nits'. We have that as a separate job to make it more prominent. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/13701) (cherry picked from commit 8175476b81c6b54bfa1c8555b35561099b202c4d) | 19 December 2020, 02:04:29 UTC |
| 3b5edb4 | Rich Salz | 16 December 2020, 15:32:20 UTC | Document OCSP_REQ_CTX_i2d. This is a backport of the documentation from #13620. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13691) | 18 December 2020, 08:16:45 UTC |
| 69daea5 | Tomas Mraz | 16 December 2020, 08:39:31 UTC | Github CI: run also on repository pushes Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13686) (cherry picked from commit 4159ebca3cb3d9586d6709c7a0166a4af5676f91) | 17 December 2020, 10:26:53 UTC |
| d73c936 | Sebastian Andrzej Siewior | 05 July 2020, 18:52:39 UTC | Configurations: PowerPC is big endian Define B_ENDIAN on PowerPC because it is a big endian architecture. With this change the BN* related tests pass. Fixes: #12199 Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12371) (cherry picked from commit 52c6c12c1cad6f1046b34f4139d1aa3e967a5530) | 14 December 2020, 08:58:54 UTC |
| ad8e83c | Matt Caswell | 03 November 2020, 15:51:23 UTC | Test that we can negotiate TLSv1.3 if we have an SNI callback If an SNI callback has been set then we may have no certificuates suitable for TLSv1.3 use configured for the current SSL_CTX. This should not prevent us from negotiating TLSv1.3, since we may change the SSL_CTX by the time we need a suitable certificate. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13305) | 10 December 2020, 11:34:23 UTC |
| e0b139b | Matt Caswell | 03 November 2020, 14:01:46 UTC | Modify is_tls13_capable() to take account of the servername cb A servername cb may change the available certificates, so if we have one set then we cannot rely on the configured certificates to determine if we are capable of negotiating TLSv1.3 or not. Fixes #13291 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13305) | 10 December 2020, 11:34:23 UTC |
| 7da3894 | Tomas Mraz | 08 December 2020, 16:45:32 UTC | v3nametest: Make the gennames structure static Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13635) (cherry picked from commit 7eea331eabe8b0a7ce03c9602a2bc72e9ddfe676) | 09 December 2020, 12:43:44 UTC |
| 5daa28a | Nan Xiao | 08 December 2020, 04:35:31 UTC | Fix typo in OPENSSL_malloc.pod CLA: trivial Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13632) (cherry picked from commit 74c8dd1c516c7017477a205fd1f5f975cfa86722) | 09 December 2020, 12:36:55 UTC |
| cf36853 | Matt Caswell | 08 December 2020, 13:21:09 UTC | Prepare for 1.1.1j-dev Reviewed-by: Richard Levitte <levitte@openssl.org> | 08 December 2020, 13:21:09 UTC |
| 90cebd1 | Matt Caswell | 08 December 2020, 13:20:59 UTC | Prepare for 1.1.1i release Reviewed-by: Richard Levitte <levitte@openssl.org> | 08 December 2020, 13:20:59 UTC |
| f6e921b | Matt Caswell | 08 December 2020, 13:09:25 UTC | Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> | 08 December 2020, 13:09:25 UTC |
| a672794 | Matt Caswell | 08 December 2020, 11:19:41 UTC | Update CHANGES and NEWS for new release Reviewed-by: Richard Levitte <levitte@openssl.org> | 08 December 2020, 11:48:12 UTC |
| 433974a | Matt Caswell | 30 November 2020, 14:46:47 UTC | Add a test for encoding/decoding using an invalid ASN.1 Template If you have a CHOICE type that it must use explicit tagging - otherwise the template is invalid. We add tests for this. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> | 08 December 2020, 10:18:44 UTC |
| 94ece6a | Matt Caswell | 30 November 2020, 13:50:52 UTC | Add a test for GENERAL_NAME_cmp Based on a boringssl test contributed by David Benjamin Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> | 08 December 2020, 10:18:44 UTC |
| 41d6263 | Matt Caswell | 12 November 2020, 14:55:31 UTC | Complain if we are attempting to encode with an invalid ASN.1 template It never makes sense for multi-string or CHOICE types to have implicit tagging. If we have a template that uses the in this way then we should immediately fail. Thanks to David Benjamin from Google for reporting this issue. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> | 08 December 2020, 10:18:44 UTC |
