- 14 3月, 2020 1 次提交
-
-
由 Benjamin Kaduk 提交于
The server-side ChangeCipherState processing stores the new cipher in the SSL_SESSION object, so that the new state can be used if this session gets resumed. However, writing to the session is only thread-safe for initial handshakes, as at other times the session object may be in a shared cache and in use by another thread at the same time. Reflect this invariant in the code by only writing to s->session->cipher when it is currently NULL (we do not cache sessions with no cipher). The code prior to this change would never actually change the (non-NULL) cipher value in a session object, since our server enforces that (pre-TLS-1.3) resumptions use the exact same cipher as the initial connection, and non-abbreviated renegotiations have produced a new session object before we get to this point. Regardless, include logic to detect such a condition and abort the handshake if it occurs, to avoid any risk of inadvertently using the wrong cipher on a connection. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10943) (cherry picked from commit 2e3ec2e1578977fca830a47fd7f521e290540e6d)
-
- 11 3月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
This reverts commit 68436f0a. The OMC did not vote in favour of backporting this to 1.1.1, so this change should be reverted. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11282)
-
- 06 3月, 2020 2 次提交
-
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11229) (cherry picked from commit af7f656cd91d99d62567e2b20c61f07cb4d81d0b)
-
由 Patrick Steuer 提交于
Signed-off-by: NPatrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11234) (cherry picked from commit 7b2ce4a6e817e4385ff77fea0c6e349294c7b756)
-
- 05 3月, 2020 1 次提交
-
-
由 Bernd Edlinger 提交于
It happens when configured with ./config -ftest-coverage see: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94029Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11246)
-
- 28 2月, 2020 1 次提交
-
-
由 Scott Arciszewski 提交于
CLA: trivial Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11175) (cherry picked from commit c590be6f12d0b725863961e41bc64a81c8cf30d6)
-
- 21 2月, 2020 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10882)
-
由 Matt Caswell 提交于
If we hit an EOF while reading in libssl then we will report an error back to the application (SSL_ERROR_SYSCALL) but errno will be 0. We add an error to the stack (which means we instead return SSL_ERROR_SSL) and therefore give a hint as to what went wrong. Contains a partial fix for #10880 Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10882)
-
- 17 2月, 2020 1 次提交
-
-
由 David Benjamin 提交于
If one of the perlasm xlate drivers crashes, OpenSSL's build will currently swallow the error and silently truncate the output to however far the driver got. This will hopefully fail to build, but better to check such things. Handle this by checking for errors when closing STDOUT (which is a pipe to the xlate driver). This is the OpenSSL 1.1.1 version of https://github.com/openssl/openssl/pull/10883 and https://github.com/openssl/openssl/pull/10930. Reviewed-by: NMark J. Cox <mark@awe.com> Reviewed-by: NPaul Dale David Benjamin <davidben@google.com> (Merged from https://github.com/openssl/openssl/pull/10931)
-
- 15 2月, 2020 1 次提交
-
-
由 Richard Levitte 提交于
The future style that's coming with OpenSSL 3.0 was used, we need to revert that back to "traditional" style. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11088)
-
- 12 2月, 2020 1 次提交
-
-
由 Nikolay Morozov 提交于
Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11072)
-
- 07 2月, 2020 2 次提交
-
-
由 kinichiro 提交于
CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10816) (cherry picked from commit adc9086beb21a91ca59aaf0c619b38b82c223f9b)
-
由 Pauli 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888) (cherry picked from commit a05bf83c7964bb3928b323fe356b9f70f105036d)
-
- 06 2月, 2020 2 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Fixes #10998 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11000)
-
由 Kurt Roeckx 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> GH: #10786 (cherry picked from commit b744f915ca8bb37631909728dd2529289bda8438)
-
- 21 1月, 2020 2 次提交
-
-
由 Bernd Edlinger 提交于
Configure creates an empty crypto/include which gets not cleaned up with make distclean. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10893)
-
由 H.J. Lu 提交于
Move .cfi_startproc to the right place for RC4. Add missing .cfi_startproc and .cfi_endproc to RC4_options. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10872) (cherry picked from commit 967ef73013becef2aec3439f8c45204b24121018)
-
- 17 1月, 2020 1 次提交
-
-
由 Richard Levitte 提交于
Fixes #10853 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10857)
-
- 15 1月, 2020 1 次提交
-
-
由 kinichiro 提交于
CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10794) (cherry picked from commit 6a165fab239ec5b00b3cd68169a63b509207177d)
-
- 07 1月, 2020 2 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
This reverts commit 7b18d1a5, which moved the DEVRANDOM and DEVRANDOM_EGD defines into rand_unix.c. That change introduced the regression that the compiler complains about missing declarations in apps/version.c when OpenSSL is configured using `--with-rand-seed=devrandom` (resp. `--with-rand-seed=egd`): apps/version.c:173:42: error: 'DEVRANDOM' undeclared static const char *dev[] = { DEVRANDOM, NULL }; ^~~~~~~~~ Fixes #10759 Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10764)
