This repository was archived by the owner on May 6, 2022. It is now read-only.
Update to OpenSSL 1.0.2n #51
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Reviewed-by: Andy Polyakov <[email protected]>
Reviewed-by: Rich Salz <[email protected]> GH: openssl#4649
CLA: trivial Reviewed-by: Kurt Roeckx <[email protected]> Reviewed-by: Bernd Edlinger <[email protected]> (Merged from openssl#4600) (cherry picked from commit 7760384)
CLA: trivial Reviewed-by: Kurt Roeckx <[email protected]> Reviewed-by: Bernd Edlinger <[email protected]> (Merged from openssl#4600) (cherry picked from commit a6f622b)
Cherry-picked by Matt Caswell from 6979583. Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#4670)
The man pages say that BIGNUM arithmetic operations fail with a 0 return. However some functions were returning -1 on error. In master and 1.1.0 they already return 0, so this brings 1.0.2 in line. Reviewed-by: Bernd Edlinger <[email protected]> (Merged from openssl#4682)
Fixes: openssl#4590 Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#4681)
It's not clear if it's a feature or bug, but binutils-2.29[.1] interprets 'adr' instruction with Thumb2 code reference differently, in a way that affects calculation of addresses of constants' tables. Reviewed-by: Bernd Edlinger <[email protected]> Reviewed-by: Kurt Roeckx <[email protected]> (Merged from openssl#4673)
…sions. In earlier 5.1x Perl versions quoting globs works only if there is white space. If there is none, it's looking for names starting with ". Reviewed-by: Rich Salz <[email protected]> Reviewed-by: Richard Levitte <[email protected]> (Merged from openssl#4696)
Reviewed-by: Tim Hudson <[email protected]> (Merged from openssl#4714)
cb_ticket2() does an exit, and should therefore not need to return anything. Some compilers don't detect that, or don't care, and warn about a non-void function without a return statement. Reviewed-by: Tim Hudson <[email protected]> (Merged from openssl#4713)
* addressing", Proc. 6th Conference on Very Large Databases: 212–223
^
The EN DASH ('–') in this line is one UTF-8 character (hex: e2 80 93).
Under some code page setting (e.g. 936), Visual Studio may report C4819
warning: The file contains a character that cannot be represented in the
current code page.
Replace this character with the ASCII char '-' (Hex Code: 2D).
Reviewed-by: Tim Hudson <[email protected]>
Reviewed-by: Richard Levitte <[email protected]>
(Merged from openssl#4691)
(cherry picked from commit b4d0fa4)
It's argued that /WX allows to keep better focus on new code, which motivates its comeback... Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#4718)
We had /WX (treat warnings as errors) in VC-WIN32 for long time. At some point it was somehow omitted. It's argued that it allows to keep better focus on new code, which motivates the comeback... Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#4718)
Fixes openssl#4734 openssl#4649 Reviewed-by: Viktor Dukhovni <[email protected]> (Merged from openssl#4735)
Backport of openssl#4677 / 1687aa7 Reviewed-by: Rich Salz <[email protected]> Reviewed-by: Andy Polyakov <[email protected]> (Merged from openssl#4715)
Fixes openssl#4775 Reviewed-by: Andy Polyakov <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#4815) (cherry picked from commit a61c15e)
This line will allow use private keys, which created by Crypto Pro, to sign with OpenSSL. CLA: trivial Reviewed-by: Rich Salz <[email protected]> Reviewed-by: Tim Hudson <[email protected]> Reviewed-by: Richard Levitte <[email protected]> (Merged from openssl#4836) (cherry picked from commit b35bb37)
Credit to OSS-Fuzz for finding this. CVE-2017-3738 Reviewed-by: Rich Salz <[email protected]>
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an attacker would have to trick an application into behaving incorrectly by issuing an SSL_read()/SSL_write() after having already received a fatal error. Thanks to David Benjamin (Google) for reporting this issue and suggesting this fix. CVE-2017-3737 Reviewed-by: Rich Salz <[email protected]>
Test reading/writing to an SSL object after a fatal error has been detected. Reviewed-by: Rich Salz <[email protected]>
Reviewed-by: Andy Polyakov <[email protected]>
Reviewed-by: Rich Salz <[email protected]>
Reviewed-by: Andy Polyakov <[email protected]>
|
Thanks a lot @MouriNaruto, I've updated the branch and put back the -WX flag. As I'd like to remain as close to the original code as possible. I fixed the warnings that were generated instead of ignoring them. Finishing through a build/test pass and will merge this. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
8 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@khouzam
Mouri