https://github.com/openssl/openssl
- HEAD
- refs/heads/OpenSSL-engine-0_9_6-stable
- refs/heads/OpenSSL-fips-0_9_7-stable
- refs/heads/OpenSSL-fips-0_9_8-stable
- refs/heads/OpenSSL-fips-1_2-stable
- refs/heads/OpenSSL-fips-2_0-dev
- refs/heads/OpenSSL-fips-2_0-stable
- refs/heads/OpenSSL-fips2-0_9_7-stable
- refs/heads/OpenSSL_0_9_6-stable
- refs/heads/OpenSSL_0_9_7-stable
- refs/heads/OpenSSL_0_9_8-stable
- refs/heads/OpenSSL_0_9_8fg-stable
- refs/heads/OpenSSL_1_0_0-stable
- refs/heads/OpenSSL_1_0_1-stable
- refs/heads/OpenSSL_1_0_2-stable
- refs/heads/OpenSSL_1_1_0-stable
- refs/heads/OpenSSL_1_1_1-stable
- refs/heads/SSLeay
- refs/heads/feature/dtls-1.3
- refs/heads/feature/ech
- refs/heads/feature/quic-server
- refs/heads/master
- refs/heads/openssl-3.0
- refs/heads/openssl-3.1
- refs/heads/openssl-3.2
- refs/heads/openssl-3.3
- refs/heads/tls1.3-draft-18
- refs/heads/tls1.3-draft-19
- refs/tags/AFTER_COMPAQ_PATCH
- refs/tags/BEFORE_COMPAQ_PATCH
- refs/tags/BEFORE_engine
- refs/tags/BEN_FIPS_TEST_1
- refs/tags/BEN_FIPS_TEST_2
- refs/tags/BEN_FIPS_TEST_3
- refs/tags/BEN_FIPS_TEST_4
- refs/tags/BEN_FIPS_TEST_5
- refs/tags/BEN_FIPS_TEST_6
- refs/tags/BEN_FIPS_TEST_7
- refs/tags/BEN_FIPS_TEST_8
- refs/tags/FIPS_098_TEST_1
- refs/tags/FIPS_098_TEST_2
- refs/tags/FIPS_098_TEST_3
- refs/tags/FIPS_098_TEST_4
- refs/tags/FIPS_098_TEST_5
- refs/tags/FIPS_098_TEST_6
- refs/tags/FIPS_098_TEST_7
- refs/tags/FIPS_098_TEST_8
- refs/tags/FIPS_TEST_10
- refs/tags/FIPS_TEST_9
- refs/tags/LEVITTE_after_const
- refs/tags/LEVITTE_before_const
- refs/tags/OpenSSL-engine-0_9_6
- refs/tags/OpenSSL-engine-0_9_6-beta1
- refs/tags/OpenSSL-engine-0_9_6-beta2
- refs/tags/OpenSSL-engine-0_9_6-beta3
- refs/tags/OpenSSL-engine-0_9_6a
- refs/tags/OpenSSL-engine-0_9_6a-beta1
- refs/tags/OpenSSL-engine-0_9_6a-beta2
- refs/tags/OpenSSL-engine-0_9_6a-beta3
- refs/tags/OpenSSL-engine-0_9_6b
- refs/tags/OpenSSL-engine-0_9_6c
- refs/tags/OpenSSL-engine-0_9_6d
- refs/tags/OpenSSL-engine-0_9_6d-beta1
- refs/tags/OpenSSL-engine-0_9_6e
- refs/tags/OpenSSL-engine-0_9_6f
- refs/tags/OpenSSL-engine-0_9_6g
- refs/tags/OpenSSL-engine-0_9_6h
- refs/tags/OpenSSL-engine-0_9_6i
- refs/tags/OpenSSL-engine-0_9_6j
- refs/tags/OpenSSL-engine-0_9_6k
- refs/tags/OpenSSL-engine-0_9_6l
- refs/tags/OpenSSL-engine-0_9_6m
- refs/tags/OpenSSL-fips-1_2_0
- refs/tags/OpenSSL-fips-1_2_1
- refs/tags/OpenSSL-fips-1_2_2
- refs/tags/OpenSSL-fips-1_2_3
- refs/tags/OpenSSL-fips-2_0
- refs/tags/OpenSSL-fips-2_0-pl1
- refs/tags/OpenSSL-fips-2_0-rc1
- refs/tags/OpenSSL-fips-2_0-rc2
- refs/tags/OpenSSL-fips-2_0-rc3
- refs/tags/OpenSSL-fips-2_0-rc4
- refs/tags/OpenSSL-fips-2_0-rc5
- refs/tags/OpenSSL-fips-2_0-rc6
- refs/tags/OpenSSL-fips-2_0-rc7
- refs/tags/OpenSSL-fips-2_0-rc8
- refs/tags/OpenSSL-fips-2_0-rc9
- refs/tags/OpenSSL-fips-2_0_1
- refs/tags/OpenSSL_0_9_1c
- refs/tags/OpenSSL_0_9_2b
- refs/tags/OpenSSL_0_9_3
- refs/tags/OpenSSL_0_9_3a
- refs/tags/OpenSSL_0_9_3beta1
- refs/tags/OpenSSL_0_9_3beta2
- refs/tags/OpenSSL_0_9_4
- refs/tags/OpenSSL_0_9_5
- refs/tags/OpenSSL_0_9_5a
- refs/tags/OpenSSL_0_9_5a-beta1
- refs/tags/OpenSSL_0_9_5a-beta2
- refs/tags/OpenSSL_0_9_5beta1
- refs/tags/OpenSSL_0_9_5beta2
- refs/tags/OpenSSL_0_9_6
- refs/tags/OpenSSL_0_9_6-beta1
- refs/tags/OpenSSL_0_9_6-beta2
- refs/tags/OpenSSL_0_9_6-beta3
- refs/tags/OpenSSL_0_9_6a
- refs/tags/OpenSSL_0_9_6a-beta1
- refs/tags/OpenSSL_0_9_6a-beta2
- refs/tags/OpenSSL_0_9_6a-beta3
- refs/tags/OpenSSL_0_9_6b
- refs/tags/OpenSSL_0_9_6c
- refs/tags/OpenSSL_0_9_6d
- refs/tags/OpenSSL_0_9_6d-beta1
- refs/tags/OpenSSL_0_9_6e
- refs/tags/OpenSSL_0_9_6f
- refs/tags/OpenSSL_0_9_6g
- refs/tags/OpenSSL_0_9_6h
- refs/tags/OpenSSL_0_9_6i
- refs/tags/OpenSSL_0_9_6j
- refs/tags/OpenSSL_0_9_6k
- refs/tags/OpenSSL_0_9_6l
- refs/tags/OpenSSL_0_9_6m
- refs/tags/OpenSSL_0_9_7
- refs/tags/OpenSSL_0_9_7-beta1
- refs/tags/OpenSSL_0_9_7-beta2
- refs/tags/OpenSSL_0_9_7-beta3
- refs/tags/OpenSSL_0_9_7-beta4
- refs/tags/OpenSSL_0_9_7-beta5
- refs/tags/OpenSSL_0_9_7-beta6
- refs/tags/OpenSSL_0_9_7a
- refs/tags/OpenSSL_0_9_7b
- refs/tags/OpenSSL_0_9_7c
- refs/tags/OpenSSL_0_9_7d
- refs/tags/OpenSSL_0_9_7e
- refs/tags/OpenSSL_0_9_7f
- refs/tags/OpenSSL_0_9_7g
- refs/tags/OpenSSL_0_9_7h
- refs/tags/OpenSSL_0_9_7i
- refs/tags/OpenSSL_0_9_7j
- refs/tags/OpenSSL_0_9_7k
- refs/tags/OpenSSL_0_9_7l
- refs/tags/OpenSSL_0_9_7m
- refs/tags/OpenSSL_0_9_8
- refs/tags/OpenSSL_0_9_8-beta1
- refs/tags/OpenSSL_0_9_8-beta2
- refs/tags/OpenSSL_0_9_8-beta3
- refs/tags/OpenSSL_0_9_8-beta4
- refs/tags/OpenSSL_0_9_8-beta5
- refs/tags/OpenSSL_0_9_8-beta6
- refs/tags/OpenSSL_0_9_8a
- refs/tags/OpenSSL_0_9_8b
- refs/tags/OpenSSL_0_9_8c
- refs/tags/OpenSSL_0_9_8d
- refs/tags/OpenSSL_0_9_8e
- refs/tags/OpenSSL_0_9_8f
- refs/tags/OpenSSL_0_9_8g
- refs/tags/OpenSSL_0_9_8h
- refs/tags/OpenSSL_0_9_8i
- refs/tags/OpenSSL_0_9_8j
- refs/tags/OpenSSL_0_9_8k
- refs/tags/OpenSSL_0_9_8l
- refs/tags/OpenSSL_0_9_8m
- refs/tags/OpenSSL_0_9_8m-beta1
- refs/tags/OpenSSL_0_9_8n
- refs/tags/OpenSSL_0_9_8o
- refs/tags/OpenSSL_0_9_8p
- refs/tags/OpenSSL_0_9_8q
- refs/tags/OpenSSL_0_9_8r
- refs/tags/OpenSSL_0_9_8s
- refs/tags/OpenSSL_0_9_8t
- refs/tags/OpenSSL_0_9_8u
- refs/tags/OpenSSL_0_9_8v
- refs/tags/OpenSSL_0_9_8w
- refs/tags/OpenSSL_0_9_8x
- refs/tags/OpenSSL_1_0_0
- refs/tags/OpenSSL_1_0_0-beta1
- refs/tags/OpenSSL_1_0_0-beta2
- refs/tags/OpenSSL_1_0_0-beta3
- refs/tags/OpenSSL_1_0_0-beta4
- refs/tags/OpenSSL_1_0_0-beta5
- refs/tags/OpenSSL_1_0_0a
- refs/tags/OpenSSL_1_0_0b
- refs/tags/OpenSSL_1_0_0c
- refs/tags/OpenSSL_1_0_0d
- refs/tags/OpenSSL_1_0_0e
- refs/tags/OpenSSL_1_0_0f
- refs/tags/OpenSSL_1_0_0g
- refs/tags/OpenSSL_1_0_0h
- refs/tags/OpenSSL_1_0_0i
- refs/tags/OpenSSL_1_0_0j
- refs/tags/OpenSSL_1_0_1
- refs/tags/OpenSSL_1_0_1-beta1
- refs/tags/OpenSSL_1_0_1-beta2
- refs/tags/OpenSSL_1_0_1-beta3
- refs/tags/OpenSSL_1_0_1a
- refs/tags/OpenSSL_1_0_1b
- refs/tags/OpenSSL_1_0_1c
- refs/tags/OpenSSL_FIPS_1_0
- refs/tags/SSLeay_0_8_1b
- refs/tags/SSLeay_0_9_0b
- refs/tags/SSLeay_0_9_1b
- refs/tags/STATE_after_zlib
- refs/tags/STATE_before_zlib
- refs/tags/rsaref
- openssl-3.3.1
- openssl-3.3.0-beta1
- openssl-3.3.0-alpha1
- openssl-3.3.0
- openssl-3.2.2
- openssl-3.2.1
- openssl-3.2.0-beta1
- openssl-3.2.0-alpha2
- openssl-3.2.0-alpha1
- openssl-3.2.0
- openssl-3.1.6
- openssl-3.1.5
- openssl-3.1.4
- openssl-3.1.3
- openssl-3.1.2
- openssl-3.1.1
- openssl-3.1.0-beta1
- openssl-3.1.0-alpha1
- openssl-3.1.0
- openssl-3.0.9
- openssl-3.0.8
- openssl-3.0.7
- openssl-3.0.6
- openssl-3.0.5
- openssl-3.0.4
- openssl-3.0.3
- openssl-3.0.2
- openssl-3.0.14
- openssl-3.0.13
- openssl-3.0.12
- openssl-3.0.11
- openssl-3.0.10
- openssl-3.0.1
- openssl-3.0.0-beta2
- openssl-3.0.0-beta1
- openssl-3.0.0-alpha9
- openssl-3.0.0-alpha8
- openssl-3.0.0-alpha7
- openssl-3.0.0-alpha6
- openssl-3.0.0-alpha5
- openssl-3.0.0-alpha4
- openssl-3.0.0-alpha3
- openssl-3.0.0-alpha2
- openssl-3.0.0-alpha17
- openssl-3.0.0-alpha16
- openssl-3.0.0-alpha15
- openssl-3.0.0-alpha14
- openssl-3.0.0-alpha13
- openssl-3.0.0-alpha12
- openssl-3.0.0-alpha11
- openssl-3.0.0-alpha10
- openssl-3.0.0-alpha1
