Matt Caswell [Tue, 29 Jan 2019 15:04:38 +0000 (15:04 +0000)]
Complain if -twopass is used incorrectly
The option -twopass to the pkcs12 app is ignored if -passin, -passout
or -password is used. We should complain if an attempt is made to use
it in combination with those options.
Fixes #8107
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8114)
Matt Caswell [Tue, 29 Jan 2019 11:41:32 +0000 (11:41 +0000)]
Fix no-dso builds
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8111)
Matt Caswell [Mon, 28 Jan 2019 17:17:59 +0000 (17:17 +0000)]
Don't leak memory from ERR_add_error_vdata()
If the call the ERR_set_error_data() in ERR_add_error_vdata() fails then
a mem leak can occur. This commit checks that we successfully added the
error data, and if not frees the buffer.
Fixes #8085
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/8105)
David Asraf [Wed, 23 Jan 2019 11:10:11 +0000 (11:10 +0000)]
crypto/bn: fix return value in BN_generate_prime
When the ret parameter is NULL the generated prime
is in rnd variable and not in ret.
CLA: trivial
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8076)
Tomas Mraz [Thu, 24 Jan 2019 16:58:56 +0000 (17:58 +0100)]
Remove stray -modulus option from the ec manual page.
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8082)
Matthias Kraft [Fri, 18 Jan 2019 12:09:06 +0000 (13:09 +0100)]
Add "weak" declarations of symbols used in safestack.h and lhash.h
Only for SunCC for now.
It turns out that some compilers to generate external variants of
unused static inline functions, and if they use other external
symbols, those need to be present as well. If you then happen to
include one of safestack.h or lhash.h without linking with libcrypto,
the build fails.
Fixes #6912
Signed-off-by: Matthias Kraft <Matthias.Kraft@softwareag.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8087)
Klotz, Tobias [Thu, 20 Dec 2018 11:59:31 +0000 (12:59 +0100)]
Cleanup vxworks support to be able to compile for VxWorks 7
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7569)
Matt Caswell [Fri, 18 Jan 2019 15:24:57 +0000 (15:24 +0000)]
Make sure we trigger retransmits in DTLS testing
During a DTLS handshake we may need to periodically handle timeouts in the
DTLS timer to ensure retransmits due to lost packets are performed. However,
one peer will always complete a handshake before the other. The DTLS timer
stops once the handshake has finished so any handshake messages lost after
that point will not automatically get retransmitted simply by calling
DTLSv1_handle_timeout(). However attempting an SSL_read implies a
DTLSv1_handle_timeout() and additionally will process records received from
the peer. If those records are themselves retransmits then we know that the
peer has not completed its handshake yet and a retransmit of our final
flight automatically occurs.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8047)
Matt Eaton [Tue, 22 Jan 2019 02:14:34 +0000 (20:14 -0600)]
Update NOTES.ANDROID
Minor typo fix to `adjustment` in the line:
"In such case you have to pass matching target
name to Configure and shouldn't use -D__ANDROID_API__=N. PATH adjustment
becomes simpler, $ANDROID_NDK/bin:$PATH suffices."
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8054)
Corey Minyard [Mon, 21 Jan 2019 07:47:02 +0000 (17:47 +1000)]
Fix a memory leak in the mem bio
If you use a BIO and set up your own buffer that is not freed, the
memory bio will leak the BIO_BUF_MEM object it allocates.
The trouble is that the BIO_BUF_MEM is allocated and kept around,
but it is not freed if BIO_NOCLOSE is set.
The freeing of BIO_BUF_MEM was fairly confusing, simplify things
so mem_buf_free only frees the memory buffer and free the BIO_BUF_MEM
in mem_free(), where it should be done.
Alse add a test for a leak in the memory bio
Setting a memory buffer caused a leak.
Signed-off-by: Corey Minyard <minyard@acm.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8051)
Richard Levitte [Wed, 16 Jan 2019 05:31:15 +0000 (06:31 +0100)]
crypto/armcap.c, crypto/ppccap.c: stricter use of getauxval()
Having a weak getauxval() and only depending on GNU C without looking
at the library we build against meant that it got picked up where not
really expected.
