- 04 10月, 2022 6 次提交
-
-
由 Cameron Gutman 提交于
Detection of this feature is unreliable so only use it if requested. Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18852)
-
由 Daniel Fiala 提交于
Fixes openssl#19185 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19292)
-
由 Richard Levitte 提交于
VMS linking complains a lot about multiply defined symbols unless told otherwise, especially when shareable images are involved. For example, this involves the legacy provider, where there are overriding implementations of certain ERR functions. To quiet the linker down, we need to say that symbols should be searched selectively in shareable images. However, that's not quite enough. The order in which the VMS linker processes files isn't necessarily top to bottom as given on the command line or the option file(s), which may result in some symbols appearing undefined, even though they are. To remedy that, it's necessary to explicitly include all object files and object libraries into a cluster, thus ensuring that they will be processed first. This allows the search for remaining symbol references to be done in the as desired in the shareable images that follow. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19327)
-
由 Kazuki Yamaguchi 提交于
BN_check_prime() is supposed to return 0 for a composite number and -1 on error. Properly translate the return value of the internal function ossl_bn_miller_rabin_is_prime(), where 0 means an error. The confusion prevented BN_GENCB callbacks from aborting the primality test or key generation routines utilizing this. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19314)
-
由 Daniel Fiala 提交于
Fixes openssl#8825 Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19329)
-
由 Steven Collison 提交于
This change adds the 'C' command character to allow a user to drop the current session and reconnect to the server. It has the same behavior as the `-reconnect` option except this allows reconnect to be triggered at an arbitrary point in the session. The primary use case for this change is to provide a way for the user to probe a server for TLS1.3 session resumption support. This is not currently reliably supported by the `-reconnect` option. Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18683)
-
- 03 10月, 2022 5 次提交
-
-
由 Matt Caswell 提交于
Test that a custom EVP_CIPHER gets used in EVP_CipherInit_ex() calls. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19300)
-
由 Matt Caswell 提交于
In some circumstances we were not calling the cleanup() function to remove cipher specific data from an EVP_CIPHER_CTX. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19300)
-
由 Matt Caswell 提交于
If a custom EVP_CIPHER object has been passed to EVP_CipherInit() then it should be used in preference to a fetched cipher. We also fix a possible NULL pointer deref in the same code for digests. If the custom cipher passed to EVP_CipherInit() happens to use NID_undef (which should be a discouraged practice), then in the previous implementation this could result in the NULL cipher being fetched and hence NULL encryption being unexpectedly used. CVE-2022-3358 Fixes #18970 Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19300)
-
由 Job Snijders 提交于
References: draft-ietf-sidrops-signed-tal Title: "RPKI Signed Object for Trust Anchor Key" OID permanently assigned under 'SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)' https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 CLA: trivial Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19221)
-
由 Adam Joseph 提交于
The IRIX mips64-cpu, n32-abi configurations include SIXTY_FOUR_BIT in bn_ops, but it is missing from mips64*-linux-*abin32 (which OpenSSL calls "linux-mips64"). This causes heap corruption when verifying TLS certificates (which tend to be RSA-signed) with openssl 1.1.1q: ``` nix@oak:~$ /nix/store/4k04dh6a1zs6hxiacwcg4a4nvxvgli2j-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443free(): invalid pointer Aborted ``` and a slightly different failure with current HEAD: ``` nix@oak:~$ /nix/store/9bqxharxajsl9fid0c8ls6fb9wxp8kdc-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443 Connecting to 142.250.180.4 CONNECTED(00000003) Fatal glibc error: malloc assertion failure in sysmalloc: (old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0) Aborted ``` Applying this patch and recompiling produces the expected output instead of a crash. Note that Gentoo (and to my knowledge all other other distributions which support mips64n32) use the `linux-generic32` configuration, which uses only 32-bit arithmetic (rather than full 64-bit arithmetic) and lacks assembler implementations for the SHA hash functions: https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/openssl/files/gentoo.config-1.0.2#n102 For support in nixpkgs we would like to use the full 64-bit integer registers and perlasm routines, so I'm submitting this upstream as well. Fixes #19319 CLA: trivial Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19320)
-
- 02 10月, 2022 1 次提交
-
-
由 Kelvin Lee 提交于
CLA: trivial Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19310)
-
- 01 10月, 2022 8 次提交
-
-
由 Graham Woodward 提交于
Don't add 1 if strchr returns NULL PR update Fixes #19279 Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19282)
-
由 Dr. David von Oheimb 提交于
