- 24 1月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
During a DTLS handshake we may need to periodically handle timeouts in the DTLS timer to ensure retransmits due to lost packets are performed. However, one peer will always complete a handshake before the other. The DTLS timer stops once the handshake has finished so any handshake messages lost after that point will not automatically get retransmitted simply by calling DTLSv1_handle_timeout(). However attempting an SSL_read implies a DTLSv1_handle_timeout() and additionally will process records received from the peer. If those records are themselves retransmits then we know that the peer has not completed its handshake yet and a retransmit of our final flight automatically occurs. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8047) (cherry picked from commit 80c455d5ae405e855391e298a2bf8a24629dd95d)
-
- 22 1月, 2019 1 次提交
-
-
由 Matt Eaton 提交于
Minor typo fix to `adjustment` in the line: "In such case you have to pass matching target name to Configure and shouldn't use -D__ANDROID_API__=N. PATH adjustment becomes simpler, $ANDROID_NDK/bin:$PATH suffices." Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8054) (cherry picked from commit 52bcd4afc84d75f9d22866a3cefaf9ae4e9ff997)
-
- 21 1月, 2019 3 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7286) (cherry picked from commit ac454d8d4663e2fcf8a8437fab8aefd883091c37)
-
由 Bernd Edlinger 提交于
If this fails try out if mfspr268 works. Use OPENSSL_ppccap=0x20 for enabling mftb, OPENSSL_ppccap=0x40 for enabling mfspr268, and OPENSSL_ppccap=0 for enabling neither. Fixes #8012 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8043) (cherry picked from commit c8f370485c43729db44b680e41e875ddd7f3108c)
-
由 Corey Minyard 提交于
If you use a BIO and set up your own buffer that is not freed, the memory bio will leak the BIO_BUF_MEM object it allocates. The trouble is that the BIO_BUF_MEM is allocated and kept around, but it is not freed if BIO_NOCLOSE is set. The freeing of BIO_BUF_MEM was fairly confusing, simplify things so mem_buf_free only frees the memory buffer and free the BIO_BUF_MEM in mem_free(), where it should be done. Alse add a test for a leak in the memory bio Setting a memory buffer caused a leak. Signed-off-by: NCorey Minyard <minyard@acm.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8051) (cherry picked from commit c6048af23c577bcf85f15122dd03b65f959c9ecb)
-
- 17 1月, 2019 3 次提交
-
-
由 David Benjamin 提交于
The RSAZ code requires the input be fully-reduced. To be consistent with the other codepaths, move the BN_nnmod logic before the RSAZ check. This fixes an oft-reported fuzzer bug. https://github.com/google/oss-fuzz/issues/1761Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7187) (cherry picked from commit 3afd537a3c2319f68280804004e9bf2e798a43f7)
-
由 Richard Levitte 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7922) (cherry picked from commit 9b10986d7742a5105ac8c5f4eba8b103caf57ae9)
-
由 Richard Levitte 提交于
Having a weak getauxval() and only depending on GNU C without looking at the library we build against meant that it got picked up where not really expected. So we change this to check for the glibc version, and since we know it exists from that version, there's no real need to make it weak. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/8028) (cherry picked from commit 5f40dd158cbfa0a3bd86c32f7a77fec8754bb245)
-
- 16 1月, 2019 1 次提交
-
-
由 Richard Levitte 提交于
It turns out that AT_SECURE may be defined through other means than our inclusion of sys/auxv.h, so to be on the safe side, we define our own guard and use that to determine if getauxval() should be used or not. Fixes #7932 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7933) (cherry picked from commit aefb980c45134d84f1757de1a9c61d699c8a7e33)
-
- 15 1月, 2019 4 次提交
-
-
由 Matt Caswell 提交于
We don't use this information so we shouldn't fetch it. As noted in the comments in #8005. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8020) (cherry picked from commit ea09abc80892920ee5db4de82bed7a193b5896f0)
-
由 Matt Caswell 提交于
Fixes #8005 Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8020) (cherry picked from commit 7fe0ed75e3e7760226a0a3a5a86cf3887004f6e4)
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8019) (cherry picked from commit d63bde7827b0be1172f823baf25309b54aa87e0f)
-
由 Matt Caswell 提交于
Spotted by OSTIF audit Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8019) (cherry picked from commit 0a5bda639f8fd59e15051cf757708e3b94bcf399)
-
- 09 1月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
We were setting a limit of SSL3_RT_MAX_PLAIN_LENGTH on the size of the ClientHello. AFAIK there is nothing in the standards that requires this limit. The limit goes all the way back to when support for extensions was first added for TLSv1.0. It got converted into a WPACKET max size in 1.1.1. Most likely it was originally added to avoid the complexity of having to grow the init_buf in the middle of adding extensions. With WPACKET this is irrelevant since it will grow automatically. This issue came up when an attempt was made to send a very large certificate_authorities extension in the ClientHello. We should just remove the limit. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7424) (cherry picked from commit 7835e97b6ff5cd94a10c5aeac439f4aa145a77b2)
-
- 08 1月, 2019 3 次提交
-
-
由 FdaSilvaYY 提交于
5. check_return: Calling EVP_EncodeUpdate without checking return value (as is done elsewhere 4 out of 5 times). Fix CID 1371695, 1371698: Resource leak in test/evp_test.c - leaked_storage: Variable edata going out of scope leaks the storage it points to. - leaked_storage: Variable encode_ctx going out of scope leaks the storage it points to Fix CID 1430437, 1430426, 1430429 : Dereference before null check in test/drbg_cavs_test.c check_after_deref: Null-checking drbg suggests that it may be null, but it has already been dereferenced on all paths leading to the check Fix CID 1440765: Dereference before null check in test/ssltestlib.c check_after_deref: Null-checking ctx suggests that it may be null, but it has already been dereferenced on all paths leading to the check. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7993) (cherry picked from commit 760e2d60e62511a6fb96f547f6730d05eb5f47ec)