So we change this to check for the glibc version, and since we know it
exists from that version, there's no real need to make it weak.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8028)
Richard Levitte [Thu, 20 Dec 2018 09:17:38 +0000 (10:17 +0100)]
crypto/uid.c: use own macro as guard rather than AT_SECURE
It turns out that AT_SECURE may be defined through other means than
our inclusion of sys/auxv.h, so to be on the safe side, we define our
own guard and use that to determine if getauxval() should be used or
not.
Fixes #7932
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7933)
Matt Caswell [Wed, 17 Oct 2018 15:17:25 +0000 (16:17 +0100)]
Don't artificially limit the size of the ClientHello
We were setting a limit of SSL3_RT_MAX_PLAIN_LENGTH on the size of the
ClientHello. AFAIK there is nothing in the standards that requires this
limit.
The limit goes all the way back to when support for extensions was first
added for TLSv1.0. It got converted into a WPACKET max size in 1.1.1. Most
likely it was originally added to avoid the complexity of having to grow
the init_buf in the middle of adding extensions. With WPACKET this is
irrelevant since it will grow automatically.
This issue came up when an attempt was made to send a very large
certificate_authorities extension in the ClientHello.
We should just remove the limit.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7424)
FdaSilvaYY [Tue, 8 Jan 2019 06:27:27 +0000 (16:27 +1000)]
Fix CID 1434549: Unchecked return value in test/evp_test.c
5. check_return: Calling EVP_EncodeUpdate without checking return value
(as is done elsewhere 4 out of 5 times).
Fix CID 1371695, 1371698: Resource leak in test/evp_test.c
- leaked_storage: Variable edata going out of scope leaks the storage it
points to.
- leaked_storage: Variable encode_ctx going out of scope leaks the
storage it points to
Fix CID 1430437, 1430426, 1430429 : Dereference before null check in test/drbg_cavs_test.c
check_after_deref: Null-checking drbg suggests that it
may be null, but it has already been dereferenced on all paths leading
to the check
Fix CID 1440765: Dereference before null check in test/ssltestlib.c
check_after_deref: Null-checking ctx suggests that it may be null, but
it has already been dereferenced on all paths leading to the check.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7993)
Viktor Dukhovni [Tue, 1 Jan 2019 07:53:24 +0000 (02:53 -0500)]
More configurable crypto and ssl library initialization
1. In addition to overriding the default application name,
one can now also override the configuration file name
and flags passed to CONF_modules_load_file().
2. By default we still keep going when configuration file
processing fails. But, applications that want to be
strict about initialization errors can now make explicit
flag choices via non-null OPENSSL_INIT_SETTINGS that omit
the CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far
been both undocumented and unused).
3. In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG
if the options already include OPENSSL_INIT_NO_LOAD_CONFIG.
4. Don't set up atexit() handlers when called with opts equal to
OPENSSL_INIT_BASE_ONLY (this flag should only be used alone).
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7969)
Matt Caswell [Fri, 4 Jan 2019 16:55:15 +0000 (16:55 +0000)]
Add a test for correct handling of the cryptopro bug extension
This was complicated by the fact that we were using this extension for our
duplicate extension handling tests. In order to add tests for cryptopro
bug the duplicate extension handling tests needed to change first.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7984)
Matt Caswell [Fri, 4 Jan 2019 16:54:03 +0000 (16:54 +0000)]
Don't complain if we receive the cryptopro extension in the ClientHello
The cryptopro extension is supposed to be unsolicited and appears in the
ServerHello only. Additionally it is unofficial and unregistered - therefore
we should really treat it like any other unknown extension if we see it in
the ClientHello.