- openssl-3.0.0
- master-pre-reformat
- master-pre-auto-reformat
- master-post-reformat
- master-post-auto-reformat
- OpenSSL_1_1_1w
- OpenSSL_1_1_1v
- OpenSSL_1_1_1u
- OpenSSL_1_1_1t
- OpenSSL_1_1_1s
- OpenSSL_1_1_1r
- OpenSSL_1_1_1q
- OpenSSL_1_1_1p
- OpenSSL_1_1_1o
- OpenSSL_1_1_1n
- OpenSSL_1_1_1m
- OpenSSL_1_1_1l
- OpenSSL_1_1_1k
- OpenSSL_1_1_1j
- OpenSSL_1_1_1i
- OpenSSL_1_1_1h
- OpenSSL_1_1_1g
- OpenSSL_1_1_1f
- OpenSSL_1_1_1e
- OpenSSL_1_1_1d
- OpenSSL_1_1_1c
- OpenSSL_1_1_1b
- OpenSSL_1_1_1a
- OpenSSL_1_1_1-pre9
- OpenSSL_1_1_1-pre8
- OpenSSL_1_1_1-pre7
- OpenSSL_1_1_1-pre6
- OpenSSL_1_1_1-pre5
- OpenSSL_1_1_1-pre4
- OpenSSL_1_1_1-pre3
- OpenSSL_1_1_1-pre2
- OpenSSL_1_1_1-pre1
- OpenSSL_1_1_1
- OpenSSL_1_1_0l
- OpenSSL_1_1_0k
- OpenSSL_1_1_0j
- OpenSSL_1_1_0i
- OpenSSL_1_1_0h
- OpenSSL_1_1_0g
- OpenSSL_1_1_0f
- OpenSSL_1_1_0e
- OpenSSL_1_1_0d
- OpenSSL_1_1_0c
- OpenSSL_1_1_0b
- OpenSSL_1_1_0a
- OpenSSL_1_1_0-pre6
- OpenSSL_1_1_0-pre5
- OpenSSL_1_1_0-pre4
- OpenSSL_1_1_0-pre3
- OpenSSL_1_1_0-pre2
- OpenSSL_1_1_0-pre1
- OpenSSL_1_1_0
- OpenSSL_1_0_2u
- OpenSSL_1_0_2t
- OpenSSL_1_0_2s
- OpenSSL_1_0_2r
- OpenSSL_1_0_2q
- OpenSSL_1_0_2p
- OpenSSL_1_0_2o
- OpenSSL_1_0_2n
- OpenSSL_1_0_2m
- OpenSSL_1_0_2l
- OpenSSL_1_0_2k
- OpenSSL_1_0_2j
- OpenSSL_1_0_2i
- OpenSSL_1_0_2h
- OpenSSL_1_0_2g
- OpenSSL_1_0_2f
- OpenSSL_1_0_2e
- OpenSSL_1_0_2d
- OpenSSL_1_0_2c
- OpenSSL_1_0_2b
- OpenSSL_1_0_2a
- OpenSSL_1_0_2-pre-reformat
- OpenSSL_1_0_2-pre-auto-reformat
- OpenSSL_1_0_2-post-reformat
- OpenSSL_1_0_2-post-auto-reformat
- OpenSSL_1_0_2-beta3
- OpenSSL_1_0_2-beta2
- OpenSSL_1_0_2-beta1
- OpenSSL_1_0_2
- OpenSSL_1_0_1u
- OpenSSL_1_0_1t
- OpenSSL_1_0_1s
- OpenSSL_1_0_1r
- OpenSSL_1_0_1q
- OpenSSL_1_0_1p
- OpenSSL_1_0_1o
- OpenSSL_1_0_1n
- OpenSSL_1_0_1m
- OpenSSL_1_0_1l
- OpenSSL_1_0_1k
- OpenSSL_1_0_1j
- OpenSSL_1_0_1i
- OpenSSL_1_0_1h
- OpenSSL_1_0_1g
- OpenSSL_1_0_1f
- OpenSSL_1_0_1e
- OpenSSL_1_0_1d
- OpenSSL_1_0_1-pre-reformat
- OpenSSL_1_0_1-pre-auto-reformat
- OpenSSL_1_0_1-post-reformat
- OpenSSL_1_0_1-post-auto-reformat
- OpenSSL_1_0_0t
- OpenSSL_1_0_0s
- OpenSSL_1_0_0r
- OpenSSL_1_0_0q
- OpenSSL_1_0_0p
- OpenSSL_1_0_0o
- OpenSSL_1_0_0n
- OpenSSL_1_0_0m
- OpenSSL_1_0_0l
- OpenSSL_1_0_0k
- OpenSSL_1_0_0-pre-reformat
- OpenSSL_1_0_0-pre-auto-reformat
- OpenSSL_1_0_0-post-reformat
- OpenSSL_1_0_0-post-auto-reformat
- OpenSSL_0_9_8zh
- OpenSSL_0_9_8zg
- OpenSSL_0_9_8zf
- OpenSSL_0_9_8ze
- OpenSSL_0_9_8zd
- OpenSSL_0_9_8zc
- OpenSSL_0_9_8zb
- OpenSSL_0_9_8za
- OpenSSL_0_9_8y
- OpenSSL_0_9_8-pre-reformat
- OpenSSL_0_9_8-pre-auto-reformat
- OpenSSL_0_9_8-post-reformat
- OpenSSL_0_9_8-post-auto-reformat
- OpenSSL-fips-2_0_9
- OpenSSL-fips-2_0_8
- OpenSSL-fips-2_0_7
- OpenSSL-fips-2_0_6
- OpenSSL-fips-2_0_5
- OpenSSL-fips-2_0_4
- OpenSSL-fips-2_0_3
- OpenSSL-fips-2_0_2
- OpenSSL-fips-2_0_16
- OpenSSL-fips-2_0_15
- OpenSSL-fips-2_0_14
- OpenSSL-fips-2_0_13
- OpenSSL-fips-2_0_12
- OpenSSL-fips-2_0_11
- OpenSSL-fips-2_0_10
Take a new snapshot of a software origin
If the archived software origin currently browsed is not synchronized with its upstream version (for instance when new commits have been issued), you can explicitly request Software Heritage to take a new snapshot of it.
Use the form below to proceed. Once a request has been submitted and accepted, it will be processed as soon as possible. You can then check its processing state by visiting this dedicated page.
Processing "take a new snapshot" request ...
Permalinks
To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.
| Revision | Author | Date | Message | Commit Date |
|---|---|---|---|---|
| fb83aaf | Richard Levitte | 28 May 2019, 12:59:16 UTC | Prepare for 1.1.0k release Reviewed-by: Matt Caswell <matt@openssl.org> | 28 May 2019, 12:59:16 UTC |
| d742232 | Richard Levitte | 28 May 2019, 12:47:54 UTC | Update copyright year Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9033) | 28 May 2019, 12:47:54 UTC |
| 6db453c | Richard Levitte | 27 May 2019, 19:34:05 UTC | Add CHANGES and NEWS for 1.1.0k Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9018) | 27 May 2019, 19:36:00 UTC |
| ccbf148 | Kurt Roeckx | 13 April 2019, 10:32:48 UTC | Change default RSA, DSA and DH size to 2048 bit Fixes: #8737 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #8741 (cherry picked from commit 70b0b977f73cd70e17538af3095d18e0cf59132e) | 21 May 2019, 14:54:19 UTC |
| 3b5a079 | Shane Lontis | 27 March 2019, 07:38:28 UTC | fixed public range check in ec_GF2m_simple_oct2point Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/8607) (cherry picked from commit cad8347be23c5e0c0d9eea02d090d42daf2dd7a9) | 30 March 2019, 13:55:25 UTC |
| 8f58aa0 | Bernd Edlinger | 20 March 2019, 21:02:58 UTC | Modify the RSA_private_decrypt functions to check the padding in constant time with a memory access pattern that does not depend on secret information. [extended tests] Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8543) (cherry picked from commit 9c0cf214e7836eb5aaf1ea5d3cbf6720533f86b5) | 22 March 2019, 13:48:24 UTC |
| 2a483a8 | Bernd Edlinger | 20 March 2019, 19:01:12 UTC | Make err_clear_constant_time really constant time [extended tests] Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8542) (cherry picked from commit 94dc53a3f7549040dd9e61a25485070c14b41c49) | 22 March 2019, 13:33:09 UTC |
| 502b871 | Bernd Edlinger | 17 March 2019, 16:28:24 UTC | Clear the point S before freeing in ec_mul_consttime The secret point R can be recovered from S using the equation R = S - P. The X and Z coordinates should be sufficient for that. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8505) | 18 March 2019, 21:47:05 UTC |
| c5bc42d | Bernd Edlinger | 17 March 2019, 08:48:15 UTC | Clear the secret point in ecdh_simple_compute_key Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8501) (cherry picked from commit 1ff2c992c24c330c0d40708b4169b862563d6aab) | 18 March 2019, 21:31:31 UTC |
| 7ebbb29 | Bernd Edlinger | 28 February 2019, 09:08:18 UTC | Fix memory overrun in rsa padding check functions Fixes #8364 and #8357 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/8365) (cherry picked from commit d7f5e5ae6d53f1387a42d210806cf5e9ed0882d6) | 07 March 2019, 22:04:39 UTC |
| a8e129a | Matt Caswell | 05 March 2019, 13:26:45 UTC | Avoid an underflow in ecp_nistp521.c The function felem_diff_128_64 in ecp_nistp521.c substracts the number |in| from |out| mod p. In order to avoid underflow it first adds 32p mod p (which is equivalent to 0 mod p) to |out|. The comments and variable naming suggest that the original author intended to add 64p mod p. In fact it has been shown that with certain unusual co-ordinates it is possible to cause an underflow in this function when only adding 32p mod p while performing a point double operation. By changing this to 64p mod p the underflow is avoided. It turns out to be quite difficult to construct points that satisfy the underflow criteria although this has been done and the underflow demonstrated. However none of these points are actually on the curve. Finding points that satisfy the underflow criteria and are also *on* the curve is considered significantly more difficult. For this reason we do not believe that this issue is currently practically exploitable and therefore no CVE has been assigned. This only impacts builds using the enable-ec_nistp_64_gcc_128 Configure option. With thanks to Bo-Yin Yang, Billy Brumley and Dr Liu for their significant help in investigating this issue. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/8405) (cherry picked from commit 13fbce17fc9f02e2401fc3868f3f8e02d6647e5f) | 07 March 2019, 14:51:27 UTC |