| 1ecc76f | Matt Caswell | 12 November 2020, 11:58:12 UTC | Check that multi-strings/CHOICE types don't use implicit tagging It never makes sense for multi-string or CHOICE types to use implicit tagging since the content would be ambiguous. It is an error in the template if this ever happens. If we detect it we should stop parsing. Thanks to David Benjamin from Google for reporting this issue. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> | 08 December 2020, 10:18:44 UTC |
| f960d81 | Matt Caswell | 11 November 2020, 16:12:58 UTC | Correctly compare EdiPartyName in GENERAL_NAME_cmp() If a GENERAL_NAME field contained EdiPartyName data then it was incorrectly being handled as type "other". This could lead to a segmentation fault. Many thanks to David Benjamin from Google for reporting this issue. CVE-2020-1971 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> | 08 December 2020, 10:18:44 UTC |
| aa0ad20 | Matt Caswell | 11 November 2020, 15:19:34 UTC | DirectoryString is a CHOICE type and therefore uses explicit tagging EDIPartyName has 2 fields that use a DirectoryString. However they were marked as implicit tagging - which is not correct for a CHOICE type. Additionally the partyName field was marked as Optional when, according to RFC5280 it is not. Many thanks to github user @filipnavara for reporting this issue. Also to David Benjamin from Google who independently identified and reported it. Fixes #6859 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> | 08 December 2020, 10:18:43 UTC |
| 6ad93e8 | Richard Levitte | 03 December 2020, 10:36:26 UTC | CHANGES: Move misplaced change item Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13605) | 04 December 2020, 11:42:00 UTC |
| 315c47e | Dr. David von Oheimb | 01 December 2020, 13:22:16 UTC | x509_vfy.c: Restore rejection of expired trusted (root) certificate The certificate path validation procedure specified in RFC 5280 does not include checking the validity period of the trusted (root) certificate. Still it is common good practice to perform this check. Also OpenSSL did this until version 1.1.1h, yet commit e2590c3a162eb118c36b09c2168164283aa099b4 accidentally killed it. The current commit restores the previous behavior. It also removes the cause of that bug, namely counter-intuitive design of the internal function check_issued(), which was complicated by checks that actually belong to some other internal function, namely find_issuer(). Moreover, this commit adds a regression check and proper documentation of the root cert validity period check feature, which had been missing so far. Fixes #13471 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13585) | 03 December 2020, 14:11:41 UTC |
| 61168b5 | Stuart Carnie | 04 July 2020, 18:41:43 UTC | Configuration: darwin64-arm64-cc for Apple silicon Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12369) | 03 December 2020, 10:17:16 UTC |
| 9d55806 | Benjamin Kaduk | 29 November 2020, 01:11:46 UTC | Fix comment in do_dtls1_write() This code started off as a copy of ssl3_write_bytes(), and the comment was not updated with the implementation. Reported by yangyangtiantianlonglong in #13518 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13566) (cherry picked from commit 70cae332a2c200087605f94cdccfee80c9380fbf) | 02 December 2020, 23:35:34 UTC |
| 924c4f9 | Dr. David von Oheimb | 01 December 2020, 14:58:58 UTC | Turn on Github CI - backport improved ci.yml to 1.1.1 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13586) | 02 December 2020, 16:11:31 UTC |