-
由 Viktor Dukhovni 提交于
1. In addition to overriding the default application name, one can now also override the configuration file name and flags passed to CONF_modules_load_file(). 2. By default we still keep going when configuration file processing fails. But, applications that want to be strict about initialization errors can now make explicit flag choices via non-null OPENSSL_INIT_SETTINGS that omit the CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far been both undocumented and unused). 3. In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG if the options already include OPENSSL_INIT_NO_LOAD_CONFIG. 4. Don't set up atexit() handlers when called with opts equal to OPENSSL_INIT_BASE_ONLY (this flag should only be used alone). Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7969)
-
由 Viktor Dukhovni 提交于
Some Travis builds appear to fail because generated objects get 2019 copyrights now, and the diff complains. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7969)
-
- 07 1月, 2019 3 次提交
-
-
由 Matt Caswell 提交于
This was complicated by the fact that we were using this extension for our duplicate extension handling tests. In order to add tests for cryptopro bug the duplicate extension handling tests needed to change first. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7984) (cherry picked from commit 9effc496ad8a9b0ec737c69cc0fddf610a045ea4)
-
由 Matt Caswell 提交于
The cryptopro extension is supposed to be unsolicited and appears in the ServerHello only. Additionally it is unofficial and unregistered - therefore we should really treat it like any other unknown extension if we see it in the ClientHello. Fixes #7747 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7984) (cherry picked from commit 23fed8ba0ec895e1b2a089cae380697f15170afc)
-
由 Dr. Matthias St. Pierre 提交于
This looks like a copy&paste error from req.pod to x509.pod. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7995) (cherry picked from commit 67ee899cb51d3e3d7b5f00b878f8f82a097b93f0)
-
- 06 1月, 2019 2 次提交
-
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7985) (cherry picked from commit 673e0bbbe4b9cbd19a247c0b18c171bb0421915a)
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7979) (cherry picked from commit 87bbbfb1e4fc2035e8f9ec1d6313a41c410a3218)
-
- 05 1月, 2019 7 次提交
-
-
由 Matt Caswell 提交于
This enables cleanup to happen on DLL unload instead of at process exit. [extended tests] Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7983)
-
由 Matt Caswell 提交于
This option prevents OpenSSL from pinning itself in memory. Fixes #7598 [extended tests] Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7983)
-
由 Matt Caswell 提交于
Test that atexit handlers get called properly at process exit, unless we have explicitly asked for them not to be. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7983)
-
由 Matt Caswell 提交于
The whole point of shlibloadtest is to test dynamically loading and unloading the library. If we link shlibloadtest against libcrypto then that might mask potential issues. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7983)
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7983)
-
由 Matt Caswell 提交于
We have a number of instances where there are multiple "init" functions for a single CRYPTO_ONCE variable, e.g. to load config automatically or to not load config automatically. Unfortunately the RUN_ONCE mechanism was not correctly giving the right return value where an alternative init function was being used. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7983)
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7983)
-
- 03 1月, 2019 3 次提交
-
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7971) (cherry picked from commit 9c5ef4ea486f675f33592b34775c3e453f60ee69)
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7971) (cherry picked from commit d072eea2e39c4444ecce3598556053a4c552d9a2)
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7973)
-
- 31 12月, 2018 2 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/7962) (cherry picked from commit 1f483a69bce11c940309edc437eee6e32294d5f2)
-
由 Bernd Edlinger 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7913) (cherry picked from commit 0b4233f5a4a181a6dcb7c511cd2663e500e659a4)
-
- 29 12月, 2018 1 次提交
-
-
由 Behrang 提交于
CLA: Trivial Fixes #7928. Reviewed-by: NPaul Yang <yang.yang@baishancloud.com> Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7973) (cherry picked from commit 005247af76aa8d623fadbf3a82aa7b8ef449989f)
-
- 28 12月, 2018 1 次提交
-
-
由 Michael Richardson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7959) (cherry picked from commit fff1470cda05dedd98d2e8e18c3bc320635365d4)
-
- 23 12月, 2018 4 次提交
-
-
由 Jung-uk Kim 提交于
FreeBSD does not enable cryptodev(4) by default. OpenBSD disabled support for /dev/crypto by default from 4.9 and removed it from 5.7. Now the engine is properly enabled by default on BSD platforms (see #7885), it continuously complains: Could not open /dev/crypto: No such file or directory Hide the nagging error message behind ENGINE_DEVCRYPTO_DEBUG. CLA: trivial Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7896) (cherry picked from commit c79a022da973140c141eeebff9170ca5702be0f9)
-
由 Shreya Bhandare 提交于
CLA: trivial Function EVP_PKEY_size has been modified to take a const parameter Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7892) (cherry picked from commit 47ec2367ebf6082abb103e66e609feb5c128d358)
-
由 FdaSilvaYY 提交于
Call to i2d method returns an int value. Fix: CID 1338183 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS) CID 1371691 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS) CID 1371692 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS) [extended tests] Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7359) (cherry picked from commit da84249be6492ccfc5ecad32ac367fd06e9bdbef)
-
由 FdaSilvaYY 提交于
CID 1440002 (#1 of 1): Use after free (USE_AFTER_FREE) Not a deadly error, because error was just before app exit. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7359) (cherry picked from commit 39fc4c17c49d248e0757bac9aa8863d205c7ad12)
-