Age | Commit message (Collapse) | Author |
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
The calculation in some cases does not finish for non-prime p.
This fixes CVE-2022-0778.
Based on patch by David Benjamin <davidben@google.com>.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17861)
(cherry picked from commit abdb2278d2b65ae87bee3121be83322e4219b396)
|
|
Make its value an absolute path.
This was already fixed in all other build file templates, but for some
reason, not here.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17865)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17854)
(cherry picked from commit 2cb52118ddd1d82d7b6028372238eaa2467bbd48)
|
|
This was previously fixed in 3.0 but not 1.1.
Fixes #13008.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17808)
|
|
If TCP is being used, protocol = 0 is passed to init_client(), then
protocol == IPPROTO_TCP fails when attempting to set BIO_SOCK_NODELAY.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17838)
(cherry picked from commit 54b6755702309487ea860e1cc3e60ccef4cf7878)
|
|
Resolves #17827
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17828)
(cherry picked from commit 175355923046921a689b500f7a72455f7095708f)
|
|
Documents a bug in openssl cms -binary for 1.1 whereby it cannot process
input using LF line endings correctly. Binary input processing was
reworked substantially for 3.0 and backporting these changes doesn't
appear reasonable.
Fixes #17797.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17810)
|
|
(manually cherry picked from commit d71151ae704847f4ac3f4a5f394ea64f1d229815)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17791)
|
|
Fixes #17743
(manually cherry picked from commit b139a95665eb023b38695d62d9dfc28f3fb89972)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17791)
|
|
`SSL_kECDHE` and `SSL_kEECDH`, and `SSL_kDHE` and `SSL_kEDH` are already
marked as aliases of each other in the headers.
This commit, for each pair, replaces the leftover uses of the latter
synonym with the first one, which is considered more common.
(manually cherry picked from commit 66914fc024cfe0fec00dc0f2c7bd8a7957da5ec4)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17791)
|
|
copy_argv was never initialization code.
Make it self-cleaning too.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17746)
|
|
This fixes a bug whereby BN_mod_exp2_mont can dereference a NULL pointer
if BIGNUM argument m represents zero.
Regression test added. Fixes #17648. Backport from master to 1.1.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17787)
|
|
Fixes #12491.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17744)
(cherry picked from commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5)
|
|
Since the potential failure of memory allocation, it
should be better to check the return value of the
OPENSSL_strndup(), like x509v3_add_len_value().
And following the comment of 'if (astrlen < 0)',
return -1 if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17737)
(cherry picked from commit 366a16263959c0b6599f0b9ec18124d75560c6ef)
|
|
if the newly loaded engine contains the symbol
EVP_PKEY_get_base_id, we know it is linked to 3.x openssl.
Abort loading this engine, as it will definitely crash.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17541)
|
|
This problem happens usually because an application
links libcrypto and/or libssl statically which
installs an atexit handler, but later an engine using
a shared instance of libcrypto is installed.
The problem is in simple words that both instances
of libcrypto have an atexit handler installed,
but both are unable to coordinate with each other,
which causes a crash, typically a use-after-free
in the engine's destroy function.
Work around that by preventing the engine's
libcrypto to install the atexit handler.
This may result in a small memory leak, but that
memory is still reachable.
Fixes #15898
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17541)
|
|
This brings these tests in line with 3.0 and master and makes them
fail correctly.
Fixes #17612
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17619)
|
|
Fixes #17549
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17636)
(cherry picked from commit 984cc9a0284ee4800862aa305f9f178827baf459)
|
|
It's not at all necessary, and on some platforms, it's disruptive
(leads to unresolved symbols because of object files that get included
in the link that depend on libssl).
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17637)
|
|
CLA: trivial
To get the master branch compiled with DJGPP some minor
adjustments are required. They will have no impact on any other ports.
The DJGPP port uses the Watt-32 library to provide the required network
functionality and some of its headers need to be included.
Neither DJGPP nor the Watt-32 library provide in_addr_t thus it must be
provided as it is done for OPENSSL_SYS_WINDOWS in crypto/bio/b_addr.c.
