1. 06 11月, 2018 1 次提交
  2. 04 11月, 2018 2 次提交
    • B
      Restore sensible "sess_accept" counter tracking · 33a37a61
      Benjamin Kaduk 提交于
      Commit 9ef9088c switched the SSL/SSL_CTX
      statistics counters to using Thread-Sanitizer-friendly primitives.
      However, it erroneously converted an addition of -1
      (for s->session_ctx->stats.sess_accept) to an addition of +1, since that
      is the only counter API provided by the internal tsan_assist.h header
      until the previous commit.  This means that for each accepted (initial)
      connection, the session_ctx's counter would get doubly incremented, and the
      (switched) ctx's counter would also get incremented.
      
      Restore the counter decrement so that each accepted connection increments
      exactly one counter exactly once (in net effect).
      Reviewed-by: NPaul Dale <paul.dale@oracle.com>
      (Merged from https://github.com/openssl/openssl/pull/7464)
      
      (cherry picked from commit 2aaa0b146b967397a6e61fa8df969e7847f82086)
      33a37a61
    • B
      Add tsan_decr() API, counterpart of tsan_counter() · a649b52f
      Benjamin Kaduk 提交于
      The existing tsan_counter() API increments a reference counter.
      Provide a new API, tsan_decr(), to decrement such a reference counter.
      This can be used, for example, when a reference is added to the session_ctx's
      sess_accept stats but should more properly be tracked in the regular ctx's
      statistics.
      Reviewed-by: NPaul Dale <paul.dale@oracle.com>
      (Merged from https://github.com/openssl/openssl/pull/7464)
      
      (cherry picked from commit 95658c32436017aeeef3d8598957071baf6769a9)
      a649b52f
  3. 03 11月, 2018 4 次提交
  4. 02 11月, 2018 2 次提交
  5. 31 10月, 2018 4 次提交
  6. 30 10月, 2018 5 次提交
  7. 29 10月, 2018 13 次提交
  8. 28 10月, 2018 1 次提交
  9. 27 10月, 2018 3 次提交
    • B
      Fix data race in RAND_DRBG_generate · 1f985276
      Bernd Edlinger 提交于
      Fixes #7394
      Reviewed-by: NPaul Dale <paul.dale@oracle.com>
      (Merged from https://github.com/openssl/openssl/pull/7399)
      
      (cherry picked from commit a83dc59afa2e0207180d7218efed19b20d48de95)
      1f985276
    • D
      RAND_add()/RAND_seed(): fix failure on short input or low entropy · d597a9a8
      Dr. Matthias St. Pierre 提交于
      Commit 5b4cb385c18a (#7382) introduced a bug which had the effect
      that RAND_add()/RAND_seed() failed for buffer sizes less than
      32 bytes. The reason was that now the added random data was used
      exlusively as entropy source for reseeding. When the random input
      was too short or contained not enough entropy, the DRBG failed
      without querying the available entropy sources.
      
      This commit makes drbg_add() act smarter: it checks the entropy
      requirements explicitely. If the random input fails this check,
      it won't be added as entropy input, but only as additional data.
      More precisely, the behaviour depends on whether an os entropy
      source was configured (which is the default on most os):
      
      - If an os entropy source is avaible then we declare the buffer
        content as additional data by setting randomness to zero and
        trigger a regular   reseeding.
      
      - If no os entropy source is available, a reseeding will fail
        inevitably. So drbg_add() uses a trick to mix the buffer contents
        into the DRBG state without forcing a reseeding: it generates a
        dummy random byte, using the buffer content as additional data.
      
      Related-to: #7449
      Reviewed-by: NPaul Dale <paul.dale@oracle.com>
      (Merged from https://github.com/openssl/openssl/pull/7456)
      
      (cherry picked from commit 8817215d5c52a76f2b184b624bde4df8556dee6d)
      d597a9a8
    • D
      Backport some DRBG renamings and typo fixes · 35a34508
      Dr. Matthias St. Pierre 提交于
      In commit 8bf366519661 some renamings andd typo fixes were made
      while adding back the DRBG-HMAC and DRBG-HASH implementation.
      Since the commit could not be backported, a lot of unnecessary
      differences between master and 1.1.1 were introduced.
      
      These differences result in tiresome merge conflicts when
      cherry-picking. To minimize these merge-conflicts, this patch
      ports all 'non-feature' changes of commit 8bf366519661
      (e.g., renamings of private variables, fixes of typographical
      errors, comment changes) manually back to 1.1.1.
      
      The commits a83dc59afa2e (#7399) and 8817215d5c52 (#7456)
      failed to cherry-pick previously to 1.1.1, with this patch
      they both cherry-pick without conflicts.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
      (Merged from https://github.com/openssl/openssl/pull/7505)
      35a34508
  10. 26 10月, 2018 5 次提交