- 28 9月, 2019 2 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9681)
-
由 Dr. Matthias St. Pierre 提交于
Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: While header files in 'include/internal' are intended to be shared between libcrypto and libssl, the files in 'crypto/include/internal' are intended to be shared inside libcrypto only. To make things complicated, the include search path is set up in such a way that the directive #include "internal/file.h" could refer to a file in either of these two directoroes. This makes it necessary in some cases to add a '_int.h' suffix to some files to resolve this ambiguity: #include "internal/file.h" # located in 'include/internal' #include "internal/file_int.h" # located in 'crypto/include/internal' This commit moves the private crypto headers from 'crypto/include/internal' to 'include/crypto' As a result, the include directives become unambiguous #include "internal/file.h" # located in 'include/internal' #include "crypto/file.h" # located in 'include/crypto' hence the superfluous '_int.h' suffixes can be stripped. The files 'store_int.h' and 'store.h' need to be treated specially; they are joined into a single file. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9681)
-
- 10 9月, 2019 6 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9847)
-
由 Bernd Edlinger 提交于
Due to the dynamic allocation that was added to rand_pool_add_begin this function could now return a null pointer where it was previously guaranteed to succeed. But the return value of this function does not need to be checked by design. Move rand_pool_grow from rand_pool_add_begin to rand_pool_bytes_needed. Make an allocation error persistent to avoid falling back to less secure or blocking entropy sources. Fixes: a6a66e4511ee ("Make rand_pool buffers more dynamic in their sizing.") Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9687) (cherry picked from commit fa3eb248e29ca8031e6a14e8a2c6f3cd58b5450e)
-
由 Bernd Edlinger 提交于
There was a warning about unused variables in this config: ./config --strict-warnings --with-rand-seed=rdcpu Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9687) (cherry picked from commit e301c147a763f67dcc5ba63eb7e2ae40d83a68aa)
-
由 Dr. Matthias St. Pierre 提交于
Since commit 7c226dfc a chained DRBG does not add additional data anymore when reseeding from its parent. The reason is that the size of the additional data exceeded the allowed size when no derivation function was used. This commit provides an alternative fix: instead of adding the entire DRBG's complete state, we just add the DRBG's address in memory, thereby providing some distinction between the different DRBG instances. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9802)
-
由 Dr. Matthias St. Pierre 提交于
Provides a little extra fork-safety on UNIX systems, adding to the fact that all DRBGs reseed automatically when the fork_id changes. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9802)
-
由 Dr. Matthias St. Pierre 提交于
When the new OpenSSL CSPRNG was introduced in version 1.1.1, it was announced in the release notes that it would be fork-safe, which the old CSPRNG hadn't been. The fork-safety was implemented using a fork count, which was incremented by a pthread_atfork handler. Initially, this handler was enabled by default. Unfortunately, the default behaviour had to be changed for other reasons in commit b5319bdb, so the new OpenSSL CSPRNG failed to keep its promise. This commit restores the fork-safety using a different approach. It replaces the fork count by a fork id, which coincides with the process id on UNIX-like operating systems and is zero on other operating systems. It is used to detect when an automatic reseed after a fork is necessary. To prevent a future regression, it also adds a test to verify that the child reseeds after fork. CVE-2019-1549 Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9802)
-
- 09 9月, 2019 1 次提交
-
-
由 Bernd Edlinger 提交于
crypto/rand/rand_win.c(70) : error C2065: 'BCRYPT_USE_SYSTEM_PREFERRED_RNG' : undeclared identifier Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9827) (cherry picked from commit d3a1128bc25ec8bf835c81821e1be68fba39ab4b)
-
- 05 9月, 2019 2 次提交
-
-
由 Bernd Edlinger 提交于
Fixes #9757 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9761) (cherry picked from commit 41ffd2ab09d24692c71850ccd7d5ff154196fe01)
-
由 Bernd Edlinger 提交于
This will never be the case for 1.1.1 so removed. Fixes: comment 1 of #9757 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9762)
-
- 30 8月, 2019 1 次提交
-
-
由 Pauli 提交于
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9734) (cherry picked from commit 46a9cc9451213039fd53f62733b2ccd04e853bb2)