| 09af525 | Matt Caswell | 05 March 2019, 14:51:07 UTC | Test an overlong ChaCha20-Poly1305 nonce Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8406) (cherry picked from commit a4f0b50eafb256bb802f2724fc7f7580fb0fbabc) | 06 March 2019, 13:37:00 UTC |
| ee22257 | Matt Caswell | 05 March 2019, 14:39:15 UTC | Prevent over long nonces in ChaCha20-Poly1305 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. CVE-2019-1543 Fixes #8345 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8406) (cherry picked from commit 2a3d0ee9d59156c48973592331404471aca886d6) | 06 March 2019, 13:35:37 UTC |
| c62896c | Matt Caswell | 20 February 2019, 14:21:36 UTC | Clarify that SSL_shutdown() must not be called after a fatal error Follow on from CVE-2019-1559 Reviewed-by: Richard Levitte <levitte@openssl.org> | 26 February 2019, 10:51:56 UTC |
| 5741d5b | Matt Caswell | 13 December 2018, 17:16:55 UTC | Go into the error state if a fatal alert is sent or received 1.1.0 is not impacted by CVE-2019-1559, but this commit is a follow on from that. That CVE was a result of applications calling SSL_shutdown after a fatal alert has occurred. By chance 1.1.0 is not vulnerable to that issue, but this change is additional hardening to prevent other similar issues. Reviewed-by: Richard Levitte <levitte@openssl.org> | 26 February 2019, 10:51:56 UTC |
| ad01b01 | Matt Caswell | 25 February 2019, 11:28:32 UTC | Ensure bn_cmp_words can handle the case where n == 0 Thanks to David Benjamin who reported this, performed the analysis and suggested the patch. I have incorporated some of his analysis in the comments below. This issue can cause an out-of-bounds read. It is believed that this was not reachable until the recent "fixed top" changes. Analysis has so far only identified one code path that can encounter this - although it is possible that others may be found. The one code path only impacts 1.0.2 in certain builds. The fuzzer found a path in RSA where iqmp is too large. If the input is all zeros, the RSA CRT logic will multiply a padded zero by iqmp. Two mitigating factors: - Private keys which trip this are invalid (iqmp is not reduced mod p). Only systems which take untrusted private keys care. - In OpenSSL 1.1.x, there is a check which rejects the oversize iqmp, so the bug is only reproducible in 1.0.2 so far. Fortunately, the bug appears to be relatively harmless. The consequences of bn_cmp_word's misbehavior are: - OpenSSL may crash if the buffers are page-aligned and the previous page is non-existent. - OpenSSL will incorrectly treat two BN_ULONG buffers as not equal when they are equal. - Side channel concerns. The first is indeed a concern and is a DoS bug. The second is fine in this context. bn_cmp_word and bn_cmp_part_words are used to compute abs(a0 - a1) in Karatsuba. If a0 = a1, it does not matter whether we use a0 - a1 or a1 - a0. The third would be worth thinking about, but it is overshadowed by the entire Karatsuba implementation not being constant time. Due to the difficulty of tripping this and the low impact no CVE is felt necessary for this issue. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8326) (cherry picked from commit 576129cd72ae054d246221f111aabf42b9c6d76d) | 25 February 2019, 16:35:52 UTC |
| 3318493 | Jeff Mahoney | 24 February 2019, 08:56:28 UTC | apps/speed: fix segfault while looking up algorithm name The backport of master commit 5c6a69f539a (apps/speed: fix possible OOB access in some EC arrays) as 1.1.0 commit 4e07941373a introduced a regression. The ecdh_choices array is iterated using an element count but is NULL terminated. This means that running 'openssl speed somealgo' will result in a segfault when opt_found hits the NULL entry. Fixes #8243 CLA: trivial Signed-off-by: Jeff Mahoney <jeffm@suse.com> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8244) | 24 February 2019, 08:56:28 UTC |
| f499873 | Nicola Tuveri | 08 February 2019, 10:42:25 UTC | Clear BN_FLG_CONSTTIME on BN_CTX_get() (cherry picked from commit c8147d37ccaaf28c430d3fb45a14af36597e48b8) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8294) | 21 February 2019, 20:03:09 UTC |
| c4e901d | Nicola Tuveri | 11 February 2019, 22:37:25 UTC | Test for constant-time flag leakage in BN_CTX This commit adds a simple unit test to make sure that the constant-time flag does not "leak" among BN_CTX frames: - test_ctx_consttime_flag() initializes (and later frees before returning) a BN_CTX object, then it calls in sequence test_ctx_set_ct_flag() and test_ctx_check_ct_flag() using the same BN_CTX object. The process is run twice, once with a "normal" BN_CTX_new() object, then with a BN_CTX_secure_new() one. - test_ctx_set_ct_flag() starts a frame in the given BN_CTX and sets the BN_FLG_CONSTTIME flag on some of the BIGNUMs obtained from the frame before ending it. - test_ctx_check_ct_flag() then starts a new frame and gets a number of BIGNUMs from it. In absence of leaks, none of the BIGNUMs in the new frame should have BN_FLG_CONSTTIME set. In actual BN_CTX usage inside libcrypto the leak could happen at any depth level in the BN_CTX stack, with varying results depending on the patterns of sibling trees of nested function calls sharing the same BN_CTX object, and the effect of unintended BN_FLG_CONSTTIME on the called BN_* functions. This simple unit test abstracts away this complexity and verifies that the leak does not happen between two sibling functions sharing the same BN_CTX object at the same level of nesting. (manually cherry picked from commit fe16ae5f95fa86ddb049a8d1e2caee0b80b32282) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8294) | 21 February 2019, 20:03:09 UTC |
| b7fc078 | Nicola Tuveri | 18 February 2019, 01:46:54 UTC | [test] unit test for field_inv function pointer in EC_METHOD This is a rewrite of commit 8f58ede09572dcc6a7e6c01280dd348240199568 for the 1.1.0-stable branch. Co-authored-by: Billy Brumley <bbrumley@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8263) | 20 February 2019, 18:03:48 UTC |
