Age | Commit message (Collapse) | Author |
|
Reviewed-by: Steve Marquess <marquess@openssl.com>
(cherry picked from commit ab29c82a55f3583a490733dd521ea6c486e8e2fb)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 3cd7aef34d0d414d27ab00abadb99265a2cffde9)
|
|
As part of this, move release creation to a script to be called from
.travis.yml. That makes it much easier to test outside of travis.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 382af61f6213e975b4c2a50fd8b9fedd23d86ab5)
|
|
Introducing DISTTARVARS to propagate changed variables down to the
tar-making target.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4d3c30a1799bf7b4dc7223b84417c4de992a6b9c)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
It seems like some tar versions don't like the name:id form for
--owner and --group. The closest known anonymous user being 0 (root),
that seems to be the most appropriate user/group to assign ownership
to. It matters very little when unpacking either way.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit b91dd150d2b9b5ddca37722e7f52ea59ba7f80da)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 451a5bdf0386d7acf091c3e3b39107e5ed8be25d)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 475fc3d8729190fd12b4ff23d6ec488439fb78f9)
|
|
Make TARFILE include ../ instead of having that hard coded all over the place.
When transforming file names in TAR_COMMAND, use $(NAME) instead of openssl-$(VERSION)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4a544810f08539f1549eea9be36bd878c67c8e26)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Update the CHANGES and NEWS files for the new release.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Avoid seg fault by checking mgf1 parameter is not NULL. This can be
triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.
Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug.
CVE-2015-3194
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit e7c078db57908cbf16074c68034977565ffaf107)
|
|
When parsing a combined structure pass a flag to the decode routine
so on error a pointer to the parent structure is not zeroed as
this will leak any additional components in the parent.
This can leak memory in any application parsing PKCS#7 or CMS structures.
CVE-2015-3195.
Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
libFuzzer.
PR#4131
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
RT#4162
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit b5516cfbd65de9331d827012fc5bdace1953613e)
|
|
The feature_test_macros(7) manual tells us that _BSD_SOURCE is
deprecated since glibc 2.20 and that the compiler will warn about it
being used, unless _DEFAULT_SOURCE is defined as well.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit f9fd35248c9a3b1125d9ab82ffb19d62e86533ac)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2238e0e45d03ec9ba15e9547f7739cc6987a8f57)
|
|
In the DTLS ClientHello processing the return value is stored in |ret| which
by default is -1. |ret| is only updated to a positive value once we are past
all points where we could hit an error. We wish to return 1 on success or 2
on success *and* we have validated the DTLS cookie. Previously on successful
validation of the cookie we were setting |ret| to -2, and then once we were
past all error points we set |ret = -ret|. This is non-obvious behaviour and
could be error prone. This commit tries to make this a bit more intuitive.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
RT#4142
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 76eba0d94bb418325be6409b272eac5e2bd4a0a9)
Resolved conflicts:
crypto/bn/asm/x86_64-mont.pl
crypto/bn/asm/x86_64-mont5.pl
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>
GH: #466
(cherry picked from commit 434b58457c8cca4d09f77a1774d6d2c446604bae)
|
|
If somewhere in SSL_new() there is a memory allocation failure, ssl3_free() can
get called with s->s3 still being NULL.
Patch also provided by Willy Tarreau <wtarreau@haproxy.com>
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
(cherry picked from commit 3e7bd2ce0b16f8611298175d6dc7cb35ee06ea6d)
|
|
Backport of 0e04674e964b905e67e3d215bcf888932c92765f
Reviewed-by: Steve Henson <steve@openssl.org>
RT #4047, #4110, MR #1356
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 63eb10a07ee29a312e50a227f5b3a290b1ad22b4)
|
|
Thanks to Guido Vranken <guidovranken@gmail.com> for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 158e5207a794603f5d64ffa95e0247c7808ab445)
Conflicts:
crypto/asn1/asn1_par.c
|
|
RT#4138
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 193ed2d74b1a643b5f32bd46bf50a858fcdd2da4)
|
|
Strict ISO confirming C compilers only define __sun
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
RT #4144, MR #1353
(cherry picked from commit 3d32218812e87221344f2985512e42e4aaa88745)
|
|
Original patch by Frank Morgner.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>
GH: #456
(cherry picked from commit 68db80e2d1accdd4c4a6b4763559c6cfe9663820)
|
|
Though the callers check the function return value and ignore the
size_t output argument on failure, it is still often not ideal to
store -1 in a size_t on error. That might signal an unduly large
buffer. Instead set the size_t to 0, to indicate no space.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
There are lots of calls to EVP functions from within libssl There were
various places where we should probably check the return value but don't.
This adds these checks.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Steve Marquess <marquess@openssl.com>
|
|
Reviewed-by: Steve Marquess <marquess@openssl.com>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit ce24d2ed232a095349886aecc8cb959d5dda8342)
|
|
The problem remained unnoticed so far, because it's never called by default.
You have to craft OPENSSL_ppccap environment variable to trigger the problem.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit e4693b4e2a0c3f6241d4d3e61460c34c7e0013f6)
|
|
is couple percent faster]. Triggered by RT#4128, but solves the problem by real modulo-scheduling.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 9d0e4dc6351df7d0c08400c4b4cf17c017022e50)
|
|
It was also found that stich performs suboptimally on AMD Jaguar, hence
execution is limited to XOP-capable and Intel processors.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit a5fd24d19bbb586b1c6d235c2021e9bead22c9f5)
|
|
Manual cherry-pick of 0704343f138a38d3882d5af2a4ebe8821e9a8f3a.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
If a DTLS client that does not support secure renegotiation connects to an
OpenSSL DTLS server then, by default, renegotiation is disabled. If a
server application attempts to initiate a renegotiation then OpenSSL is
supposed to prevent this. However due to a discrepancy between the TLS and
DTLS code, the server sends a HelloRequest anyway in DTLS.
This is not a security concern because the handshake will still fail later
in the process when the client responds with a ClientHello.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
In DTLS if an IO retry occurs during writing of a fragmented ClientHello
then we can end up reseting the finish mac variables on the retry, which
causes a handshake failure. We should only reset on the first attempt not
on retries.
Thanks to BoringSSL for reporting this issue.
RT#4119
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
The function tls1_get_curvelist() has an explicit check to see if s->cert
is NULL or not. However the check appears *after* calling the tls1_suiteb
macro which derefs s->cert. In reality s->cert can never be NULL because
it is created in SSL_new(). If the malloc fails then the SSL_new call fails
and no SSL object is created.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 6329b6092b28b656be8a1e4a8363d2e3bcc32053)
Conflicts:
ssl/t1_lib.c
|
|
During work on a larger change in master a number of locations were
identified where return value checks were missing. This backports the
relevant fixes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
./Configure [target] --strict-warnings -Wno-pedantic-ms-format
would not add '-pedantic' because it matches '-Wno-pedantic-ms-format',
which was added first.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 6703c4ea87b30554283deaa5df1f8d68725d3ee4)
|
|
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
|
The various dtls1_get*_methods did not handle the DTLS_ANY_VERSION case,
so this needed to be added.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
EVP_SignInit_ex was missing from the NAME section of its man page so
typing "man EVP_SignInit_ex" failed to load the page.
Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit 3d866ea67e8b19777e88ac2a78ee4188e0983168)
|