-
- 24 8月, 2019 1 次提交
-
-
由 Pauli 提交于
There is a problem in the rand_unix.c code when the random seed fd is greater than or equal to FD_SETSIZE and the FDSET overruns its limit and walks the stack. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9686) (cherry picked from commit e1f8584d47a499301fba781086af6885fcf21fec)
-
- 20 8月, 2019 1 次提交
-
-
由 Pauli 提交于
Improve handling of low entropy at start up from /dev/urandom by waiting for a read(2) call on /dev/random to succeed. Once one such call has succeeded, a shared memory segment is created and persisted as an indicator to other processes that /dev/urandom is properly seeded. This does not fully prevent against attacks weakening the entropy source. An attacker who has control of the machine early in its boot sequence could create the shared memory segment preventing detection of low entropy conditions. However, this is no worse than the current situation. An attacker would also be capable of removing the shared memory segment and causing seeding to reoccur resulting in a denial of service attack. This is partially mitigated by keeping the shared memory alive for the duration of the process's existence. Thus, an attacker would not only need to have called call shmctl(2) with the IPC_RMID command but the system must subsequently enter a state where no instances of libcrypto exist in any process. Even one long running process will prevent this attack. The System V shared memory calls used here go back at least as far as Linux kernel 2.0. Linux kernels 4.8 and later, don't have a reliable way to detect that /dev/urandom has been properly seeded, so a failure is raised for this case (i.e. the getentropy(2) call has already failed). Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9595) [manual merge]
-
- 19 8月, 2019 2 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9639) (cherry picked from commit 038b381ecf2a988eee4c7bb21074ed0603303bd1)
-
由 Bernd Edlinger 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9619) (cherry picked from commit 24d932ec842bc5fdbd5e9b519cecf15a56bc74e6)
-
- 14 8月, 2019 1 次提交
-
-
由 opensslonzos-github 提交于
Fix a few places where calling ossl_isdigit does the wrong thing on EBCDIC based systems. Replaced with ascii_isdigit. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9556) (cherry picked from commit 48102247ff513d4c57b40b19c1d432f37b9e4b02)
-
- 01 8月, 2019 1 次提交
-
-
由 Antoine Cœur 提交于
CLA: trivial Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9295)
-
- 23 7月, 2019 2 次提交
-
-
由 Pauli 提交于
The rand pool support allocates maximal sized buffers -- this is typically 12288 bytes in size. These pools are allocated in secure memory which is a scarse resource. They are also allocated per DRBG of which there are up to two per thread. This change allocates 64 byte pools and grows them dynamically if required. 64 is chosen to be sufficiently large so that pools do not normally need to grow. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9428) (cherry picked from commit a6a66e4511eec0f4ecc2943117a42b3723eb2222)
-
由 Bernd Edlinger 提交于
The additional data allocates 12K per DRBG instance in the secure memory, which is not necessary. Also nonces are not considered secret. [extended tests] Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9424)
-
- 19 6月, 2019 1 次提交
-
-
由 Rebecca Cran 提交于
CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9149)
-
- 09 6月, 2019 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
The DEVRANDOM_WAIT feature added a select() call to wait for the `/dev/random` device to become readable before reading from the `/dev/urandom` device. It was introduced in commit 38023b87f037 in order to mitigate the fact that the `/dev/urandom` device does not block until the initial seeding of the kernel CSPRNG has completed, contrary to the behaviour of the `getrandom()` system call. It turned out that this change had negative side effects on performance which were not acceptable. After some discussion it was decided to revert this feature and leave it up to the OS resp. the platform maintainer to ensure a proper initialization during early boot time. Fixes #9078 This partially reverts commit 38023b87f037. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (cherry picked from commit a08714e18131b1998faa0113e5bd4024044654ac) (Merged from https://github.com/openssl/openssl/pull/9118)
-
- 30 5月, 2019 1 次提交
-
-
由 Pauli 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8606) (cherry picked from commit 711a161f03ef9ed7cd149a22bf1203700c103e96)
-
- 28 5月, 2019 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9034)
-
- 02 4月, 2019 3 次提交
-
-
由 Richard Levitte 提交于