| 09c11fe | Billy Brumley | 02 February 2019, 08:53:29 UTC | SCA hardening for mod. field inversion in EC_GROUP This commit adds a dedicated function in `EC_METHOD` to access a modular field inversion implementation suitable for the specifics of the implemented curve, featuring SCA countermeasures. The new pointer is defined as: `int (*field_inv)(const EC_GROUP*, BIGNUM *r, const BIGNUM *a, BN_CTX*)` and computes the multiplicative inverse of `a` in the underlying field, storing the result in `r`. Three implementations are included, each including specific SCA countermeasures: - `ec_GFp_simple_field_inv()`, featuring SCA hardening through blinding. - `ec_GFp_mont_field_inv()`, featuring SCA hardening through Fermat's Little Theorem (FLT) inversion. - `ec_GF2m_simple_field_inv()`, that uses `BN_GF2m_mod_inv()` which already features SCA hardening through blinding. From a security point of view, this also helps addressing a leakage previously affecting conversions from projective to affine coordinates. This commit also adds a new error reason code (i.e., `EC_R_CANNOT_INVERT`) to improve consistency between the three implementations as all of them could fail for the same reason but through different code paths resulting in inconsistent error stack states. Co-authored-by: Nicola Tuveri <nic.tuv@gmail.com> (cherry picked from commit e0033efc30b0f00476bba8f0fa5512be5dc8a3f1) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/8263) | 20 February 2019, 18:03:48 UTC |
| 68be523 | Corinna Vinschen | 18 February 2019, 21:37:37 UTC | cygwin: drop explicit O_TEXT Cygwin binaries should not enforce text mode these days, just use text mode if the underlying mount point requests it Signed-off-by: Corinna Vinschen <vinschen@redhat.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8275) | 18 February 2019, 21:37:37 UTC |
| 54a6226 | Richard Levitte | 11 February 2019, 11:22:02 UTC | crypto/engine/eng_cryptodev.c: fix bignum<->crp conversion bn2crparam() incorrectly delivered a big endian byte string to cryptodev. Using BN_bn2lebinpad() instead of BN_bn2bin() fixes this. crparam2bn() had a hack that avoided this issue in the other direction, but allocated an intermediary chunk of memory to get correct endianness. Using BN_lebin2bn() avoids this allocation. Fixes #8202 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8204) | 11 February 2019, 11:22:02 UTC |
| 152abc5 | Bernd Edlinger | 30 January 2019, 15:20:31 UTC | Fix a crash in reuse of d2i_X509_PUBKEY If the second PUBKEY is malformed there is use after free. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8135) | 31 January 2019, 19:03:29 UTC |
| 47c55f8 | Tobias Stoeckmann | 11 December 2018, 19:34:21 UTC | Fixed typo (vi leftover). There was a trailing :w at a line, which didn't make sense in context of the sentence/styling. Removed it, because I think it's a leftover vi command. CLA: trivial Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7875) (cherry picked from commit 143b631639f95822e5e00768254fa35c787f6396) | 12 December 2018, 09:38:44 UTC |
| e29dcc3 | Andy Polyakov | 07 December 2018, 21:19:57 UTC | err/err.c: improve err_clear_last_constant_time's portability. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7850) (cherry picked from commit 91d0fd1c2753f0f7d6e0953eed3cfb6eb96d8ff4) | 08 December 2018, 11:59:27 UTC |
| 6d405b6 | Andy Polyakov | 14 September 2018, 15:24:13 UTC | rsa/rsa_ssl.c: make RSA_padding_check_SSLv23 constant-time. Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding if nul delimiter is preceded by 8 consecutive 0x03 bytes. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 603221407ddc6404f8c417c6beadebf84449074c) Resolved conflicts: crypto/rsa/rsa_ssl.c (Merged from https://github.com/openssl/openssl/pull/7735) | 08 December 2018, 11:56:37 UTC |
| 437b7f0 | Andy Polyakov | 06 September 2018, 19:54:23 UTC | rsa/rsa_oaep.c: remove memcpy calls from RSA_padding_check_PKCS1_OAEP. And make RSAErr call unconditional. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 75f5e944be97f28867e7c489823c889d89d0bd06) (Merged from https://github.com/openssl/openssl/pull/7735) | 08 December 2018, 11:56:37 UTC |
| 43d53fa | Andy Polyakov | 01 September 2018, 10:00:33 UTC | rsa/rsa_pk1.c: remove memcpy calls from RSA_padding_check_PKCS1_type_2. And make RSAErr call unconditional. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit e875b0cf2f10bf2adf73e0c2ec81428290f4660c) (Merged from https://github.com/openssl/openssl/pull/7735) | 08 December 2018, 11:56:37 UTC |
| b58c44a | Andy Polyakov | 14 September 2018, 10:17:43 UTC | rsa/rsa_ossl.c: make RSAerr call in rsa_ossl_private_decrypt unconditional. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 89072e0c2a483f2ad678e723e112712567b0ceb1) (Merged from https://github.com/openssl/openssl/pull/7735) | 08 December 2018, 11:56:37 UTC |
| 0ba39c8 | Andy Polyakov | 01 September 2018, 10:19:30 UTC | err/err.c: add err_clear_last_constant_time. Expected usage pattern is to unconditionally set error and then wipe it if there was no actual error. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit f658a3b64d8750642f4975090740865f770c2a1b) Resolved conflicts: crypto/err/err.c (Merged from https://github.com/openssl/openssl/pull/7735) | 08 December 2018, 11:56:37 UTC |
| 7cbff94 | Richard Levitte | 07 December 2018, 08:26:04 UTC | Make EVP_PKEY_asn1_add0() stricter about its input It turns out that the strictness that was implemented in EVP_PKEY_asn1_new() (see Github openssl/openssl#6880) was badly placed for some usages, and that it's better to do this check only when the method is getting registered. Fixes #7758 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7847) (cherry picked from commit a86003162138031137727147c9b642d99db434b1) | 07 December 2018, 11:00:29 UTC |
| 403783c | Richard Levitte | 24 November 2018, 16:51:24 UTC | Have util/mktar.sh display the absolute path to the tarball Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696) (cherry picked from commit 3be389435fc7b94623d972b622dbd9f0cd5c34f7) | 24 November 2018, 17:45:51 UTC |
| ffe7659 | Richard Levitte | 24 November 2018, 10:27:50 UTC | Make sure to run util/mktar.sh from the source directory Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696) (cherry picked from commit b741f153b2f24139d7210b1b0c9caf561f4900e8) | 24 November 2018, 17:45:43 UTC |
| 58381f2 | Richard Levitte | 23 November 2018, 23:59:33 UTC | Don't export the submodules 'boringssl', 'krb5' and 'pyca-cryptography' Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696) (cherry picked from commit 76bc401cc63219a462224884cb4af787e17725ed) | 24 November 2018, 17:45:35 UTC |
| 0e17281 | Richard Levitte | 23 November 2018, 13:43:16 UTC | Don't export util/mktar.sh When creating a tarball, it's pointless to include scripts that assume a git workspace. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696) (cherry picked from commit b9a694717902af796639e1dff641ba620703303b) | 24 November 2018, 17:45:27 UTC |
| ed20708 | Richard Levitte | 23 November 2018, 13:40:39 UTC | Document the removed 'dist' target Also adds missing copyright boilerplate to util/mktar.sh Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7696) (cherry picked from commit b42922ea2f605fd6c42faad1743fb27be5f7f1f3) | 24 November 2018, 17:45:16 UTC |
| 7dac814 | Andy Polyakov | 07 November 2018, 21:07:22 UTC | rsa/rsa_ossl.c: cache MONT_CTX for public modulus earlier. Blinding is performed more efficiently and securely if MONT_CTX for public modulus is available by the time blinding parameter are instantiated. So make sure it's the case. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 2cc3f68cde77af23c61fbad65470602ee86f2575) Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7586) | 23 November 2018, 16:36:39 UTC |
