- 07 11月, 2017 2 次提交
-
-
由 Matt Caswell 提交于
Normally TLSProxy waits for the s_server process to finish before continuing. However in cases where serverconnects > 1 we need to keep the s_server process around for a later test so we continue immediately. This means that TAP test output can end up being printed to stdout at the same time as s_server is printing stuff. This confuses the test runner and can cause spurious test failures. This commit introduces a small delay in cases where serverconnects > 1 in order to give s_server enough time to finish what it was doing before we continue to the next test. Fixes #4129 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4660)
-
由 Matt Caswell 提交于
There were 4 macros in ocsp.h that have not worked since 1.1.0 because they attempt to access the internals of an opaque structure. For OCSP_REQUEST_sign() applications should use OCSP_request_sign() instead. For OCSP_BASICRESP_sign() applications should use OCSP_basic_sign() instead. For OCSP_REQUEST_verify() applications should use OCSP_request_verify() instead. For OCSP_BASICRESP_verify() applications should use OCSP_basic_verify() instead. Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4635)
-
- 06 11月, 2017 4 次提交
-
-
由 Pauli 提交于
The Chinese cryptographic operations should appear in the disabled list if they are disabled. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4678)
-
由 Ronald Tse 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4616)
-
由 Jack Lloyd 提交于
SM3 is a secure hash function which is part of the Chinese "Commercial Cryptography" suite of algorithms which use is required for certain commercial applications in China. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4616)
-
由 FdaSilvaYY 提交于
Based on patch from Tomasz Moń: https://groups.google.com/forum/#!topic/mailing.openssl.dev/fQxXvCg1uQYReviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/1008)
-
- 05 11月, 2017 1 次提交
-
-
由 Andy Polyakov 提交于
It's not clear if it's a feature or bug, but binutils-2.29[.1] interprets 'adr' instruction with Thumb2 code reference differently, in a way that affects calculation of addresses of constants' tables. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4669)
-
- 04 11月, 2017 1 次提交
-
-
由 Benjamin Kaduk 提交于
Do not try to fuzz-test structures/routines that are compiled out of the library due to library configuration. Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4664)
-
- 03 11月, 2017 8 次提交
-
-
由 Pavel Kopyl 提交于
CLA: trivial Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4600)
-
由 Pavel Kopyl 提交于
CLA: trivial Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4600)
-
由 Pavel Kopyl 提交于
CLA: trivial Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4600)
-
由 Kurt Roeckx 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> GH: #4653
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> GH: #4648
-
由 Kurt Roeckx 提交于
b2 being negative is ignored Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> GH: #4648
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> GH: #4648
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4652)
-
- 02 11月, 2017 4 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Polyakov 提交于
Credit to OSS-Fuzz for finding this. CVE-2017-3736 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
In OpenSSL pre 1.1.0, 'openssl x509 -CAkeyformat engine' was possible and supported. In 1.1.0, a small typo ('F' instead of 'f') removed that possibility. This restores the pre 1.1.0 behavior. Fixes #4366 Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4643)
-
- 01 11月, 2017 4 次提交
-
-
由 Pauli 提交于
information about the length of the scalar used in ECDSA operations from a large number (2^32) of signatures. This doesn't rate as a CVE because: * For the non-constant time code, there are easier ways to extract more information. * For the constant time code, it requires a significant number of signatures to leak a small amount of information. Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for reporting this issue. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4576)
-
由 Pauli 提交于
information about the length of a value used in DSA operations from a large number of signatures. This doesn't rate as a CVE because: * For the non-constant time code, there are easier ways to extract more information. * For the constant time code, it requires a significant number of signatures to leak a small amount of information. Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for reporting this issue. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4576)
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4637)