I turns out that this made crypto/rand/rand_win.c to never build with BCrypt support unless the user sets _WIN32_WINNT. That wasn't the intent. This reverts commit cc8926ec8fcecae89ceab91ef753de93e49568f9. Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8641) (cherry picked from commit 705a27f7e07c006b167b59070ff635a61f8e0407)
-
由 Dr. Matthias St. Pierre 提交于
BCryptGenRandom() is available for Windows Vista and newer versions, see https://docs.microsoft.com/en-us/windows/desktop/api/bcrypt/nf-bcrypt-bcryptgenrandomReviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8639) (cherry picked from commit 2621e6405d7f4765bc57c86ec441129e7d367f14)
-
由 Richard Levitte 提交于
This helps decide if the BCrypt API should be used or not. Fixes #8635 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8638) (cherry picked from commit cc8926ec8fcecae89ceab91ef753de93e49568f9)
-
- 29 3月, 2019 1 次提交
-
-
由 Soujyu Tanaka 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8596) (cherry picked from commit 3d098890b23598d1f9455b354f46045a231459cd)
-
- 22 3月, 2019 1 次提交
-
-
由 Pauli 提交于
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8554) (cherry picked from commit b3d113ed2993801ee643126118ccf6592ad18ef7)
-
- 15 3月, 2019 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Fixes #8487 Amends #7230 Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8488) (cherry picked from commit 355417eb4611014767480e5d3e96b1b08eb02700)
-
- 02 3月, 2019 1 次提交
-
-
由 Bernd Edlinger 提交于
Use select to wait for /dev/random in readable state, but do not actually read anything from /dev/random, use /dev/urandom first. Use linux define __NR_getrandom instead of the glibc define SYS_getrandom, in case the kernel headers are more current than the glibc headers. Fixes #8215 Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/8251) (cherry picked from commit 38023b87f037f4b832c236dfce2a76272be08763)
-
- 26 2月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8347)
-
- 25 1月, 2019 1 次提交
-
-
由 Klotz, Tobias 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7569) (cherry picked from commit 5c8b7b4caa0faedb69277063a7c6b3a8e56c6308)
-
- 09 11月, 2018 1 次提交
-
-
由 Bernd Edlinger 提交于
Fixes #7022 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7588) (cherry picked from commit e2d227bb4a25bb75354a40816439630a8162f073)
-
- 08 11月, 2018 3 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Commit c7504aeb (pr #6432) fixed a regression for applications in chroot environments, which compensated the fact that the new OpenSSL CSPRNG (based on the NIST DRBG) now reseeds periodically, which the previous one didn't. Now the reseeding could fail in the chroot environment if the DEVRANDOM devices were not present anymore and no other entropy source (e.g. getrandom()) was available. The solution was to keep the file handles for the DEVRANDOM devices open by default. In fact, the fix did more than this, it opened the DEVRANDOM devices early and unconditionally in rand_pool_init(), which had the unwanted side effect that the devices were opened (and kept open) even in cases when they were not used at all, for example when the getrandom() system call was available. Due to a bug (issue #7419) this even happened when the feature was disabled by the application. This commit removes the unconditional opening of all DEVRANDOM devices. They will now only be opened (and kept open) on first use. In particular, if getrandom() is available, the handles will not be opened unnecessarily. This change does not introduce a regression for applications compiled for libcrypto 1.1.0, because the SSLEAY RNG also seeds on first use. So in the above constellation the CSPRNG will only be properly seeded if it is happens before the forking and chrooting. Fixes #7419 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7437) (cherry picked from commit 8cfc19716c22dac737ec8cfc5f7d085e7c37f4d8)
-
由 Dr. Matthias St. Pierre 提交于
and remove duplicate rand_drbg_seedlen() implementation again. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7462) (cherry picked from commit 1c615e4ce97715ae3af9255bc57be32a49687966)
-
由 Pauli 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7587) (cherry picked from commit ac765685d4b08a48cefffc71c434760045154dad)
-
- 07 11月, 2018 2 次提交
-
-
由 Bernd Edlinger 提交于
... to make the intended use more clear and differentiate it from the data member "adin_pool". Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7575) (cherry picked from commit 31f32abb8eb2a3ebd8500e6e0460b4a6791e5ed7)
-
由 Bernd Edlinger 提交于
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7532)
-
- 06 11月, 2018 1 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7518)
-