- 24 8月, 2018 6 次提交
-
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7007)
-
由 Andy Polyakov 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6915)
-
由 Andy Polyakov 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6915)
-
由 Andy Polyakov 提交于
In [most common] case of p and q being of same width, it's possible to replace CRT modulo operations with Montgomery reductions. And those are even fixed-length Montgomery reductions... Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6915)
-
由 Andy Polyakov 提交于
Add bn_{mul|sqr}_fixed_top, bn_from_mont_fixed_top, bn_mod_sub_fixed_top. Switch to bn_{mul|sqr}_fixed_top in bn_mul_mont_fixed_top and remove memset in bn_from_montgomery_word. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6915)
-
由 Kurt Roeckx 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> GH: #7033
-
- 23 8月, 2018 5 次提交
-
-
由 parasssh 提交于
CLA: trivial Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7038)
-
由 Matthias Kraft 提交于
The shared libraries are now stored as members of archives, as it is usual on AIX. To correctly address this the custom dladdr()-implementation as well as the dlfcn_load() routine need to be able to cope with such a construct: libname.a(libname.so). Signed-off-by: NMatthias Kraft <Matthias.Kraft@softwareag.com> Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6872)
-
由 Andy Polyakov 提交于
It was assumed that CRYPTO_THREAD_LOCAL is universally scalar type, which doesn't appear to hold true. Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6976)
-
由 Andy Polyakov 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6998)
-
由 Andy Polyakov 提交于
Original could allocate nid and then bail out on malloc failure. Instead allocate first *then* attempt to create object. Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6998)
-
- 22 8月, 2018 10 次提交
-
-
由 Matt Caswell 提交于
This follows on from the previous commit, and makes the same change to ignore the digest if we are using EdDSA. Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6901)
-
由 Matt Caswell 提交于
Previously you had to supply "null" as the digest to use EdDSA. This changes things so that any digest is ignored. Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6901)
-
由 Matt Caswell 提交于
We recently turned on the TLSv1.3 downgrade sentinels by default. Unfortunately we are using a very old version of the BoringSSL test runner which uses an old draft implementation of TLSv1.3 that also uses the downgrade sentinels by default. The two implementations do not play well together and were causing spurious test failures. Until such time as we update the BoringSSL test runner we disable the failing tests: SendFallbackSCSV In this test the client is OpenSSL and the server is the boring test runner. The client and server fail to negotiate TLSv1.3 because the test runner is using an old draft TLSv1.3 version. The server does however add the TLSv1.3->TLSv1.2 downgrade sentinel in the ServerHello random. Since we recently turned on checking of the downgrade sentinels on the client side this causes the connection to fail. VersionNegotiationExtension-TLS11 In this test the test runner is the client and OpenSSL is the server. The test modifies the supported_versions extension sent by the client to only include TLSv1.1 (and some other spurious versions), even though the client does actually support TLSv1.2. The server successfully selects TLSv1.1, but adds the TLSv1.3->TLSv1.1 downgrade sentinel. This behaviour was recently switched on by default. The test runner then checks the downgrade sentinel and aborts the connection because it knows that it really supports TLSv1.2. VersionNegotiationExtension-TLS1 VersionNegotiationExtension-SSL3 The same as VersionNegotiationExtension-TLS11 but for TLSv1 and SSLv3. ConflictingVersionNegotiation In this test the client is the test runner, and OpenSSL is the server. The client offers TLSv1.2 in ClientHello.version, but also adds a supported_versions extension that only offers TLSv1.1. The supported_versions extension takes precedence and the server (correctly) selects TLSv1.1. However it also adds the TLSv1.3->TLSv1.1 downgrade sentinel. On the client side it knows it actually offered TLSv1.2 and so the downgrade sentinel check fails. [extended tests] Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7013)
-
由 Matt Caswell 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7013)
-
由 Matt Caswell 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7013)
-
由 Matt Caswell 提交于
We need to ensure that the min-max version range we use when constructing the ClientHello is the same range we use when we validate the version selected by the ServerHello. Otherwise this may appear as a fallback or downgrade. Fixes #6964 Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7013)
-
由 Dr. Matthias St. Pierre 提交于
Fixes #7022 In pull request #6432 a change was made to keep the handles to the random devices opened in order to avoid reseeding problems for applications in chroot environments. As a consequence, the handles of the random devices were leaked at exit if the random generator was not used by the application. This happened, because the call to RAND_set_rand_method(NULL) in rand_cleanup_int() triggered a call to the call_once function do_rand_init, which opened the random devices via rand_pool_init(). Thanks to GitHub user @bwelling for reporting this issue. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7023)