| b97cbe0 | Richard Levitte | 22 November 2018, 20:29:02 UTC | Remove all 'make dist' artifacts Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7692) (cherry picked from commit 8d9535ec3e317641b8e551973c8cfe2ee1c89296) | 23 November 2018, 11:45:59 UTC |
| f68bfdf | Richard Levitte | 22 November 2018, 20:17:47 UTC | Change tarball making procedure Since recently, OpenSSL tarballs are produced with 'make tar' rather than 'make dist', as the latter has turned out to be more troublesome than useful. The next step to look at is why we would need to configure at all to produce a Makefile just to produce a tarball. After all, the tarball should now only contain source files that are present even without configuring. Furthermore, the current method for producing tarballs is a bit complex, and can be greatly simplified with the right tools. Since we have everything versioned with git, we might as well use the tool that comes with it. Added: util/mktar.sh, a simple script to produce OpenSSL tarballs. It takes the options --name to modify the prefix of the distribution, and --tarfile tp modify the tarball file name specifically. This also adds a few entries in .gitattributes to specify files that should never end up in a distribution tarball. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7692) (cherry picked from commit 8c209eeef426ded66ce99048f535f35d08b88462) | 23 November 2018, 11:42:47 UTC |
| 0fbe849 | Matt Caswell | 20 November 2018, 13:42:16 UTC | Prepare for 1.1.0k-dev Reviewed-by: Richard Levitte <levitte@openssl.org> | 20 November 2018, 13:42:16 UTC |
| 74f2d9c | Matt Caswell | 20 November 2018, 13:41:22 UTC | Prepare for 1.1.0j release Reviewed-by: Richard Levitte <levitte@openssl.org> | 20 November 2018, 13:41:22 UTC |
| a8e613c | Matt Caswell | 20 November 2018, 13:21:36 UTC | Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7670) | 20 November 2018, 13:28:44 UTC |
| 503c185 | Matt Caswell | 20 November 2018, 10:52:53 UTC | Update CHANGES and NEWS for new release Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7666) | 20 November 2018, 11:56:04 UTC |
| b1aec9e | Richard Levitte | 13 November 2018, 16:57:45 UTC | Fix typo in util/perl/OpenSSL/Test.pm Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7633) (cherry picked from commit 2dc37bc2b4c678462a24d2904604e58c0c5ac1cb) | 13 November 2018, 23:55:13 UTC |
| 841303d | Richard Levitte | 13 November 2018, 17:28:41 UTC | test/recipes/90-test_shlibload.t needs $target{shared_extension} We therefore must add defaults. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7631) | 13 November 2018, 23:39:11 UTC |
| 7571151 | Richard Levitte | 13 November 2018, 14:57:34 UTC | Fix rpath-related Linux "test_shlibload" failure. When libssl and libcrypto are compiled on Linux with "-rpath", but not "--enable-new-dtags", the RPATH takes precedence over LD_LIBRARY_PATH, and we end up running with the wrong libraries. This is resolved by using full (or at least relative, rather than just the filename to be found on LD_LIBRARY_PATH) paths to the shared objects. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7631) | 13 November 2018, 23:39:11 UTC |
| 013aefc | Richard Levitte | 13 November 2018, 17:49:21 UTC | Configuration: make sure the shared_sources table doesn't contain empty elements Fixes #7634 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7635) (cherry picked from commit 0c594ccc29f6ba241627f436ba3d05fc400d1066) | 13 November 2018, 22:53:54 UTC |
| 5f16ab3 | Richard Levitte | 31 October 2018, 08:02:00 UTC | Windows build: build foo.d after foo.obj We made the build of foo.obj depend on foo.d, meaning the latter gets built first. Unfortunately, the way the compiler works, we are forced to redirect all output to foo.d, meaning that if the source contains an error, the build fails without showing those errors. We therefore remove the dependency and force the build of foo.d to always happen after build of foo.obj. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7533) | 13 November 2018, 15:05:52 UTC |
| 6ab937f | Billy Brumley | 09 November 2018, 07:25:43 UTC | [crypto/bn] swap BN_FLG_FIXED_TOP too Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7599) (cherry picked from commit dd41956d80686638d74fd203bd67060f90966280) | 10 November 2018, 02:18:39 UTC |
| 4a498d0 | Richard Levitte | 09 November 2018, 11:08:08 UTC | Fix cherry-pick error A couple of $(ECHO) sneaked in from patches in newer branches Fixes #7600 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7601) | 09 November 2018, 13:13:45 UTC |
| 401e1c9 | Richard Levitte | 09 November 2018, 11:23:53 UTC | VMS build: colon after target must be separated with a space ... otherwise, it's taken to be part of a device name. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7602) (cherry picked from commit e9994901f835420764d020968d4588fc09ec74c3) | 09 November 2018, 11:31:11 UTC |
| 2801f67 | Richard Levitte | 07 November 2018, 15:13:57 UTC | Have install targets depend on more precise build targets We only had the main 'install' target depend on 'all'. This changes the dependencies so targets like install_dev, install_runtime_libs, install_engines and install_programs depend on build targets that are correspond to them more specifically. This increases the parallel possibilities. Fixes #7466 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7583) (cherry picked from commit e8d01a608705e4320082a11a3870aa7e19c7290f) | 09 November 2018, 05:26:20 UTC |
| 82ca431 | Richard Levitte | 25 October 2018, 07:09:20 UTC | Allow parallel install When trying 'make -j{n} install', you may occasionally run into trouble because to sub-targets (install_dev and install_runtime) try to install the same shared libraries. That makes parallel install difficult. This is solved by dividing install_runtime into two parts, one for libraries and one for programs, and have install_dev depend on install_runtime_libs instead of installing the shared runtime libraries itself. Fixes #7466 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7583) (cherry picked from commit c1123d9f7efb005a109aeccaba82c40bf9bd4c1d) | 09 November 2018, 05:26:04 UTC |
| 26d7fce | Pauli | 31 October 2018, 22:44:11 UTC | Add a constant time flag to one of the bignums to avoid a timing leak. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7549) (cherry picked from commit 00496b6423605391864fbbd1693f23631a1c5239) | 01 November 2018, 22:15:37 UTC |
| 003f1bf | Rod Vagg | 29 October 2018, 09:43:53 UTC | Remove brace from bad cherry-pick of DSA reallocation fix Commit 56fb454 backported the DSA reallocation fix to 1.1.0, however a code block that has multiple statements in 1.1.1+ only has a `goto` in 1.1.0 so introduces a brace that causes a compile failure. CLA:trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7516) | 30 October 2018, 02:52:55 UTC |
