Ech draft 13a #1
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Allow to specify "z16" as machine generation in environment variable OPENSSL_s390xcap. It is an alias for "z15". Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18054)
X509V3_add_value() will return 0 on malloc failure, which could lead to err logic in X509V3_parse_list(). Fix this by adding return value check of X509V3_add_value(). Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18077)
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#17577)
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#17260)
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18096)
Fixes openssl#17978 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#17998)
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#17998)
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#17998)
This fixes an internal error alert from the server and an unexpected connection failure in the release version, but a failed assertion and a server crash in the debug version. Reproduce this issue with a DTLS server/client like that: ./openssl s_server -dtls -mtu 1500 ./openssl s_client -dtls -maxfraglen 512 In the debug version a crash happens in the Server now: ./openssl s_server -dtls -mtu 1500 Using default temp DH parameters ACCEPT ssl/statem/statem_dtls.c:269: OpenSSL internal error: Assertion failed: len == written Aborted (core dumped) While in the release version the handshake exceeds the negotiated max fragment size, and fails because of this: $ ./openssl s_server -dtls -mtu 1500 Using default temp DH parameters ACCEPT ERROR 4057152ADA7F0000:error:0A0000C2:SSL routines:do_dtls1_write:exceeds max fragment size:ssl/record/rec_layer_d1.c:826: shutting down SSL CONNECTION CLOSED From the client's point of view the connection fails with an Internal Error Alert: $ ./openssl s_client -dtls -maxfraglen 512 Connecting to ::1 CONNECTED(00000003) 40B76343377F0000:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_d1.c:613:SSL alert number 80 and now the connection attempt fails unexpectedly. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#18093)
CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18023)
… case. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18101)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#18100)
When the context is reinitialized, i.e. the same key should be used we must properly reinitialize the underlying implementation. However in POLY1305 case it does not make sense as this special MAC should not reuse keys. We fail with this provided implementation when reinitialization happens. Fixes openssl#17811 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#18100)
Fixes openssl#16241. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18092)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18124)
The function OCSP_basic_add1_status() will return NULL on malloc failure. However the return value is not checked before being passed to OCSP_SINGLERESP_add1_ext_i2d(), and there is a wild field pointer, which could lead to wild pointer dereference. Fix this by adding return value check Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18081)
In create_cert_store(), X509_STORE_new() is called and there is a dereference of it in following function X509_STORE_add_lookup() without check, which could lead to NULL pointer dereference. Fix this by adding a NULL check of X509_STORE_new() Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18057)
Fixes openssl#17841. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18109)
gcc6.3 doesn't seem to support the register aliases fp and lr for x29 and x30, so use the x names. Fixes openssl#18114 Change-Id: I077edda42af4c7cdb7b24f28ac82d1603f550108 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18127)
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18069)
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18069)
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18069)
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18069)
macOS 10.7 and 10.8 had a bit wired clang which is detected as `__GNUC__` which has `__ATOMIC_ACQ_REL` but it excepts one option at `__atomic_is_lock_free` instead of 2. This prevents OpenSSL to be compiled on such systems. Fixes: openssl#18055 Signed-off-by: Kirill A. Korinsky <kirill@korins.ky> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18056)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#18138)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18155)
Fixes openssl#18139. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18141)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18136)
CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18167)
Refer to OSSL_ENCODER_to_bio and OSSL_DECODER_from_bio man pages. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18164)
Also copy bbio. Without, a buffer may stay on top of the real bio.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Checklist