| 409c59e | Ard Biesheuvel | 24 November 2020, 16:33:31 UTC | aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode ARM Cortex-A57 and Cortex-A72 cores running in 32-bit mode are affected by silicon errata #1742098 [0] and #1655431 [1], respectively, where the second instruction of a AES instruction pair may execute twice if an interrupt is taken right after the first instruction consumes an input register of which a single 32-bit lane has been updated the last time it was modified. This is not such a rare occurrence as it may seem: in counter mode, only the least significant 32-bit word is incremented in the absence of a carry, which makes our counter mode implementation susceptible to these errata. So let's shuffle the counter assignments around a bit so that the most recent updates when the AES instruction pair executes are 128-bit wide. [0] ARM-EPM-049219 v23 Cortex-A57 MPCore Software Developers Errata Notice [1] ARM-EPM-012079 v11.0 Cortex-A72 MPCore Software Developers Errata Notice Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13571) (cherry picked from commit 26217510d21cd4d5928db8bff41c6756a7c7a636) | 01 December 2020, 13:27:48 UTC |
| 0c60676 | ihsinme | 25 November 2020, 19:09:33 UTC | Update bio_ok.c CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13515) (cherry picked from commit a614af95531dd9f168aa4b71bd1195b4fdfe1794) | 27 November 2020, 13:00:27 UTC |
| 8e813c0 | Pauli | 10 November 2020, 07:05:30 UTC | rsa_test: add return value check Fixes #13361 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13362) (cherry picked from commit 93c87f745d5694b829d5b52d371d478b063a1fba) | 11 November 2020, 22:24:02 UTC |
| 6f1bee0 | Dmitry Belyavskiy | 09 October 2020, 17:04:05 UTC | Verification zero-length content in S/MIME format Fixes #13082 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13106) | 11 November 2020, 10:50:42 UTC |
| 6e933b3 | T.Yanagisawa | 27 August 2020, 02:11:23 UTC | Correct description of BN_mask_bits CLA: trivial Correct right shift to left shift. Pseudo code `a&=~((~0)>>n)` means "get higher n-bits of a", but actually crypto lib gives lower n-bits. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12727) (cherry picked from commit b6ef3c7089e887427cde8c550e28211dc0c22dd1) | 05 November 2020, 10:53:28 UTC |
| 25fa346 | Benjamin Kaduk | 27 September 2020, 22:01:12 UTC | Unify ssl3_get_cipher_by_std_name() implementation The handling for the SCSVs was the same as for regular ciphers; just merge them into the same table-driven handler. Reviewed-by: Paul Dale <paul.dale@oracle.com> (cherry picked from commit 231849bc9ca69dfd3adf40821421d8e2d804d8e8) (Merged from https://github.com/openssl/openssl/pull/13280) | 29 October 2020, 22:29:31 UTC |
| d524220 | hklaas | 26 September 2020, 09:54:13 UTC | optimise ssl3_get_cipher_by_std_name() Return immediately on matched cipher. Without this patch the code only breaks out of the inner for loop, meaning for a matched TLS13 cipher the code will still loop through 160ish SSL3 ciphers. CLA: trivial Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (cherry picked from commit d93bded6aa2852e681de2ed76fb43c415687af68) Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13280) | 29 October 2020, 22:29:27 UTC |
| 5795acf | Ard Biesheuvel | 27 October 2020, 17:02:40 UTC | crypto/poly1305/asm: fix armv8 pointer authentication PAC pointer authentication signs the return address against the value of the stack pointer, to prevent stack overrun exploits from corrupting the control flow. However, this requires that the AUTIASP is issued with SP holding the same value as it held when the PAC value was generated. The Poly1305 armv8 code got this wrong, resulting in crashes on PAC capable hardware. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13256) (cherry picked from commit fcf6e9d056162d5af64c6f7209388a5c3be2ce57) | 29 October 2020, 16:20:20 UTC |
| 8979ffe | Matt Caswell | 22 October 2020, 12:53:27 UTC | Ensure we raise SSLfatal on error We were missing a call to SSLfatal. A comment claimed that we had already called it - but that is incorrect. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13230) | 26 October 2020, 16:20:13 UTC |