Fixes #7747
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7984)
Matt Caswell [Fri, 4 Jan 2019 10:24:19 +0000 (10:24 +0000)]
Fix no-cmac
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7979)
Matt Caswell [Thu, 15 Nov 2018 16:59:41 +0000 (16:59 +0000)]
Don't link shlibloadtest against libcrypto
The whole point of shlibloadtest is to test dynamically loading and
unloading the library. If we link shlibloadtest against libcrypto then that
might mask potential issues.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7983)
Matt Caswell [Tue, 20 Nov 2018 15:32:55 +0000 (15:32 +0000)]
Fix a RUN_ONCE bug
We have a number of instances where there are multiple "init" functions for
a single CRYPTO_ONCE variable, e.g. to load config automatically or to not
load config automatically. Unfortunately the RUN_ONCE mechanism was not
correctly giving the right return value where an alternative init function
was being used.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7983)
Behrang [Thu, 20 Dec 2018 12:56:03 +0000 (23:56 +1100)]
Fixed minor typo in the req.pod docs
CLA: Trivial
Fixes #7928.
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7973)
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7959)
Jung-uk Kim [Thu, 13 Dec 2018 23:18:16 +0000 (18:18 -0500)]
Do not complain when /dev/crypto does not exist.
FreeBSD does not enable cryptodev(4) by default. OpenBSD disabled support
for /dev/crypto by default from 4.9 and removed it from 5.7. Now the engine
is properly enabled by default on BSD platforms (see #7885), it continuously
complains:
Could not open /dev/crypto: No such file or directory
Hide the nagging error message behind ENGINE_DEVCRYPTO_DEBUG.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7896)
Shreya Bhandare [Thu, 13 Dec 2018 17:29:10 +0000 (22:59 +0530)]
EVP_PKEY_size declared to take a const parameter
CLA: trivial
Function EVP_PKEY_size has been modified to take a const parameter
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7892)
Fix:
CID 1338183 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS)
CID 1371691 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS)
CID 1371692 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS)
[extended tests]
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7359)
FdaSilvaYY [Sun, 7 Oct 2018 19:47:31 +0000 (21:47 +0200)]
Coverity fix in apps/oscp
CID 1440002 (#1 of 1): Use after free (USE_AFTER_FREE)
Not a deadly error, because error was just before app exit.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7359)
Ken Goldman [Fri, 14 Dec 2018 20:04:04 +0000 (15:04 -0500)]
Admit unknown pkey types at security level 0
The check_key_level() function currently fails when the public key
cannot be extracted from the certificate because its algorithm is not
supported. However, the public key is not needed for the last
certificate in the chain.
This change moves the check for level 0 before the check for a
non-NULL public key.
For background, this is the TPM 1.2 endorsement key certificate.
I.e., this is a real application with millions of certificates issued.
The key is an RSA-2048 key.
The TCG (for a while) specified
Public Key Algorithm: rsaesOaep
rather than the commonly used
Public Key Algorithm: rsaEncryption
because the key is an encryption key rather than a signing key.
The X509 certificate parser fails to get the public key.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7906)
Christian Heimes [Mon, 17 Dec 2018 21:56:17 +0000 (22:56 +0100)]
Fix function names in ct(7) documentation
The correct function name is SSL_CTX_enable_ct, not SSL_CTX_ct_enable.
Signed-off-by: Christian Heimes <christian@python.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7916)
man: harmonize the various formulations in the HISTORY sections
While stereotyped repetitions are frowned upon in literature, they
serve a useful purpose in manual pages, because it is easier for
the user to find certain information if it is always presented in
the same way. For that reason, this commit harmonizes the varying
formulations in the HISTORY section about which functions, flags,
etc. were added in which OpenSSL version.
It also attempts to make the pod files more grep friendly by
avoiding to insert line breaks between the symbol names and the
corresponding version number in which they were introduced
(wherever possible). Some punctuation and typographical errors
were fixed on the way.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7854)
Richard Levitte [Fri, 14 Dec 2018 18:33:55 +0000 (19:33 +0100)]
ERR: preserve system error number in a few more places
It turns out that intialization may change the error number, so we
need to preserve the system error number in functions where
initialization is called for.
These are ERR_get_state() and err_shelve_state()
Fixes #7897
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7902)
Jakub Jelen [Wed, 12 Dec 2018 10:22:00 +0000 (11:22 +0100)]
Use the correct function name
CLA: trivial
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7887)
There was a trailing :w at a line, which didn't make sense in context
of the sentence/styling. Removed it, because I think it's a leftover
vi command.
