| Age | Commit message (Collapse) | Author |
|---|
|
[Note that in master declaration is different.]
RT#4568
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 14d3c0dd2c31b9fd1f92d608524dd650f5ec5a7e)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4973a60cb92dc121fc09246bff3815afc0f8ab9a)
|
|
RT#4578
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 3d32bab8f1742a3b57742e18f92a408f0403df8d)
|
|
Sender verified that the fix works. This is a backport/cherry-pick
of just the bugfix part of 0f91e1dff4ab2e7c25bbae5a48dfabbd1a4eae3c
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
This reverts commit 75f90688fb2dec0f897cad8be8b92be725c5016b.
TerminateProcess is asynchronous, so the code as written in the above
commit is not correct (and doesn't even compile at the moment). It is
also probably not needed in the speed case. Reverting in order to figure
out the correct solution.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 9c1a9ccf65d0ea1912675d3a622fa8e51b524b9e)
|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit fdcb499cc2cd57412e496302a4bca8c5d9f1a9c7)
|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit bace847eae24f48adc6a967c6cce7f8d05bbeda3)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Manual cherry-pick of 538860a3ce0b9fd142a7f1a62e597cccb74475d3.
|
|
The selector field could be omitted because it has a DEFAULT value.
In this case *sfld == NULL (sfld can never be NULL). This was not
noticed because this was never used in existing ASN.1 modules.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 7c46746bf2958fd2eccc59ecb48039e4e20ce38a)
|
|
Couple of never-used symbols were clasing with FIPS module, "weakening"
them allows to resolve linking errors.
RT#3699
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Use string_to_hex, OPENSSL_hexstr2buf() doesn't exist in OpenSSL 1.0.2
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
crypto/mem_clr.c was harmonized with master branch and doesn't use
cleanse_ctr kludge anymore.
RT#4563
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Don't use BN_hex2bn() for PSK key conversion as the conversion to
BN and back removes leading zeroes, use OPENSSL_hexstr2buf() instead.
RT#4554
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 6ec6d5207187dbc1dbd971bd50ea17c9a94906d0)
Conflicts:
apps/s_client.c
apps/s_server.c
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 6b3602882e089aaca18828a72d9f4072e6a20252)
|
|
It's probably worth reminding that this is a fall-back implementation
for platforms that don't have assembly OPENSSL_cleanse.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 5000a6d1215ea7d6ed6179d0bcd44263f6e3c26b)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 8605abf13523579ecab8b1f2a4bcb8354d94af79)
|
|
The TS_RESP_verify_response() function is used for verifying the response
from a TSA. You can set the provided TS_VERIFY_CTX with different flags
depending on what aspects of the response you wish to verify.
A seg fault will occur if you supply the TS_VFY_SIGNER or TS_VFY_TSA_NAME
flags without also specifying TS_VFY_SIGNATURE.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
The previous commit fixed a bug with BN_mod_word() which would have been
caught if we had a test for it. This commit adds one.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
On systems where we do not have BN_ULLONG (e.g. typically 64 bit systems)
then BN_mod_word() can return incorrect results if the supplied modulus is
too big.
RT#4501
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 37258dadaa9e36db4b96a3aa54aa6c67136160cc)
|
|
The previous "fix" still left "k" exposed to constant time problems in
the later BN_mod_inverse() call. Ensure both k and kq have the
BN_FLG_CONSTTIME flag set at the earliest opportunity after creation.
CVE-2016-2178
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Operations in the DSA signing algorithm should run in constant time in
order to avoid side channel attacks. A flaw in the OpenSSL DSA
implementation means that a non-constant time codepath is followed for
certain operations. This has been demonstrated through a cache-timing
attack to be sufficient for an attacker to recover the private DSA key.
CVE-2016-2178
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
According to the x509 man page in the section discussing -certopt it says
that the ca_default option is the same as that used by the ca utility and
(amongst other things) has the effect of suppressing printing of the
signature - but in fact it doesn't. This error seems to have been present
since the documentation was written back in 2001. It never had this effect.
The default config file sets the certopt value to ca_default. The ca utility
takes that and THEN adds additional options to suppress printing of the
signature. So the ca utility DOES suppress printing of the signature - but
it is not as a result of using the ca_default option.
GitHub Issue #247
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 39a470088af6f833bd1a912908c44bf4a9f48b0c)
|
|
If the string to print is exactly 2048 character long (excluding the NULL
terminator) then BIO_printf will chop off the last byte. This is because
it has filled its static buffer but hasn't yet allocated a dynamic buffer.
In cases where we don't have a dynamic buffer we need to truncate but that
is not the case for BIO_printf(). We need to check whether we are able to
have a dynamic buffer buffer deciding to truncate.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
zapparams modification based on tip from Matt Caswell
RT#3198
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Add missing ifdefs. Same change is already present in master, see
b4a3aeebd9f9280aa7e69a343f5c824e68466d90
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1155)
|
|
Fix typos and clarify a few things in the CONTRIBUTING file.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
A common idiom in the codebase is:
if (p + len > limit)
{
return; /* Too long */
}
Where "p" points to some malloc'd data of SIZE bytes and
limit == p + SIZE
"len" here could be from some externally supplied data (e.g. from a TLS
message).
The rules of C pointer arithmetic are such that "p + len" is only well
defined where len <= SIZE. Therefore the above idiom is actually
undefined behaviour.
For example this could cause problems if some malloc implementation
provides an address for "p" such that "p + len" actually overflows for
values of len that are too big and therefore p + len < limit!
Issue reported by Guido Vranken.
CVE-2016-2177
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Backport of 8e89e85f556f549f05d3b49f5408a217ac5e3700
From PR #1019 / #997
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1019)
|
|
Don't copy parameters is they're already present in the destination.
Return error if an attempt is made to copy different parameters to
destination. Update documentation.
If key type is not initialised return missing parameters
RT#4149
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit f72f00d49549c6620d7101f5e9bf7963da6df9ee)
|
|
After a call to EVP_PKEY_new() we should check for malloc failure.
RT#4180
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
The ssl3_digest_cached_records() function was failing to handle errors
that might be returned from EVP_DigestSignInit() and
EVP_DigestSignUpdate().
RT#4180
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
If lh_OBJ_NAME_insert() fails then the allocated |onp| value is leaked.
RT#2238
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 0a618df059d93bf7fe9e3ec92e04db8bc1eeff07)
|
|
The functions SRP_Calc_client_key() and SRP_Calc_server_key() were
incorrectly returning a valid pointer in the event of error.
Issue reported by Yuan Jochen Kang
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 308ff28673ae1a4a1b346761224b4a8851d41f58)
|
|
All other errors should only display the error message.
RT#1866
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
|
This reverts commit 54fc5795c9f7d0dc95d537672c716c9d250eb0fb.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
This reverts commit 7229a91a48d706804f790a392b3ad50bc358cdc4.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
This reverts commit 87728c682995d0575b52a5a19d69405bb764e76e.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Defintions of macros similar to _XOPEN_SOURCE belong in command line
or in worst case prior first #include directive in source. As for
macros is was allegedly controlling. One can argue that we are
probably better off demanding S_IS* macros but there are systems
that just don't comply, hence this compromise solution...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2e6d7799ffc47604d06e0465afeb84b91aff8006)
|
|
Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot
continue due to malloc failure. Similarly for issuer lookup failures
and caller errors (bad parameters or invalid state).
Also, when X509_verify_cert() returns <= 0 make sure that the
verification status does not remain X509_V_OK, as a last resort set
it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns
an error without setting an appropriate value of ctx->error.
Add new and some missing error codes to X509 error -> SSL alert switch.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