| 2e06150 | André Klitzing | 18 March 2020, 15:04:06 UTC | Allow to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE This unifies the behaviour of a single certificate with an unknown CA certificate with a self-signed certificate. The user callback can mask that error to retrieve additional error information. So the user application can decide to abort the connection instead to be forced by openssl. This change in behaviour is backward compatible as user callbacks who don't want to ignore UNABLE_TO_VERIFY_LEAF_SIGNATURE will still abort the connection by default. CLA: trivial Fixes #11297 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11359) | 26 October 2020, 13:06:48 UTC |
| d741deb | Romain Geissler | 02 October 2020, 00:07:32 UTC | Fix aarch64 static linking into shared libraries (see issue #10842 and pull request #11464) Cherry-pick of https://github.com/openssl/openssl/pull/13056 for branch 1.1.1. Tested against the release 1.1.1h Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13218) | 22 October 2020, 12:17:21 UTC |
| b11aa83 | simplelins | 03 January 2020, 14:56:18 UTC | Fix AES-GCM bug on aarch64 BigEndian Fixes #10638 Fixes #13188 Fixes a bug for aarch64 bigendian with instructions 'st1' and 'ld1' on AES-GCM mode. CLA: trivial (cherry picked from commit bc8b648f744566031ce84d77333dbbcb9689e975) Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13193) | 21 October 2020, 13:28:11 UTC |
| 4b7595e | xuyunjia | 18 October 2020, 15:33:54 UTC | resolve defects: reverse_inull; row[DB_exp_date] referenced before checking Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13170) (cherry picked from commit 6a13c9c9842f54ed8d98c6f37cc4ae6c1cde8b7a) | 20 October 2020, 13:37:21 UTC |
| 7b324bb | Tomas Mraz | 20 October 2020, 12:16:30 UTC | Avoid potential doublefree on dh object assigned to EVP_PKEY Fixes regression from 7844f3c784bfc93c9b94ae5a4082f9d01e82e0af Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13194) | 20 October 2020, 12:16:30 UTC |
| ed7cdb9 | Matt Caswell | 15 October 2020, 10:40:18 UTC | Add a CHANGES entry for the SSL_SECOP_TMP_DH change Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13136) | 16 October 2020, 14:09:41 UTC |
| 7844f3c | Matt Caswell | 14 October 2020, 14:13:28 UTC | Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback The security operation SSL_SECOP_TMP_DH is defined to take an EVP_PKEY in the "other" parameter: /* Temporary DH key */ # define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) In most places this is what is passed. All these places occur server side. However there is one client side call of this security operation and it passes a DH object instead. This is incorrect according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all of the other locations. Our own default security callback, and the debug callback in the apps, never look at this value and therefore this issue was never noticed previously. In theory a client side application could be relying on this behaviour and could be broken by this change. This is probably fairly unlikely but can't be ruled out. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13136) | 16 October 2020, 14:09:41 UTC |
| 7a23c23 | Akshit Akhoury | 02 October 2020, 16:58:36 UTC | Changing X509at_get0_data_by_OBJ to expect const stack of X509_ATTRIBUTE CLA: trivial Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13062) (cherry picked from commit 796948cd733d2bd0d8acbaf2354c718bcd4352a6) | 15 October 2020, 13:47:21 UTC |
| b316d06 | Yury Is | 12 October 2020, 23:28:26 UTC | syscall_random(): don't fail if the getentropy() function is a dummy Several embedded toolchains may provide dummy implemented getentropy() function which always returns -1 and sets errno to the ENOSYS. As a result the function SSL_CTX_new() fails to create a new context. Fixes #13002 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13112) | 14 October 2020, 05:58:47 UTC |
| 11358e0 | Ikko Ashimine | 12 October 2020, 15:30:07 UTC | Fixed typo in ssl_lib.c orignal -> original CLA: trivial Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13111) (cherry picked from commit 9f7505ab6a1ce76497654ea8cf6a74307da78989) | 13 October 2020, 00:08:00 UTC |
| 7455f24 | Benny Baumann | 01 October 2020, 23:06:12 UTC | Avoid memory leak of parent on allocation failure for child structure Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13055) (cherry picked from commit a21db568bf3d0ab4194fd3e0917ee982f1fc8bfd) | 06 October 2020, 22:58:25 UTC |