CLA: trivial Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7875)
Digest must be able to do partial-state copy to be used.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
The engine needs a custom cipher context copy function to open a new
/dev/crypto session.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
eng_devcrypto: close session on cleanup, not final
Close the session in digest_cleanup instead of digest_final. A failure
in closing the session does not mean a previous successful digest final
has failed as well.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
If the source ctx has not been initialized, don't initialize the copy
either.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
Return failure when the digest_ctx is null in digest_update and
digest_final, and when md is null in digest_final.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
Call functions to prepare methods after confirming that /dev/crytpo was
sucessfully open and that the destroy function has been set.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
Matt Caswell [Wed, 21 Nov 2018 11:57:04 +0000 (11:57 +0000)]
Preserve errno on dlopen
For the same reasons as in the previous commit we must preserve errno
across dlopen calls. Some implementations (e.g. solaris) do not preserve
errno even on a successful dlopen call.
Fixes #6953
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7680)
Matt Caswell [Wed, 21 Nov 2018 11:44:42 +0000 (11:44 +0000)]
Make sure build_SYS_str_reasons() preserves errno
This function can end up being called during ERR_get_error() if we are
initialising. ERR_get_error() must preserve errno since it gets called via
SSL_get_error(). If that function returns SSL_ERROR_SYSCALL then you are
supposed to inspect errno.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7680)
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7850)
Richard Levitte [Fri, 7 Dec 2018 08:26:04 +0000 (09:26 +0100)]
Make EVP_PKEY_asn1_add0() stricter about its input
It turns out that the strictness that was implemented in
EVP_PKEY_asn1_new() (see Github openssl/openssl#6880) was badly placed
for some usages, and that it's better to do this check only when the
method is getting registered.
Fixes #7758
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7847)
FdaSilvaYY [Wed, 17 Oct 2018 20:30:32 +0000 (22:30 +0200)]
Doc: fix reference to deprecated methods.
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7705)
Matt Caswell [Tue, 4 Dec 2018 08:37:04 +0000 (08:37 +0000)]
Fix some SSL_export_keying_material() issues
Fix some issues in tls13_hkdf_expand() which impact the above function
for TLSv1.3. In particular test that we can use the maximum label length
in TLSv1.3.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7755)
Fixed-top interfaces tolerate zero-padded inputs and facilitate
constant-time-ness. bn_div_fixed_top tolerates zero-padded dividend,
but not divisor. It's argued that divisor's length is public even
when value is secret.
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7589)
Andy Polyakov [Fri, 14 Sep 2018 15:24:13 +0000 (17:24 +0200)]
rsa/rsa_ssl.c: make RSA_padding_check_SSLv23 constant-time.
Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding
if nul delimiter is preceded by 8 consecutive 0x03 bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 603221407ddc6404f8c417c6beadebf84449074c)
Andy Polyakov [Thu, 6 Sep 2018 19:54:23 +0000 (21:54 +0200)]
rsa/rsa_oaep.c: remove memcpy calls from RSA_padding_check_PKCS1_OAEP.
And make RSAErr call unconditional.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 75f5e944be97f28867e7c489823c889d89d0bd06)
Andy Polyakov [Sat, 1 Sep 2018 10:00:33 +0000 (12:00 +0200)]
rsa/rsa_pk1.c: remove memcpy calls from RSA_padding_check_PKCS1_type_2.
And make RSAErr call unconditional.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit e875b0cf2f10bf2adf73e0c2ec81428290f4660c)
Andy Polyakov [Fri, 14 Sep 2018 10:17:43 +0000 (12:17 +0200)]
rsa/rsa_ossl.c: make RSAerr call in rsa_ossl_private_decrypt unconditional.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 89072e0c2a483f2ad678e723e112712567b0ceb1)
Andy Polyakov [Sat, 1 Sep 2018 10:19:30 +0000 (12:19 +0200)]
err/err.c: add err_clear_last_constant_time.
Expected usage pattern is to unconditionally set error and then
wipe it if there was no actual error.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit f658a3b64d8750642f4975090740865f770c2a1b)
Richard Levitte [Tue, 27 Nov 2018 07:51:44 +0000 (07:51 +0000)]
Don't test the collected system errors when configured to not have them
Config options 'no-err' and 'no-autoerrinit'
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7711)