| 56fb454 | Pauli | 26 October 2018, 00:54:58 UTC | Timing vulnerability in ECDSA signature generation (CVE-2018-0735) Preallocate an extra limb for some of the big numbers to avoid a reallocation that can potentially provide a side channel. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7486) (cherry picked from commit 99540ec79491f59ed8b46b4edf130e17dc907f52) | 28 October 2018, 22:05:06 UTC |
| ef11e19 | Pauli | 23 October 2018, 21:42:46 UTC | Timing vulnerability in DSA signature generation (CVE-2018-0734). Avoid a timing attack that leaks information via a side channel that triggers when a BN is resized. Increasing the size of the BNs prior to doing anything with them suppresses the attack. Thanks due to Samuel Weiser for finding and locating this. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7486) (cherry picked from commit a9cfb8c2aa7254a4aa6a1716909e3f8cb78049b6) | 28 October 2018, 22:01:57 UTC |
| 84862c0 | Pauli | 28 October 2018, 20:50:51 UTC | DSA mod inverse fix There is a side channel attack against the division used to calculate one of the modulo inverses in the DSA algorithm. This change takes advantage of the primality of the modulo and Fermat's little theorem to calculate the inverse without leaking information. Thanks to Samuel Weiser for finding and reporting this. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7487) (cherry picked from commit 415c33563528667868c3c653a612e6fc8736fd79) | 28 October 2018, 20:52:43 UTC |
| bd04577 | Dr. Matthias St. Pierre | 18 October 2018, 21:04:32 UTC | md_rand.c: don't stop polling until properly initialized Previously, the RNG sets `initialized=1` after the first call to RAND_poll(), although its criterion for being initialized actually is whether condition `entropy >= ENTROPY_NEEDED` is true. This commit now assigns `initialized=(entropy >= ENTROPY_NEEDED)`, which has the effect that on the next call, RAND_poll() will be called again, if it previously failed to obtain enough entropy. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7438) | 22 October 2018, 12:47:34 UTC |
| f2828a1 | Andy Polyakov | 17 October 2018, 08:09:33 UTC | arch/async_posix.h: improve portability. {make|swap|get|set}context are removed in POSIX.1-2008, but glibc apparently keeps providing it. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7420) (cherry picked from commit 9d71a24ebf57e7157888af1ca587eafe914bf96f) | 19 October 2018, 08:31:27 UTC |
| d46f917 | Viktor Dukhovni | 08 October 2018, 16:05:14 UTC | Apply self-imposed path length also to root CAs Also, some readers of the code find starting the count at 1 for EE cert confusing (since RFC5280 counts only non-self-issued intermediate CAs, but we also counted the leaf). Therefore, never count the EE cert, and adjust the path length comparison accordinly. This may be more clear to the reader. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit dc5831da59e9bfad61ba425d886a0b06ac160cd6) | 18 October 2018, 04:11:20 UTC |
| cc54a2a | Viktor Dukhovni | 05 October 2018, 03:53:01 UTC | Only CA certificates can be self-issued At the bottom of https://tools.ietf.org/html/rfc5280#page-12 and top of https://tools.ietf.org/html/rfc5280#page-13 (last paragraph of above https://tools.ietf.org/html/rfc5280#section-3.3), we see: This specification covers two classes of certificates: CA certificates and end entity certificates. CA certificates may be further divided into three classes: cross-certificates, self-issued certificates, and self-signed certificates. Cross-certificates are CA certificates in which the issuer and subject are different entities. Cross-certificates describe a trust relationship between the two CAs. Self-issued certificates are CA certificates in which the issuer and subject are the same entity. Self-issued certificates are generated to support changes in policy or operations. Self- signed certificates are self-issued certificates where the digital signature may be verified by the public key bound into the certificate. Self-signed certificates are used to convey a public key for use to begin certification paths. End entity certificates are issued to subjects that are not authorized to issue certificates. that the term "self-issued" is only applicable to CAs, not end-entity certificates. In https://tools.ietf.org/html/rfc5280#section-4.2.1.9 the description of path length constraints says: The pathLenConstraint field is meaningful only if the cA boolean is asserted and the key usage extension, if present, asserts the keyCertSign bit (Section 4.2.1.3). In this case, it gives the maximum number of non-self-issued intermediate certificates that may follow this certificate in a valid certification path. (Note: The last certificate in the certification path is not an intermediate certificate, and is not included in this limit. Usually, the last certificate is an end entity certificate, but it can be a CA certificate.) This makes it clear that exclusion of self-issued certificates from the path length count applies only to some *intermediate* CA certificates. A leaf certificate whether it has identical issuer and subject or whether it is a CA or not is never part of the intermediate certificate count. The handling of all leaf certificates must be the same, in the case of our code to post-increment the path count by 1, so that we ultimately reach a non-self-issued intermediate it will be the first one (not zeroth) in the chain of intermediates. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit ed422a2d0196ada0f5c1b6e296f4a4e5ed69577f) | 18 October 2018, 04:11:19 UTC |
| a76a416 | Andy Polyakov | 12 October 2018, 20:17:51 UTC | ssl/s3_enc.c: fix logical errors in ssl3_final_finish_mac. (back-port of commit 7d0effeacbb50b12bfc24df7614d7cf5c8686f51) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7392) | 17 October 2018, 11:58:24 UTC |
| 77078e6 | Benjamin Kaduk | 04 October 2018, 18:49:21 UTC | apps: allow empty attribute values with -subj Historically (i.e., OpenSSL 1.0.x), the openssl applications would allow for empty subject attributes to be passed via the -subj argument, e.g., `opensl req -subj '/CN=joe/O=/OU=local' ...`. Commit db4c08f0194d58c6192f0d8311bf3f20e251cf4f applied a badly needed rewrite to the parse_name() helper function that parses these strings, but in the process dropped a check that would skip attributes with no associated value. As a result, such strings are now treated as hard errors and the operation fails. Restore the check to skip empty attribute values and restore the historical behavior. Document the behavior for empty subject attribute values in the corresponding applications' manual pages. (cherry picked from commit 3d362f190306b62a17aa2fd475b2bc8b3faa8142) (cherry picked from commit a7ee1ef61b1893038008691a4a6979cf2da91439) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7368) | 15 October 2018, 17:34:48 UTC |
| 737a37f | Tomas Mraz | 09 October 2018, 16:37:10 UTC | Fix copy&paste error found in Coverity scan Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7377) (cherry picked from commit 628ee796389b555ddb5fc28355e16e9417ab1724) | 13 October 2018, 03:44:46 UTC |