except those throwing ERR_R_MALLOC_FAILURE Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19302)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/15913)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/15913)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/15913)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/15913)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/15913)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18895)
-
- 29 9月, 2022 9 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19285)
-
由 Richard Levitte 提交于
The MACHINE value from POSIX::uname() isn't trustworthy at all. MACHINE names like this has been seen: _HP__VMM___(1.67GHz/9.0MB) Perl's `$Config{archname}` is much more trustworthy, especially since VMS isn't a multiarch operating system, at least yet. Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19285)
-
由 Richard Levitte 提交于
Since cl knows what architecture it builds fore, all depending on what the user set up, it makes sense to ask it, and use that result primarly, and only use the POSIX::uname() MACHINE value as a fallback. Also, this does indeed determine if cl is present or not. We drop the explicit names in .github/workflows/windows.yml as proof of concept. Fixes #19281 Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19285)
-
由 J.W. Jagersma 提交于
We don't have <complex.h> on djgpp, so this entire test can be skipped. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19286)
-
由 J.W. Jagersma 提交于
Since djgpp has neither a timezone variable or timegm(), this horrible method must be used. It is the only one I could find that produces accurate results, and is recommended as portable alternative to timegm() by the GNU libc manual. Reference: https://www.gnu.org/software/libc/manual/html_node/Broken_002ddown-Time.html#index-timegm Now, a much nicer alternative solution could be: timestamp_local = mktime(timestamp_tm); timestamp_utc = timestamp_local + timestamp_tm->tm_gmtoff - (timestamp_tm->tm_isdst ? 3600 : 0); This works due to the fact that mktime() populates the tm_gmtoff and tm_isdst fields in the source timestamp. It is accurate everywhere in the world, *except* on Lord Howe Island, Australia, where a 30 minute DST offset is used. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19274)
-
由 J.W. Jagersma 提交于
If this macro is left undefined, Watt-32 will "helpfully" declare some typedefs such as 'byte' and 'word' in the global namespace. This broke compilation of apps/s_client.c. CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19274)
-
由 J.W. Jagersma 提交于
This part failed to compile due to a circular dependency between internal/e_os.h and internal/time.h, when ossl_sleep() falls back to a busy wait. However, djgpp has a usleep function, so it can use the regular Unix version of ossl_sleep(). It's not great though. The resolution is only ~55ms, and it may break when a user program hooks the timer interrupt without periodically updating BIOS time. A high-resolution alternative is uclock(), but that is generally less desirable since it reprograms the system timer. The circular dependency is still there and may still cause trouble for other platforms. CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19274)
-
由 J.W. Jagersma 提交于
Build failed on djgpp due to missing config vars 'AR' and 'ARFLAGS'. Additionally, '-lz' was not added to 'lflags' when zlib support was enabled. Inheriting configuration variables from BASE_unix solves both these issues. CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19274)
-
由 Juergen Christ 提交于
Lock the buffers used for throughput measurements into memory. This removes some side effects of paging. Errors from the memory locking functions are ignored since they are not critical to the application. This feature is limited to Linux and Windows. Signed-off-by: NJuergen Christ <jchrist@linux.ibm.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19091)
-
- 28 9月, 2022 3 次提交
-
-
由 Todd Short 提交于
Adding extensions is fragile, with the TLSEXT_TYPE entry needing to be located at TLSEXT_IDX in the array. This adds a test to ensure extensions are in the correct order. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19269)
-
由 Richard Levitte 提交于
More adaptations are needed for sources in ssl/, which all include `ssl/ssl_local.h`. Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19276)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NTodd Short <todd.short@me.com> Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19277)
-
- 27 9月, 2022 7 次提交
-
-
由 Tomas Mraz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19284)
-
由 Tomas Mraz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19284)
-
由 Tomas Mraz 提交于
Older clang versions complain about the explicit initializer because the first member of the struct is a struct. But it is not necessary to explicitly initialize it anyway. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19284)
-
由 visbjn 提交于
Newly computed traffic secrets are now logged upon key update Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19241)
-
由 Juergen Christ 提交于
The IKM was not respected by the s390x specific implementations of X25519 and X448 keygen. This caused test failures and wrong results if the PCC instruction was actually available and supported X25519 and/or X448. Fixes: 78c44b05 ("Add HPKE DHKEM provider support for EC, X25519 and X448.") Signed-off-by: NJuergen Christ <jchrist@linux.ibm.com> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19278)
-
由 Pauli 提交于
Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19275)
-
由 Pauli 提交于
Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19275)
-
- 26 9月, 2022 1 次提交
-
-
由 Hugo Landau 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19040)
-