-
由 Matt Caswell 提交于
The HMAC_CTX structure stores the original key in case the ctx is reused without changing the key. However, HMAC_Init_ex() checks its parameters such that the only code path where the stored key is ever used is in the case where HMAC_Init_ex is called with a NULL key and an explicit md is provided which is the same as the md that was provided previously. But in that case we can actually reuse the pre-digested key that we calculated last time, so we can refactor the code not to use the stored key at all. With that refactor done it is no longer necessary to store the key in the ctx at all. This means that long running ctx's will not keep the key in memory for any longer than required. Note though that the digested key *is* still kept in memory for the duration of the life of the ctx. Fixes #10743 Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10763)
-
- 05 1月, 2020 8 次提交
-
-
由 Andrew Hoang 提交于
ECDSA_do_verify() is a function that verifies a ECDSA signature given a hash and a public EC key. The function is supposed to return 1 on valid signature, 0 on invalid signature and -1 on error. Previously, we returned 0 if the key did not have a verify_sig method. This is actually an error case and not an invalid signature. Consequently, this patch updates the return code to -1. Fixes #8766 Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10693) (cherry picked from commit 26583f6aa8dc28e3598e61db66e54e2fdf8b195f)
-
由 Fangming.Fang 提交于
This change addresses a potential side-channel vulnerability in the internals of nistz256 low level operations for armv8. Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9239) (cherry picked from commit f5a659b6dfcc735a62c712dcca64d116d2289b97)
-
由 Bernd Edlinger 提交于
This is only used if configured with ./config -DECP_NISTZ256_REFERENCE_IMPLEMENTATION Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9239) (cherry picked from commit 7d4716648e8348dea862e198b9395478fae01907)
-
由 Bernd Edlinger 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9239) (cherry picked from commit e9fe87950db2e6169029b2ecf3ed09d64265bc9c)
-
由 Bernd Edlinger 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9239) (cherry picked from commit 3d139746ca72f0906c036d0a4a3e176c7b61ed1b)
-
由 Bernd Edlinger 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9239) (cherry picked from commit 0de3399b691f025153c8001045d5eeb0909dfd7a)
-
由 David Benjamin 提交于
Cherry picked from https://github.com/google/boringssl/commit/12d9ed670da3edd64ce8175cfe0e091982989c18Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9239) (cherry picked from commit 2baea7c7e0896658b74956cac6084dd7e82e8c1b)
-
由 Nicola Tuveri 提交于
This commit addresses a potential side-channel vulnerability in the internals of some elliptic curve low level operations. The side-channel leakage appears to be tiny, so the severity of this issue is rather low. The issue was reported by David Schrammel and Samuel Weiser. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9239) (cherry picked from commit 3cb914c463ed1c9e32cfb773d816139a61b6ad5f)
-
- 02 1月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
The New Year has caused various files to appear out of date to "make update". This causes Travis to fail. Therefore we update those files. Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10739)
-
- 24 12月, 2019 5 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/10679) (cherry picked from commit b2a00f62209add348deb8283c588ddbd572dc216)
-
由 Bernd Edlinger 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/10678) (cherry picked from commit 048fa13e5ef4ccd730561f79a6c91f38365994d1)
-
由 Bernd Edlinger 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/10677) (cherry picked from commit 275a048ffc1585a731e39d7e8e3f53766e8f48d7)
-
由 Bernd Edlinger 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/10676) (cherry picked from commit 9d079f2744b9b624c6fe75f95fc0f766ef88ffcf)
-
由 Bernd Edlinger 提交于
We store a secondary frame pointer info for the debugger in the red zone. This fixes a crash in the unwinder when this function is interrupted. Additionally the missing cfi function annotation is added to aesni_cbc_sha256_enc_shaext. [extended tests] Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10674) (cherry picked from commit 665de4d48aef2507022a7d74f5c7f6e339d5e6bc)
-
- 23 12月, 2019 1 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/10672) (cherry picked from commit eff5076a78502d1ac04669e44127d4bd7c0a9ce7)
-
- 21 12月, 2019 4 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/10655) (cherry picked from commit b0d3442efc10b635863b915c2d014345f6e5a219)
-
由 Bernd Edlinger 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/10654) (cherry picked from commit 95bbe6eff7aadc681e282ec957379b49d6f80ca8)
-
由 Bernd Edlinger 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/10653) (cherry picked from commit a5fe7825b970a6c937118a4f707f9ad367413794)
-
由 Bernd Edlinger 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/10652) (cherry picked from commit 013c2e8d1a272df444f47b8b54de1d51bc499887)
-