| f7cbb8a | Andy Polyakov | 05 September 2018, 12:33:21 UTC | rsa/rsa_ossl.c: fix and extend commentary [skip ci]. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7123) (cherry picked from commit d1c008f66bad435b18aa45aa59f72bed7c682849) | 12 October 2018, 20:29:13 UTC |
| d39b277 | Richard Levitte | 30 September 2018, 00:18:47 UTC | Clean out aliases in include/openssl/symhacks.h Only a few clashing ones remain Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7331) (cherry picked from commit b44882a0bd0717e0aab84f5dc3ef81ab673155e9) | 04 October 2018, 07:59:30 UTC |
| 32451d8 | Richard Levitte | 29 September 2018, 23:59:11 UTC | Small cleanup (util/mkdef.pl, crypto/bio/bss_log.c, include/openssl/ocsp.h) BIO_s_log() is declared for everyone, so should return NULL when not actually implemented. Also, it had explicit platform limitations in util/mkdef.pl that didn't correspond to what was actually in code. While at it, a few other hard coded things that have lost their relevance were removed. include/openssl/ocsp.h had a few duplicate declarations. Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7331) (cherry picked from commit 7e09c5eaa57295f87453286ffe25277c2f2bc73f) | 04 October 2018, 07:59:23 UTC |
| 875ba8b | Sohaib ul Hassan | 16 June 2018, 14:07:40 UTC | Implement coordinate blinding for EC_POINT This commit implements coordinate blinding, i.e., it randomizes the representative of an elliptic curve point in its equivalence class, for prime curves implemented through EC_GFp_simple_method, EC_GFp_mont_method, and EC_GFp_nist_method. This commit is derived from the patch https://marc.info/?l=openssl-dev&m=131194808413635 by Billy Brumley. Coordinate blinding is a generally useful side-channel countermeasure and is (mostly) free. The function itself takes a few field multiplicationss, but is usually only necessary at the beginning of a scalar multiplication (as implemented in the patch). When used this way, it makes the values that variables take (i.e., field elements in an algorithm state) unpredictable. For instance, this mitigates chosen EC point side-channel attacks for settings such as ECDH and EC private key decryption, for the aforementioned curves. For EC_METHODs using different coordinate representations this commit does nothing, but the corresponding coordinate blinding function can be easily added in the future to extend these changes to such curves. Co-authored-by: Nicola Tuveri <nic.tuv@gmail.com> Co-authored-by: Billy Brumley <bbrumley@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6526) | 02 October 2018, 15:12:37 UTC |
| e5d1825 | Billy Brumley | 22 August 2018, 06:50:43 UTC | [test] ECC: make sure negative tests pass for the right reasons This is a backport of #7028 to 1.1.0. It squashes the two original commits and applies changes for compatibility with 1.1.0. 1. cherry picked from commit 30c41bfb158c0f595809d0eaf032926a3c2cf236 [test] ECC: make sure negative tests pass for the right reasons 2. cherry picked from commit bfb10b975818d1887d676d309fcc21a765611f6d [test] throw error from wrapper function instead of an EC_METHOD specific one Given that in 1.1.0 `EC_POINT_get_affine_coordinates_GFp` and `EC_POINT_get_affine_coordinates_GF2m` have not been unified, in this backport the tests distinguish between the 2 different functions as the cause of the expected error. [extended tests] to trigger sanitizer checks and coverage analysis. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7152) | 29 September 2018, 09:44:22 UTC |
| 23fe5c5 | Billy Brumley | 28 June 2018, 07:59:08 UTC | More EVP ECC testing: positive and negative This is a backport of #6608 to 1.1.0. 1. For every named curve, two "golden" keypair positive tests. 2. Also two "golden" stock ECDH positive tests. 3. For named curves with non-trivial cofactors, additionally two "golden" ECC CDH positive tests. 4. For named curves with non-trivial cofactors, additionally two negative tests. There is some overlap with existing EVP tests, especially for the NIST curves (for example, positive testing ECC CDH KATs for NIST curves). "Golden" here means all the values are independent from OpenSSL's ECC code. I used sage to calculate them. What comes from OpenSSL is: 1. The OIDs (parsed by tooling) 2. The curve parameters (parsing ecparam output with tooling) The values inside the PEMs (private keys, public keys) and shared keys are from sage. The PEMs themselves are the output of asn1parse, with input taken from sage. (cherry picked from commit 249330de0250bc598d20d383bab37d150cdad239) Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7152) | 29 September 2018, 09:44:22 UTC |
| cb19356 | Nicola Tuveri | 07 September 2018, 15:27:56 UTC | Move evp test programs input data to its own data dir This is a manual backport of #3472 to 1.1.0. This is a partial backport, limited only to evptests, as #3472 also affected bntests, which has a completely different form in 1.1.0. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7152) | 29 September 2018, 09:44:22 UTC |
| e052722 | Nicola Tuveri | 07 September 2018, 15:14:30 UTC | Split test/evptests.txt into separate files. This is a manual port of #3443 (and the related bugfix PR #3452) to 1.1.0. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7152) | 29 September 2018, 09:44:22 UTC |
| 908f7a1 | Daniel Bevenius | 24 September 2018, 06:43:35 UTC | Document OPENSSL_VERSION_TEXT macro This commit documents the OPENSSL_VERSION_TEXT which is currently missing in the man page. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7301) (cherry picked from commit 7c69495712e3dc9aa8db38271f0c3faeb2037165) | 24 September 2018, 10:05:00 UTC |
| 1abdf08 | Pauli | 24 September 2018, 01:21:18 UTC | Use secure_getenv(3) when available. Change all calls to getenv() inside libcrypto to use a new wrapper function that use secure_getenv() if available and an issetugid then getenv if not. CPU processor override flags are unchanged. Extra checks for OPENSSL_issetugid() have been removed in favour of the safe getenv. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7047) (cherry picked from commit 5c39a55d04ea6e6f734b627a050b9e702788d50d) | 24 September 2018, 01:32:25 UTC |
| 4aa1739 | Richard Levitte | 21 September 2018, 09:11:15 UTC | crypto/bn/asm/x86_64-gcc.c: remove unnecessary redefinition of BN_ULONG This module includes bn.h via other headers, so it picks up the definition from there and doesn't need to define them locally (any more?). Worst case scenario, the redefinition may be different and cause all sorts of compile errors. Fixes #7227 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7287) (cherry picked from commit dda5396aaec315bdbcb080e42fb5cd0191f2ad72) | 21 September 2018, 09:36:50 UTC |
| ad17303 | Richard Levitte | 19 September 2018, 19:33:45 UTC | crypto/ui/ui_openssl.c: make sure to recognise ENXIO and EIO too These both indicate that the file descriptor we're trying to use as a terminal isn't, in fact, a terminal. Fixes #7271 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7272) (cherry picked from commit 276bf8620ce35a613c856f2b70348f65ffe94067) | 20 September 2018, 04:43:02 UTC |