-
由 Richard Levitte 提交于
It turns out that (some?) fuzzers can read a dictionary of OIDs, so we generate one as part of the usual 'make update'. Fixes #4615 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4637)
-
- 31 10月, 2017 12 次提交
-
-
由 Ronald Tse 提交于
* ARIA, SEED, Camellia * AES-XTS, OCB, CTR * Key wrap for 3DES, AES * RC4-MD5 AD * CFB modes with 1-bit and 8-bit shifts Split EVP_EncryptInit cipher list to individual man pages. Consolidate cipher bit-lengths in EVP_EncryptInit cipher list. Clarify Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4564)
-
由 Ronald Tse 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4628)
-
由 Richard Levitte 提交于
Missing names slipped through Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4629)
-
由 Dr. Matthias St. Pierre 提交于
A block of six TEST_int_xy() macro definitions was duplicated. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4624)
-
由 Baptiste Jonglez 提交于
The check should reject kernel versions < 4.1.0, not <= 4.1.0. The issue was spotted on OpenSUSE 42.1 Leap, since its linux/version.h header advertises 4.1.0. CLA: trivial Fixes: 7f458a48 ("ALG: Add AFALG engine") Signed-off-by: NBaptiste Jonglez <git@bitsofnetworks.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4617)
-
由 Baptiste Jonglez 提交于
The eventfd syscall is deprecated and is not available on aarch64, causing build to fail: engines/e_afalg.c: In function 'eventfd': engines/e_afalg.c:108:20: error: '__NR_eventfd' undeclared (first use in this function) return syscall(__NR_eventfd, n); ^ Instead, switch to the newer eventfd2 syscall, which is supposed to be supported by all architectures. This kind of issues would be avoided by simply using the eventfd(2) wrapper from the libc, but there must be subtle reasons not to... Tested on a aarch64 system running OpenSUSE Leap 42.1 (gcc118 from https://cfarm.tetaneutral.net/machines/list/ ) and also cross-compiling for aarch64 with LEDE (kernel 4.9). This properly fixes #1685. CLA: trivial Fixes: 7f458a48 ("ALG: Add AFALG engine") Signed-off-by: NBaptiste Jonglez <git@bitsofnetworks.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4617)
-
由 Ronald Tse 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4552)
-
由 Kurt Roeckx 提交于
This restores the 1.0.2 behaviour Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBenjamin Kaduk <bkaduk@akamai.com> GH: #4613
-
由 Richard Levitte 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4596)
-
由 Richard Levitte 提交于
No two public key ASN.1 methods with the same pkey_id can be registered at the same time. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4596)
-
由 Richard Levitte 提交于
[skip ci] Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4596)
-
由 Richard Levitte 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4589)
-
- 30 10月, 2017 4 次提交
-
-
由 Benjamin Kaduk 提交于
If the list of fds contains only (one or more) entries marked as deleted prior to the entry currently being deleted, and the entry currently being deleted was only just added, the 'prev' pointer would never be updated from its initial NULL value, and we would dereference NULL while trying to remove the entry from the linked list. Reported by Coverity. Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4602)
-
由 Benjamin Kaduk 提交于
This would cut out some distracting noise in the test output if we ended up hitting these error cases. Reported by Coverity. Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4602)
-
由 AlexDenisov 提交于
Thanks to David Benjamin for suggesting the fix needed by this fix. CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4607)
-
由 Benjamin Kaduk 提交于
We currently increment the SSL_CTX stats.sess_accept field in tls_setup_handshake(), which is invoked from the state machine well before ClientHello processing would have had a chance to switch the SSL_CTX attached to the SSL object due to a provided SNI value. However, stats.sess_accept_good is incremented in tls_finish_handshake(), and uses the s->ctx.stats field (i.e., the new SSL_CTX that was switched to as a result of SNI processing). This leads to the confusing (nonsensical) situation where stats.sess_accept_good is larger than stats.sess_accept, as the "sess_accept" value was counted on the s->session_ctx. In order to provide some more useful numbers, increment s->ctx.stats.sess_accept after SNI processing if the SNI processing changed s->ctx to differ from s->session_ctx. To preserve the property that any given accept is counted only once, make the corresponding decrement to s->session_ctx.stats.sess_accept when doing so. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4549)
-