-
由 Jakub Wilk 提交于
CLA: trivial Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7021)
-
由 Tomas Mraz 提交于
The TLS-1.3 ciphersuites must not be blocked by @SECLEVEL=3 even though they are not explicitly marked as using DH/ECDH. Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6959)
-
由 Pauli 提交于
This commit destroys the free list pointers which would otherwise be present in the returned memory blocks. This in turn helps prevent information leakage from the secure memory area. Note: CRYPTO_secure_malloc is not guaranteed to return zeroed memory: before the secure memory system is initialised or if it isn't implemented. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7011)
-
- 21 8月, 2018 4 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7019)
-
由 Nicola Tuveri 提交于
The EFD database does not state that the "ladd-2002-it-3" algorithm assumes X1 != 0. Consequently the current implementation, based on it, fails to compute correctly if the affine x coordinate of the scalar multiplication input point is 0. We replace this implementation using the alternative algorithm based on Eq. (9) and (10) from the same paper, which being derived from the additive relation of (6) does not incur in this problem, but costs one extra field multiplication. The EFD entry for this algorithm is at https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-ladd-2002-it-4 and the code to implement it was generated with tooling. Regression tests add one positive test for each named curve that has such a point. The `SharedSecret` was generated independently from the OpenSSL codebase with sage. This bug was originally reported by Dmitry Belyavsky on the openssl-users maling list: https://mta.openssl.org/pipermail/openssl-users/2018-August/008540.htmlCo-authored-by: NBilly Brumley <bbrumley@gmail.com> Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7000)
-
- 20 8月, 2018 5 次提交
-
-
由 Matt Caswell 提交于
We already have SSL_set_post_handshake_auth(). This just adds the SSL_CTX equivalent. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6938)
-
由 Matt Caswell 提交于
Having post handshake auth automatically switched on breaks some applications written for TLSv1.2. This changes things so that an explicit function call is required for a client to indicate support for post-handshake auth. Fixes #6933. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6938)
-
由 Pauli 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6993)
-
由 parasssh 提交于
CLA: trivial Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7005)
-
由 Pauli 提交于
spurious output when checking for error conditions. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6899)
-
- 19 8月, 2018 4 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Don't discard partial reads from /dev/*random and retry instead. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6990)
-
由 Dr. Matthias St. Pierre 提交于
Fixes #6978 Don't discard partial reads from syscall_random() and retry instead. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6990)
-
由 Dr. Matthias St. Pierre 提交于
Change return value type to ssize_t and ensure that a negative value is returned only if a corresponding errno is set. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6990)
-
由 Andy Polyakov 提交于
The option has no meaning on Darwin, but it can bail out in combination with -fembed-bitcode or -no-integrated-as... Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 18 8月, 2018 2 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7001)
-
由 Benjamin Kaduk 提交于
gcc 4.6 (arguably erroneously) warns about our use of 'free' as the name of a function parameter, when --strict-warnings is enabled: crypto/x509/x509_meth.c: In function 'X509_LOOKUP_meth_set_free': crypto/x509/x509_meth.c:61:12: error: declaration of 'free' shadows a global declaration [-Werror=shadow] cc1: all warnings being treated as errors make[1]: *** [crypto/x509/x509_meth.o] Error 1 (gcc 4.8 is fine with this code, as are newer compilers.) Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6991)
-
- 17 8月, 2018 2 次提交
-
-
由 Andy Polyakov 提交于
CRYPTO_atomic_read was added with intention to read statistics counters, but readings are effectively indistinguishable from regular load (even in non-lock-free case). This is because you can get out-dated value in both cases. CRYPTO_atomic_write was added for symmetry and was never used. Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6883)
-
由 Richard Levitte 提交于
Fixes #6980 Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6981)
-
- 16 8月, 2018 1 次提交
-
-
由 Andy Polyakov 提交于
Relax memory_order on counter decrement itself, because mutable members of the reference-counted structure should be visible on all processors independently on counter. [Even re-format and minimize dependency on other headers.] Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6900)
-
- 15 8月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
The TLSv1.4 tolerance test wasn't testing what we thought it was. Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6741)
-