| Age | Commit message (Collapse) | Author |
|---|
|
Old gcc warns when parameters have the same names as functions. Noticed
by deraadt@.
ok deraadt@ jsing@
|
|
ok miod@ jsing@
|
|
ok deraadt@ jsing@ miod@
|
|
Noted by doug@ in an earlier revision of the dynamic engine removal patch, but
I had forgotten to include it in the latest version.
|
|
We do not build, test or ship any dynamic engines, so we can remove the dynamic
engine loader as well. This leaves a stub initialization function in its place.
ok beck@, reyk@, miod@
|
|
jsg@ noticed that some of the lines in libssl and libcrypto are not
indented properly. At a quick glance, it looks like it has a different
control flow than it really does. I checked the history in our tree and
in OpenSSL to make sure these were simple mistakes.
ok miod@ jsing@
|
|
This only provides the sysctl wrapper in glibc, which we do not use and is not available in other libc implementations for Linux. Thanks to ncopa from github.
|
|
unknown hash function OID.
Diff based on OpenSSL.
Fixes CVE-2015-1792 (however, this code is not enabled/built in LibreSSL).
ok doug@ miod@
|
|
length checks.
Diff based on changes in OpenSSL.
Fixes CVE-2015-1789.
ok doug@
|
|
ECParameters structure that has a specially malformed binary polynomial
field.
Issue reported by Joseph Barr-Pixton and fix based on OpenSSL.
Fixes CVE-2015-1788.
ok doug@ miod@
|
|
Since RAND_egd has been removed from LibreSSL, simplify porting software that
relies on it. See https://github.com/libressl-portable/openbsd/pull/34
from Bernard Spil, ok deraadt@
|
|
ok deraadt@
|
|
pointer for NULL the line above; ok doug@
|
|
|
|
ok doug@
|
|
ok doug millert
|
|
After calling BN_CTX_start(), there must be a BN_CTX_end() before
returning. There were missing BN_CTX_end() calls in error paths. One diff
chunk was simply removing redundant code related to this.
ok deraadt@
|
|
Include it if we have the sysctl syscall.
|
|
From Michael Felt.
|
|
Based on this upstream commit: bff9ce4db38b297c72a6d84617d71ae2934450f7
which didn't make it into a release until 1.0.2.
Thanks to william at 25thandclement dot com for reporting this!
ok deraadt@ jsing@ beck@
|
|
|
|
i2d_X509_PKEY is a "needs to implement" and d2i_X509_PKEY is broken.
Removed upstream in commit b1f3442857c1fd76e91941141bf671d19e90a79d.
ok deraadt@, jsing@
|
|
The issetugid() API is supposed to make a strong promise where "0
means it is safe to look at the environment". Way back in the past
someone on the OpenSSL team responded to the environment access danger
by creating a wrapper called OPENSSL_issetugid, and went to use it a
number of places. However, by default on systems lacking true
issetugid(), OPENSSL_issetugid returns 0. 0 indicating safely. False
safety. Which means OPENSSL_issetugid() fails to make any sort of
promise about safety, in fact it is just the opposite.
Can you believe the OpenSSL team?
This nastiness was noticed over the years, however noone could gain traction
and get it fixed in OpenSSL. Also see a paragraph about this in
http://www.tedunangst.com/flak/post/worst-common-denominator-programming
ok jsing
|
|
getenv()'s wrapped by issetugid() are safe, but issetugid() is correct
difficult to impliment on many operating systems. By accident, a grand
experiment was run over the last year, where issetugid() returned 1 (the
safe value) on a few operating systems. Noone noticed & complained that
certain environment variables were not working.......
ok doug beck jsing, discussion with others
|
|
|
|
|
|
The actual control flow is intentional while the indenting is incorrect.
This is intended to be a cosmetic change.
Verified that each of these was part of a KNF commit that wasn't intending
to change behavior. Also, double checked against the history of changes in
OpenSSL and BoringSSL.
Addresses Coverity CIDs: 78842, 78859, 78863.
ok tedu@
|
|
From OpenSSL commit 5e5d53d341fd9a9b9cc0a58eb3690832ca7a511f.
ok guenther@, logan@
|
|
These include:
CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
CVE-2015-0287 - ASN.1 structure reuse memory corruption
CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed.
Refer to https://www.openssl.org/news/secadv_20150319.txt
joint work with beck, doug, guenther, jsing, miod
|
|
routines on hppa, the cause for sha512-parisc subtly misbehaving has been
found: despite having fallback pa1.1 code when running on a 32-bit cpu, the
shift constants used in the sigma computations in sha512 are >= 32 and are
silently truncated to 5 bits by the assembler, so there is no chance of
getting this code to work on a non-pa2.0 processor.
However, the pa1.1 fallback code for sha256 is safe, as it never attempts to
shift by more than 31, so reenable it again.
|
|
A NULL pointer could be dereferenced when X509_REQ_set_pubkey() calls
X509_PUBKEY_set() with pktmp.
OpenSSL says it's the fix for CVE-2015-0288, but there aren't any public
details yet to confirm. Either way, we should fix this.
Based on OpenSSL commit 28a00bcd8e318da18031b2ac8778c64147cd54f9
and BoringSSL commit 9d102ddbc0f6ed835ed12272a3d8a627d6a8e728.
"looks sane" beck@
ok miod@, bcook@
|
|
regress tests but causes tls ciphersuite using sha386 to fail; found the
hard way by henning@.
I can't see anything wrong in the generated assembly code yet, but building
a libcrypto with no assembler code but sha512_block_data_order() is enough
to trigger Henning's issue, so the bug lies there.
No ABI change; ok deraadt@
|
|
See https://www.openssl.org/news/secadv_20150108.txt for a more detailed
discussion.
Original OpenSSL patch here:
https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0
The regression test is modified a little for KNF.
ok miod@
|
|
Discussed with/requested by deraadt@ at the conclusion of s2k15.
|
|
|
|
BN_bin2bn() will helpfully allocate a BN which is then leaked. Avoid this
by explicitly checking for NULL at the start of the bnrand() function.
Fixes Coverity ID 78831.
ok miod@
|
|
ok doug@
|
|
In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new()
call above it will have allocated a ctx without calling BN_CTX_start() on
it. The error handling calls BN_CTX_end() when ctx is allocated.
Move the BN_MONT_CTX_new() call up so it will fail first without splitting
up the BN_CTX_new() and BN_CTX_start().
tweak + ok miod@, ok bcook@
|
|
|
|
large enough, do it correctly so that the local seed buffer on the stack
gets properly initialized in the first iteration of the loop.
While there, remove an outdated and bogus comment.
Coverity CID 21785
ok doug@ jsing@
|
|
ok doug@
|
|
all the function's exit paths can make sure it gets freed. Coverity CID 78861
tweaks & ok doug@ jsing@
|
|
reminded by bcook@
|
|
|
|
Coverity CID 105346
ok doug@
|
|
|
|
ok doug@ jsing@
|
|
ok doug@
|
|
Only change to generated assembly is due to line numbers.
|
|
libcrypto/libssl, and nothing seems to use it in the wild, apart from embedded
copies of OpenSSL.
ok jsing@
|
