On all platforms, if the controlling tty isn't an actual tty, this is
flagged by setting is_a_tty to zero... except on VMS, where this was
treated as an error. Change this to behave like the other platforms.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2063)
There is code that retries calling RAND_bytes() until it gets something
other than 0, which just hangs if we always return 0.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
If on a non-tty stdin, TTY_get() will fail with errno == ENODEV.
We didn't catch that.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2039)
TTY_get() sometimes surprises us with new errno values to determine if
we have a controling terminal or not. This generated error is a
helpful tool to figure out that this was what happened and what the
unknown value is.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2043)
Since there are many parts of UI_process() that can go wrong, it isn't
very helpful to only return -1 with no further explanation. With this
change, the error message will at least show which part went wrong.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2037)
GH issue #1916 affects only big-endian platforms. TLS is not affected,
because TLS fragment is never big enough.
Reviewed-by: Matt Caswell <matt@openssl.org>
The bug was introduced in 80d27cdb84,
one too many instructions was removed. It went unnoticed, because
new subroutine introduced in previous commit is called in real-life
RSA/DSA/DH cases, while original code is called only in rare tests.
The bug was caught in test_fuzz.
Reviewed-by: Rich Salz <rsalz@openssl.org>
It's called with 0 when it's already locked, with 1 when it's not.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1500
In non-__KERNEL__ context 32-bit-style __ARMEB__/__ARMEL__ macros were
set in arm_arch.h, which is shared between 32- and 64-bit builds. Since
it's not included in __KERNEL__ case, we have to adhere to official
64-bit pre-defines, __AARCH64EB__/__AARCH64EL__.
[If we are to share more code, it would need similar adjustment.]
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Both strdup or malloc failure should raise à err.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1905)
This reflects its position in include/openssl/ct.h.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
Otherwise, |dec| gets moved past the end of the signature by
o2i_SCT_signature and then can't be correctly freed afterwards.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
Factorise multiple bn_get_top(group->field) calls
Add missing checks on some conditional BN_copy return value
Add missing checks on some BN_copy return value
Add missing checks on a few bn_wexpand return value
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1626)
Do not call the time "current", as a different time can be provided.
For example, a time slightly in the future, to provide tolerance for
CT logs with a clock that is running fast.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
Under certain circumstances, the libcrypto init code would loop,
causing a deadlock. This would typically happen if something in
ossl_init_base() caused an OpenSSL error, and the error stack routines
would recurse into the init code before the flag that ossl_init_base()
had been run was checked.
This change makes sure ossl_init_base isn't run once more of the base
is initiated.
Thanks to Dmitry Kostjuchenko for the idea.
Fixes Github issue #1899
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1922)
prio openssl 1.1.0 seed_len < q was accepted and the seed argument was
then ignored. Now DSA_generate_parameters_ex() returns an error in such
a case but no error string.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1657)
This reverts commit 349d1cfddc.
The proposed fix is incorrect. It marks the "run_once" code as having
finished before it has. The intended semantics of run_once is that no
threads should proceed until the code has run exactly once. With this
change the "second" thread will think the run_once code has already been
run and will continue, even though it is still in progress. This could
result in a crash or other incorrect behaviour.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Fixed deadlock in CRYPTO_THREAD_run_once() if call to init() is causing
a recursive call to CRYPTO_THREAD_run_once() again that is causing a hot
deadloop inside do { } while (result == ONCE_ININIT); section.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1913)
llvm's ubsan reported:
runtime error: negation of -9223372036854775808 cannot be represented in
type 'int64_t' (aka 'long'); cast to an unsigned type to negate this
value to itself
Found using libfuzzer
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1908
In order to minimize dependency on assembler version a number of
post-SSE2 instructions are encoded manually. But in order to simplify
the procedure only register operands are considered. Non-register
operands are passed down to assembler. Module in question uses pshufb
with memory operands, and old [GNU] assembler can't handle it.
Fortunately in this case it's possible skip just the problematic
segment without skipping SSSE3 support altogether.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
When configured no-dso, there are no DSO_{whatever} macros defined.
Therefore, before checking those, you have to check if OPENSSL_NO_DSO
is defined.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1902)
Now that we can link specifically with static libraries, the immediate
need to split ppccap.c (and eventually other *cap.c files) is no more.
This reverts commit e3fb4d3d52.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Don't set choice selector on parse failure: this can pass unexpected
values to the choice callback. Instead free up partial structure
directly.
CVE-2016-7053
Thanks to Tyler Nighswander of ForAllSecure for reporting this issue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
The offset to the memory to clear was incorrect, causing a heap buffer
overflow.
CVE-2016-7054
Thanks to Robert Święcki for reporting this
Reviewed-by: Rich Salz <rsalz@openssl.org>