In the DJGPP section of include/internal/sockets.h the following Watt-32
headers must be added:
- arpa/inet.h: to provide declaration of inet_ntoa required in crypto/bio/b_addr.c
- netinet/tcp.h: to provide defintion of TCP_NODELAY required in crypto/bio/b_sock2.c
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17623)
(cherry picked from commit b9b211fcb6b9068ef1d8729a4971fbe693fd2cde)
|
|
In particular:
X509_STORE_CTX_set_purpose()
X509_STORE_CTX_set_trust();
X509_STORE_CTX_purpose_inherit();
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17604)
|
|
This function was previously incorrectly failing if it is called with
X509_PURPOSE_ANY. Add a test to catch this.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17604)
|
|
The function X509_STORE_CTX_purpose_inherit() can be called with a 0
default purpose. If the main purpose was set to X509_PURPOSE_ANY this
would case the function to incorrectly return an error response.
Fixes #17367
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17604)
|
|
Fixes #17583
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17589)
(cherry picked from commit 2ce0a3d19005271e7e3c351b562d9da93e2d4c80)
|
|
We check that the init and cleanup functions for the custom method are
called as expected.
Based on an original reproducer by Dmitry Belyavsky from issue #17149.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17472)
|
|
If an EVP_MD_CTX is reused then memory allocated and stored in md_data
can be leaked unless the EVP_MD's cleanup function is called.
Fixes #17149
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17472)
|
|
This function is inherently thread-unsafe,
and moreover it is unnecessary here, because
OPENSSL_init_crypto always calls it in a thread-safe way.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17468)
|
|
Fixes #17426
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17439)
|
|
Fixes #17364
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17395)
|
|
use goto instead of returning directly while error handling
Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17404)
(cherry picked from commit ea4d16bc60dee53feb71997c1e78379eeb69b7ac)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17401)
|
|
This backports the doc improvements of #17188.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit e36d10925396b6519e1abd338e1ef62cd5b1c9e6)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(cherry picked from commit c2d1ad0e048dd3bfa60e6aa0b5ee343cc6d97a15)
(cherry picked from commit fb72a093f88f7332069659994b67f6b19aceb865)
(Merged from https://github.com/openssl/openssl/pull/17341)
|
|
The use of -proxy prevented s_client from correctly sending the target
hostname as SNI data.
Fixes #17232
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17249)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17351)
|
|
* Evaluating code-refs in Configure can sometimes set the default
variable `$_`
* Prevent spillage influencing the target property by using named
variable in loop
CLA: trivial
Fixes gh-17321
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17322)
(cherry picked from commit a595e3286ae9f033c56452967b3add2145f9085f)
|
|
Fixed #17296
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17302)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17273)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17271)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17269)
|
|
bn_sqr_comba8 does for instance compute a wrong result for the value:
a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b2346 ee210f45
The correct result is:
r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3d 97ed17d4 7950b465 3cb32899
but the actual result was:
r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3c 97ed17d4 7950b465 3cb32899
so the forth word of the result was 0x75be8e3c but should have been
0x75be8e3d instead.
Likewise bn_sqr_comba4 has an identical bug for the same value as well:
a=0x022181ba fd3aa878 899b2346 ee210f45
correct result:
r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3d 97ed17d4 7950b465 3cb32899
wrong result:
r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3c 97ed17d4 7950b465 3cb32899
Fortunately the bn_mul_comba4/8 code paths are not affected.
Also the mips64 target does in fact not handle the carry propagation
correctly.
Example:
a=0x4aaac91900000000 62056c8400000000 fba7334e00000000 1a6be67800000000
022181ba00000000 fd3aa87800000000 899b234635dad283 ee210f4500000001
correct result:
r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
2822309cd1d292f9 6fa698c972372f09 771e97d3a868cda0 dc421e8a00000001
wrong result:
r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
2822309cd1d292f8 6fa698c972372f09 771e97d3a868cda0 dc421e8a00000001
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17258)
(cherry picked from commit 336923c0c8d705cb8af5216b29a205662db0d590)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17131)
|