| ae9bcce | Benny Baumann | 01 October 2020, 23:04:06 UTC | Use size of target buffer for allocation Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13055) (cherry picked from commit 8ad369171fc2b435c0ca427111481da4d4c3c1ce) | 06 October 2020, 22:57:54 UTC |
| db78f8b | drgler | 01 October 2020, 19:20:33 UTC | Ensure that _GNU_SOURCE is defined for NI_MAXHOST and NI_MAXSERV Since glibc 2.8, these defines like `NI_MAXHOST` are exposed only if suitable feature test macros are defined, namely: _GNU_SOURCE, _DEFAULT_SOURCE (since glibc 2.19), or _BSD_SOURCE or _SVID_SOURCE (before glibc 2.19), see GETNAMEINFO(3). CLA: trivial Fixes #13049 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13054) (cherry picked from commit 99501e817cbc4f11cc045dbaa7a81854d4349335) | 03 October 2020, 14:06:02 UTC |
| 5c2c624 | Matt Caswell | 22 September 2020, 12:55:17 UTC | Prepare for 1.1.1i-dev Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 22 September 2020, 12:55:17 UTC |
| f123043 | Matt Caswell | 22 September 2020, 12:55:07 UTC | Prepare for 1.1.1h release Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 22 September 2020, 12:55:07 UTC |
| 24a535e | Matt Caswell | 22 September 2020, 12:14:20 UTC | Update copyright year Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12949) | 22 September 2020, 12:45:08 UTC |
| 6f26a76 | Matt Caswell | 22 September 2020, 12:13:17 UTC | Updates CHANGES and NEWS for the new release Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12949) | 22 September 2020, 12:45:08 UTC |
| 256989c | olszomal | 19 June 2020, 13:00:32 UTC | Add const to 'ppin' function parameter CLA: trivial Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> GH: #12205 (cherry picked from commit 434343f896a2bb3e5857cc9831c38f8cd1cceec1) | 21 September 2020, 14:56:18 UTC |
| 56e8fe0 | Norman Ashley | 10 July 2020, 23:01:32 UTC | Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign OCSP_basic_sign_ctx() in ocsp_srv.c , does not check for RSA_METHOD_FLAG_NO_CHECK. If a key has RSA_METHOD_FLAG_NO_CHECK set, OCSP sign operations can fail because the X509_check_private_key() can fail. The check for the RSA_METHOD_FLAG_NO_CHECK was moved to crypto/rsa/rsa_ameth.c as a common place to check. Checks in ssl_rsa.c were removed. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12419) | 21 September 2020, 09:29:52 UTC |
| fdcddd9 | Tomas Mraz | 11 September 2020, 07:09:29 UTC | Disallow certs with explicit curve in verification chain The check is applied only with X509_V_FLAG_X509_STRICT. Fixes #12139 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12909) | 21 September 2020, 08:32:59 UTC |
| 398c8da | Tomas Mraz | 21 August 2020, 12:50:52 UTC | EC_KEY: add EC_KEY_decoded_from_explicit_params() The function returns 1 when the encoding of a decoded EC key used explicit encoding of the curve parameters. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12909) | 21 September 2020, 08:32:42 UTC |
| ee617d0 | Henry N | 10 September 2020, 21:55:28 UTC | Fix: ecp_nistz256-armv4.S bad arguments Fix this error: crypto/ec/ecp_nistz256-armv4.S:3853: Error: bad arguments to instruction -- `orr r11,r10' crypto/ec/ecp_nistz256-armv4.S:3854: Error: bad arguments to instruction -- `orr r11,r12' crypto/ec/ecp_nistz256-armv4.S:3855: Error: bad arguments to instruction -- `orrs r11,r14' CLA: trivial Fixes #12848 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> GH: #12854 (cherry picked from commit b5f82567afa820bac55b7dd7eb9dd510c32c3ef6) | 20 September 2020, 12:22:15 UTC |
| 8380f45 | Dr. Matthias St. Pierre | 31 August 2020, 22:55:36 UTC | Revert two renamings backported from master The original names were more intuitive: the generate_counter counts the number of generate requests, and the reseed_counter counts the number of reseedings (of the principal DRBG). reseed_gen_counter -> generate_counter reseed_prop_counter -> reseed_counter This partially reverts commit 35a34508ef4d649ace4e373e1d019192b7e38c36. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12759) | 10 September 2020, 21:01:16 UTC |
