Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
大约 1 年 前同步成功

通知 9
Star 18
Fork 1
T
Third Party Openssl

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
  1. 17 10月, 2018 2 次提交
    • C
      print() is a function in Python 3 · 391f76f1
      cclauss 提交于 
      CLA: trivial

Discovered via #7410 @ https://travis-ci.org/openssl/openssl/jobs/442003489#L440Reviewed-by: NPaul Dale <paul.dale@oracle.com>
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7403)

(cherry picked from commit 83e4533a71c5c78278e9763552a5e5f1806473ee)
      391f76f1
    • D
      DRBG: fix reseeding via RAND_add()/RAND_seed() with large input · dbf0a496
      Dr. Matthias St. Pierre 提交于 
      In pull request #4328 the seeding of the DRBG via RAND_add()/RAND_seed()
was implemented by buffering the data in a random pool where it is
picked up later by the rand_drbg_get_entropy() callback. This buffer
was limited to the size of 4096 bytes.

When a larger input was added via RAND_add() or RAND_seed() to the DRBG,
the reseeding failed, but the error returned by the DRBG was ignored
by the two calling functions, which both don't return an error code.
As a consequence, the data provided by the application was effectively
ignored.

This commit fixes the problem by a more efficient implementation which
does not copy the data in memory and by raising the buffer the size limit
to INT32_MAX (2 gigabytes). This is less than the NIST limit of 2^35 bits
but it was chosen intentionally to avoid platform dependent problems
like integer sizes and/or signed/unsigned conversion.

Additionally, the DRBG is now less permissive on errors: In addition to
pushing a message to the openssl error stack, it enters the error state,
which forces a reinstantiation on next call.

Thanks go to Dr. Falko Strenzke for reporting this issue to the
openssl-security mailing list. After internal discussion the issue
has been categorized as not being security relevant, because the DRBG
reseeds automatically and is fully functional even without additional
randomness provided by the application.

Fixes #7381
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7382)

(cherry picked from commit 3064b55134434a0b2850f07eff57120f35bb269a)
      dbf0a496
  3. 16 10月, 2018 3 次提交
  5. 15 10月, 2018 2 次提交
  7. 13 10月, 2018 5 次提交
  9. 12 10月, 2018 1 次提交
  11. 11 10月, 2018 1 次提交
  13. 10 10月, 2018 3 次提交
  15. 09 10月, 2018 1 次提交
    • B
      apps: allow empty attribute values with -subj · a7ee1ef6
      Benjamin Kaduk 提交于 
      Historically (i.e., OpenSSL 1.0.x), the openssl applications would
allow for empty subject attributes to be passed via the -subj argument,
e.g., `opensl req -subj '/CN=joe/O=/OU=local' ...`.  Commit
db4c08f0 applied a badly needed rewrite
to the parse_name() helper function that parses these strings, but
in the process dropped a check that would skip attributes with no
associated value.  As a result, such strings are now treated as
hard errors and the operation fails.

Restore the check to skip empty attribute values and restore
the historical behavior.

Document the behavior for empty subject attribute values in the
corresponding applications' manual pages.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7349)

(cherry picked from commit 3d362f190306b62a17aa2fd475b2bc8b3faa8142)
      a7ee1ef6
  17. 08 10月, 2018 1 次提交
  19. 06 10月, 2018 1 次提交
  21. 05 10月, 2018 1 次提交
  23. 04 10月, 2018 4 次提交
  25. 02 10月, 2018 2 次提交
  27. 26 9月, 2018 3 次提交
  29. 24 9月, 2018 3 次提交
  31. 23 9月, 2018 1 次提交
    • B
      Create the .rnd file it it does not exist · 1fd6afb5
      Bernd Edlinger 提交于 
      It's a bit annoying, since some commands try to read a .rnd file,
and print an error message if the file does not exist.

But previously a .rnd file was created on exit, and that does no longer
happen.

Fixed by continuing in app_RAND_load_conf regardless of the error in
RAND_load_file.

If the random number generator is still not initalized on exit, the
function RAND_write_file will fail and no .rnd file would be created.

Remove RANDFILE from openssl.cnf
Reviewed-by: NKurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7217)

(cherry picked from commit 0f58220973a02248ca5c69db59e615378467b9c8)
      1fd6afb5
  33. 22 9月, 2018 4 次提交
  35. 21 9月, 2018 2 次提交