| ae59efc | Pauli | 16 September 2018, 21:47:42 UTC | Use 'i' as parameter name not 'I'. The latter causes problems when complex.h is #included. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7233) (cherry picked from commit 972f67889b5a10c33dbc3d500cfa65b544e68b46) | 16 September 2018, 23:52:38 UTC |
| 55b1542 | Pauli | 16 September 2018, 22:09:25 UTC | Add a compile time test to verify that openssl/rsa.h and complex.h can coexist. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7233) (cherry picked from commit da5fac72b1cba5651b871902eea234e693cf01e5) | 16 September 2018, 23:48:09 UTC |
| 622fc2e | Matt Caswell | 12 September 2018, 15:49:19 UTC | Add an explicit cast to time_t Caused a compilation failure in some environments Fixes #7204 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7205) (cherry picked from commit bc278f30f0b766bfb82426c641dc1d51ace4a994) | 13 September 2018, 14:42:26 UTC |
| 477d1a6 | Viktor Szakats | 11 September 2018, 22:34:00 UTC | minor fixes for Windows - fix to use secure URL in generated Windows resources - fix a potentially uninitialized variable CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7189) | 12 September 2018, 07:36:05 UTC |
| e13dc23 | Bernd Edlinger | 10 September 2018, 12:18:23 UTC | Make the config script fail with an error code if Configure failed Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7166) | 11 September 2018, 16:40:59 UTC |
| aa4312d | parasssh | 23 August 2018, 05:42:11 UTC | Fix typos in documentation. CLA: trivial (cherry picked from commit fa332bba919d094c1654bbb3be0528b3df6e9023) Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7040) | 11 September 2018, 15:54:52 UTC |
| f6c6c7c | Richard Levitte | 11 September 2018, 09:00:30 UTC | CAPI engine: add support for RSA_NO_PADDING Since the SSL code started using RSA_NO_PADDING, the CAPI engine became unusable. This change fixes that. Fixes #7131 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7174) (cherry picked from commit 37f4928701aa54937ce8eef422a2165afeec5cec) | 11 September 2018, 09:36:45 UTC |
| 1fa7e2e | Matt Caswell | 10 September 2018, 15:23:14 UTC | Check the return value from ASN1_INTEGER_set Found by Coverity Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7169) (cherry picked from commit 512d811719fc955f574090af4c3586a9aba46fa7) | 10 September 2018, 16:33:32 UTC |
| 1ed9faf | Shane Lontis | 03 September 2018, 01:39:50 UTC | RSA padding Zeroization fixes Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7090) (cherry picked from commit 82eba370daeb6d80b01b521d9e2963451487f0cb) | 06 September 2018, 04:54:33 UTC |
| a842be9 | Nicola Tuveri | 05 September 2018, 09:08:12 UTC | Harmonize the error handling codepath Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7121) | 05 September 2018, 12:26:46 UTC |
| c28a2ff | Nicola Tuveri | 05 September 2018, 08:58:55 UTC | Fix segfault in RSA_free() (and DSA/DH/EC_KEY) `RSA_free()` and friends are called in case of error from `RSA_new_method(ENGINE *e)` (or the respective equivalent functions). For the rest of the description I'll talk about `RSA_*`, but the same applies for the equivalent `DSA_free()`, `DH_free()`, `EC_KEY_free()`. If `RSA_new_method()` fails because the engine does not implement the required method, when `RSA_free(RSA *r)` is called, `r->meth == NULL` and a segfault happens while checking if `r->meth->finish` is defined. This commit fixes this issue by ensuring that `r->meth` is not NULL before dereferencing it to check for `r->meth->finish`. Fixes #7102 . Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7121) | 05 September 2018, 12:26:40 UTC |
| 374804b | Pauli | 04 September 2018, 21:50:17 UTC | Key zeroization fix for EVP_SealInit. Manual backport from master. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7116) | 04 September 2018, 22:34:56 UTC |
| bfd752f | Eric Curtin | 03 September 2018, 14:23:37 UTC | New openssl subject parser hard to debug -subj 'subject=C = US, ST = A, L = root, O = Hewlett Packard Enterprise Company, OU = Remote Device Access, CN = Hewlett Packard Enterprise Remote Device Access Test Local CA, emailAddress = rda@hpe.com' was a valid subject in openssl 1.0. Error received in 1.1 is: problems making Certificate Request Not very informative, I only figured this out because I compiled the code and added logging. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7098) (cherry picked from commit 2167640b0bf76ec50a397dd90444b97c242e3f04) | 04 September 2018, 19:43:20 UTC |
| fe4de29 | Pauli | 04 September 2018, 19:35:34 UTC | Make OBJ_NAME case insensitive. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7101) | 04 September 2018, 19:35:34 UTC |
| b5b3977 | Shane Lontis | 04 September 2018, 04:01:37 UTC | hkdf zeroization fix Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7106) (cherry picked from commit 64ed55ab033f1bfa795d46f0ecc61c313204b418) | 04 September 2018, 19:23:00 UTC |
| febb025 | Shane Lontis | 04 September 2018, 05:00:21 UTC | key zeroisation fix for p12 Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7109) (cherry picked from commit f5cee414fa8e7e9a088d8d5ebe641f368df20801) | 04 September 2018, 19:20:03 UTC |
| b4b651b | Shane Lontis | 04 September 2018, 04:31:11 UTC | key zeroisation for pvkfmt now done on all branch paths Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7107) (cherry picked from commit 0239283d99a37e8527199a62100fec867b9996cb) | 04 September 2018, 19:15:04 UTC |
| 1018ba7 | Richard Levitte | 03 September 2018, 11:17:03 UTC | openssl req: don't try to report bits With the introduction of -pkeyopt, the number of bits may change without |newkey| being updated. Unfortunately, there is no API to retrieve the information from a EVP_PKEY_CTX either, so chances are that we report incorrect information. For the moment, it's better not to try to report the number of bits at all. Fixes #7086 Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7096) (cherry picked from commit 17147181bd3f97c53592e2a5c9319b854b954039) | 04 September 2018, 12:26:48 UTC |
| 019cb1e | Matt Caswell | 23 August 2018, 10:37:22 UTC | Clarify the EVP_DigestSignInit docs They did not make it clear how the memory management works for the |pctx| parameter. Fixes #7037 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7042) (cherry picked from commit f097e8759820f6f9b78adb99eb4bfced2945d623) | 04 September 2018, 10:19:02 UTC |
| e25fc6b | Jakub Wilk | 03 September 2018, 09:09:51 UTC | Fix example in crl(1) man page The default input format is PEM, so explicit "-inform DER" is needed to read DER-encoded CRL. CLA: trivial Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7094) (cherry picked from commit 785e614a95a134831f213749332bcf40c4920f69) | 04 September 2018, 10:03:41 UTC |
| fab16cd | Matt Caswell | 09 August 2018, 15:25:29 UTC | The req documentation incorrectly states that we default to md5 Just remove that statement. It's not been true since 2005. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/6905) | 04 September 2018, 09:56:58 UTC |
| b50c9f3 | Paul Kehrer | 01 September 2018, 14:50:28 UTC | add docs for OCSP_resp_get0_signature Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7082) | 03 September 2018, 04:17:28 UTC |