| 958fec7 | Dr. Matthias St. Pierre | 31 August 2020, 21:36:22 UTC | Fix the DRBG seed propagation In a nutshell, reseed propagation is a compatibility feature with the sole purpose to support the traditional way of (re-)seeding manually by calling 'RAND_add()' before 'RAND_bytes(). It ensures that the former has an immediate effect on the latter *within the same thread*, but it does not care about immediate reseed propagation to other threads. The implementation is lock-free, i.e., it works without taking the lock of the primary DRBG. Pull request #7399 not only fixed the data race issue #7394 but also changed the original implementation of the seed propagation unnecessarily. This commit reverts most of the changes of commit 1f98527659b8 and intends to fix the data race while retaining the original simplicity of the seed propagation. - use atomics with relaxed semantics to load and store the seed counter - add a new member drbg->enable_reseed_propagation to simplify the overflow treatment of the seed propagation counter - don't handle races between different threads This partially reverts commit 1f98527659b8290d442c4e1532452b9ba6463f1e. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12759) | 10 September 2020, 20:57:34 UTC |
| 526cf60 | luxinyou | 07 September 2020, 08:06:45 UTC | Fix memory leaks in conf_def.c Fixes #12471 CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12533) (cherry picked from commit 4348995b0d818203f37ffa51c9bdf4488cf24bad) | 07 September 2020, 08:13:01 UTC |
| 309e73d | Shane Lontis | 07 September 2020, 07:44:38 UTC | Coverity Fixes x_algor.c: Explicit null dereferenced cms_sd.c: Resource leak ts_rsp_sign.c Resource Leak extensions_srvr.c: Resourse Leak v3_alt.c: Resourse Leak pcy_data.c: Resource Leak cms_lib.c: Resource Leak drbg_lib.c: Unchecked return code Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12531) | 07 September 2020, 07:44:38 UTC |
| 56456c3 | Richard Levitte | 27 August 2020, 05:18:55 UTC | Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 PEM_write_bio_PrivateKey_traditional() uses i2d_PrivateKey() to do the actual encoding to DER. However, i2d_PrivateKey() is a generic function that will do what it can to produce output according to what the associated EVP_PKEY_ASN1_METHOD offers. If that method offers a function 'old_priv_encode', which is expected to produce the "traditional" encoded form, then i2d_PrivateKey() uses that. If not, i2d_PrivateKey() will go on and used more modern methods, which are all expected to produce PKCS#8. To ensure that PEM_write_bio_PrivateKey_traditional() never produces more modern encoded forms, an extra check that 'old_priv_encode' is non-NULL is added. If it is NULL, an error is returned. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12729) | 28 August 2020, 18:51:17 UTC |
| 28499ba | Jung-uk Kim | 26 August 2020, 18:00:56 UTC | Ignore vendor name in Clang version number. For example, FreeBSD prepends "FreeBSD" to version string, e.g., FreeBSD clang version 11.0.0 (git@github.com:llvm/llvm-project.git llvmorg-11.0.0-rc2-0-g414f32a9e86) Target: x86_64-unknown-freebsd13.0 Thread model: posix InstalledDir: /usr/bin This prevented us from properly detecting AVX support, etc. CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/12725) (cherry picked from commit cd84d8832d274357a5ba5433640d7ef76691b1ac) | 28 August 2020, 03:29:58 UTC |
| 46a9ee8 | Tomas Mraz | 06 August 2020, 13:14:29 UTC | sslapitest: Add test for premature call of SSL_export_keying_material Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12594) (cherry picked from commit ea9f6890eb54e4b9e8b81cc1318ca3a6fc0c8356) | 13 August 2020, 08:19:55 UTC |
| 925a9d0 | Tomas Mraz | 06 August 2020, 09:20:43 UTC | Avoid segfault in SSL_export_keying_material if there is no session Fixes #12588 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12594) (cherry picked from commit dffeec1c10a874d7c7b83c221dbbce82f755edb1) | 13 August 2020, 08:19:25 UTC |
